Have you noticed more websites asking you to read their privacy policies?
This is due largely to the European Union’s General Data Protection Regulation (GDPR), a law requiring companies to disclose how they collect, use, and store customer information. As more privacy laws are passed, you’ll likely see more pop-ups prompting you to read and agree to privacy statements.
Transparency is a good thing. It empowers people to better understand and control the data they share. But that’s only true for those who decide to read the privacy policies.
In truth, decoding the legalese can be a chore. And, faced with so many lengthy documents, there’s a risk of “consent fatigue.” To highlight the situation, the Wall Street Journal printed out policies from 30-some popular apps, and the results spanned a football field.
Before you share information with a site, it’s important to understand how the company will handle your data. Since privacy policies are dense by nature, it’s helpful to know what should be included.
Describe the types of information that’s collected, such as payment methods and IP addresses, and outline how they’re used
Disclose how information is gathered, including the use of browser cookies
Identify any third parties or organizations that might have access to your information
Outline the available privacy choices, with instructions on how to opt out of information sharing — and the consequences of doing so
Describe the site’s security protocols
Outline compliance with the Children’s Online Privacy Protection Act (COPPA) if the site collects data from children under 13
Provide contact information for further inquiries
Watch for these keywords
It’s critical to make informed decisions about the data you share. So, when you’re skimming a marathon-length policy, be mindful of words and phrases that can signal important disclosures.
If you see the words “third parties,” for example, check if your data is being sold to advertisers or if there’s a more legitimate reason for passing your information along, such as streamlining the checkout process with help from a trustworthy payments app.
Here are some of the most significant keywords:
Cookies can be useful, but they’re not always sweet
As you surf the web, sites can leave “cookies” on your system. Think of them as virtual breadcrumbs. Cookies gather information and track your browsing behavior, creating a trail of where you’ve been online.
Sometimes cookies come in handy. They may help a site remember your log-in information or record your preferences for a future visit. But companies can also use them to capture your data, which can translate to big profits for them — at your expense.
In order to avoid cross-device tracking, try these steps on all your gadgets:
Eliminate traces of your past searches and visit your browser’s settings to delete your history, cache, and cookies
Visit Usa.gov to learn about controlling the cookie settings on popular internet browsers
Consider enabling your browser’s “Do Not Track” mode from settings, a feature that stops web services from tracking your actions online — but understand avoiding cookies entirely may limit your browsing experience
Visit Adobe’s website to learn how you can manage Adobe Flash cookies, which operate differently from internet browser cookies
Consider resetting the advertising identifier on your smartphone and opting out of ad tracking
If all else fails, consider searching for another app
Overly confusing language or legalese: When key points are buried or convoluted, a privacy statement can actually erode trust — which is why the GDPR specifically calls for the use of “clear and plain language”
A long-past publication date: As security threats evolve, privacy policies should evolve in kind
So what’s the worst that could happen if you share something with a site without glancing over the privacy statement? You may wind up receiving unwanted ads and solicitations. Or, if you’ve shared with a company that doesn’t adequately protect its data, your personal details could wind up in the wrong hands.
When hacks and breaches happen, the dark web monitoring included with Allstate Identity Protection can help you know if your data has been exposed. Log in to your account and tell us what to monitor — like your credit card, passport, or driver's license numbers. From there, we'll let you know if we find your sensitive data where it shouldn't be. Unfortunately, exposed personal information can lead to identity theft. The good news is that if you're a member and you experience fraud, we'll be here to help you chart a path to recovery.