Easy-To-Read App Privacy Policies Won’t Change Anything

We’ve all been there: we visit a website or download a phone app, see a privacy policy asking for authorization to access our data, and completely ignore it. We ignore the notice because it’s oftentimes long, boring, and we’re in such a rush to get to the other side that we just click the accept button and forget that the service can now collect our personal details. For all those who skip over the policy, which is probably most of us, there’s a code of conduct in the works that would make it quick and easy for us to see what we’re agreeing to, and maybe even stop us from agreeing to it.

Several app developers and consumer advocates have finally agreed to test out the voluntary code of conduct, which would mandate that app developers offer short-form notices revealing what data their app will collect. The code requires apps to inform users if they’re accessing information in these categories: biometrics, browser history, phone or text log, contacts, financial information, health information, location, and user files. The notice will also divulge whether apps share user-specific data with third-party entities, including social networks, government entities, and ad networks, to name a few.

Installing a participating app (only a participating app) will trigger the short-form policy and give users a chance to back out. It could also be helpful to compare apps and pick the least intrusive one to install, though the actual least-intrusive app might not be participating in the program. You'll just have to read the actual fine print to find out.

Still, it sounds like a sweet deal, and I bet a few people will utilize the policies-for-dummies—the key words being ‘a few.’ The real mystery here isn’t what personal data apps are collecting, or even to what extent the apps are collecting data. The mystery is how much of a difference these short-form notices will actually make. My guess? Not much.

Jay Z’s highly-anticipated album Magna Carta Holy Grail was released a few weeks ago, and those lucky enough to own a Samsung Galaxy phone were able to snag a free download via a Magna Carta app 72 hours before the official release. The catch was that users had to say yes to a lot of unnecessary permissions in order to hear the new tracks. As CDT reported, rapper Killer Mike was among those who shook their heads when asked for the information and decided against installing the app, tweeting, “Naw I’m cool” with a screenshot of the requests.

Killer Mike seemed to be part of the minority, since the app had 20 million hits—so much that it stopped functioning from the high demand (at least that’s what Jay Z thinks). And then there's Twitter. Although not an app, the website operates in a similar way where you agree to certain permissions when signing up. From the Twitter Privacy Policy:

Our servers automatically record information ("Log Data") created by your use of the Services. Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device and application IDs, search terms, and cookie information.

We may tailor content for you based on your visits to third-party websites that integrate Twitter buttons or widgets. When these websites first load our buttons or widgets for display, we receive Log Data, including the web page you visited and a cookie that identifies your browser ("Widget Data").

This information isn’t new by any means. Most websites collect this type of data and monitor your online interactions, but hardly anyone pays attention to it or is aware they consented to it. You still get the occasional person who’s utterly shocked when Twitter suggests he follow that girl he met that one time at a bar and stalked online the next day. It’s not magic, it’s a privacy policy you agreed to.

And then there are the websites and mobile apps that have come under fire for dodging a privacy policy altogether. A June 2012 study from the Future of Privacy revealed that the number of apps offering privacy policies went up drastically from the year prior. In 2011, 40 percent of the free apps in the iOS App Store had privacy policies, while 84 percent had policies in 2012. And for Android Google Play, 48 percent of paid apps offered privacy policies in 2012, an 18 percent increase from the numbers in 2011.

The existence of more policies appeased a few smartphone folk, but it wouldn’t be so far fetched to think that most users didn’t even notice the policies or lack thereof. I mean, just look in your snazzy iPhone, count up the number of apps you have, and ask yourself if you’re familiar with their privacy policies. I hate to say "I told you so," but …

The idea to make privacy policies more manageable is a noble effort, and it’s something that should be addressed. But only time will tell if it will actually be successful. Oh, I should also mention that Apple and Google, two major app developers, still haven’t signed on to the code of conduct, so this might not even affect the largest source of the problem. I know the policies are long, but for now it might be best for you to suck it up, take a long reading break, and start brushing up on those privacy agreements. Or you could just develop your own apps.