Websites and apps are increasingly prompting you to read and acknowledge their privacy policies, a statement that indicates how a company will handle your data. A good privacy policy will thoroughly explain the types of information collected, how that information is gathered, and whether it will be shared with third parties. A privacy policy should also indicate how or if your information will be tracked. To minimize information tracking, consider opting out of ad trackers and proactively managing your cookies by deleting them, as well as your history and cache. 

Have you noticed more websites asking you to read their privacy policies?

This is due largely to the European Union’s General Data Protection Regulation (GDPR), a law requiring companies to disclose how they collect, use, and store customer information. As more privacy laws are passed, you’ll likely see more pop-ups prompting you to read and agree to privacy statements.

Transparency is a good thing. It empowers people to better understand and control the data they share. But that’s only true for those who decide to read the privacy policies.

In truth, decoding the legalese can be a chore. And, faced with so many lengthy documents, there’s a risk of “consent fatigue.” To highlight the situation, the Wall Street Journal printed out policies from 30-some popular apps, and the results spanned a football field.

What a good privacy policy will include

Before you share information with a site, it’s important to understand how the company will handle your data. Since privacy policies are dense by nature, it’s helpful to know what should be included.

A good privacy policy will:

  • Describe the types of information that’s collected, such as payment methods and IP addresses, and outline how they’re used

  • Disclose how information is gathered, including the use of browser cookies

  • Identify any third parties or organizations that might have access to your information

  • Outline the available privacy choices, with instructions on how to opt out of information sharing — and the consequences of doing so  

  • Describe the site’s security protocols  

  • Outline compliance with the Children’s Online Privacy Protection Act (COPPA) if the site collects data from children under 13

  • Provide contact information for further inquiries

Watch for these keywords

It’s critical to make informed decisions about the data you share. So, when you’re skimming a marathon-length policy, be mindful of words and phrases that can signal important disclosures.

If you see the words “third parties,” for example, check if your data is being sold to advertisers or if there’s a more legitimate reason for passing your information along, such as streamlining the checkout process with help from a trustworthy payments app.

Here are some of the most significant keywords:

  • Share

  • Control

  • Delete

  • Choice

  • Third parties

  • Turn off

  • Settings

  • Advertise

Cookies can be useful, but they’re not always sweet

By looking over the privacy policy for each new site you visit, you can better understand how your data is tracked and what choices you have about the information you share. But since that level of attention is not always possible, you can get ahead of some privacy issues by proactively managing your interaction with cookies.

As you surf the web, sites can leave “cookies” on your system. Think of them as virtual breadcrumbs. Cookies gather information and track your browsing behavior, creating a trail of where you’ve been online.

Sometimes cookies come in handy. They may help a site remember your log-in information or record your preferences for a future visit. But companies can also use them to capture your data, which can translate to big profits for them — at your expense.

The good news is you can set controls to limit what you share and minimize your digital footprint. Then, even if you don’t have time to read a site’s privacy policy, you’ll still be partially covered.

In order to avoid cross-device tracking, try these steps on all your gadgets:

  • Eliminate traces of your past searches and visit your browser’s settings to delete your history, cache, and cookies

  • Visit Usa.gov to learn about controlling the cookie settings on popular internet browsers  

  • Consider enabling your browser’s “Do Not Track” mode from settings, a feature that stops web services from tracking your actions online — but understand avoiding cookies entirely may limit your browsing experience

  • Visit Adobe’s website to learn how you can manage Adobe Flash cookies, which operate differently from internet browser cookies

  • Consider resetting the advertising identifier on your smartphone and opting out of ad tracking

If all else fails, consider searching for another app

There are some red flags in a company’s privacy policy that should encourage you to turn elsewhere for service. Here’s the shortlist:

  • Overly confusing language or legalese: When key points are buried or convoluted, a privacy statement can actually erode trust — which is why the GDPR specifically calls for the use of “clear and plain language”

  • A long-past publication date: As security threats evolve, privacy policies should evolve in kind

  • No privacy policy: Without a privacy statement, there’s no way of knowing if the information you share will be adequately protected

What if you ignore a site’s privacy policy?

So what’s the worst that could happen if you share something with a site without glancing over the privacy statement? You may wind up receiving unwanted ads and solicitations. Or, if you’ve shared with a company that doesn’t adequately protect its data, your personal details could wind up in the wrong hands.

When hacks and breaches happen, the dark web monitoring included with Allstate Identity Protection can help you know if your data has been exposed. Log in to your account and tell us what to monitor — like your credit card, passport, or driver's license numbers. From there, we'll let you know if we find your sensitive data where it shouldn't be. Unfortunately, exposed personal information can lead to identity theft. The good news is that if you're a member and you experience fraud, we'll be here to help you chart a path to recovery.