Hi, this is Wayne again with a topic “How to read privacy policies like a lawyer”.
What’S the deal ( mellow, music, ) with privacy policies, We’ve all received a bunch of them lately because of the new GDPR privacy regulation in Europe. But what am I supposed to do with all this info? How do I even begin to process this thing? Privacy policies are legal documents that are designed to shield companies from lawsuits. And because of this most of us, probably don’t even read these privacy policies.. If we’re being totally honest, we’re also probably going to use these services, regardless of what their privacy policies say.
Anyway.. But you should try to care about your data because it’s not only important to know who you’re giving it to in light of the Facebook, Cambridge Analytica scandal and major data breaches like Equifax, but also because you might find some interesting tools in these policies. That’Ll give you more control over your information.
Privacy policies. Do have some value., That’s Joseph Jerome. ( energetic, spacey music ).
He is going to help us learn about privacy policies, as is Nate Cardozo, the Senior Staff Attorney at the Electronic Frontier Foundation.. So before we get into their hot privacy policy tips, let’s first establish who actually has a privacy? Policy., It’s basically every company.. You know when you’re signing up for a loyalty card in your grocery store.
That’S a huge data collection point., Your grocery store might not seem like the pinnacle of technological achievement, but if they’re collecting your information, they have to let you know some parameters around how they use it. Understanding. What’S written, though, isn’t easy.
Humans write them with the notion to not make them clear and readable, but to make them legally bulletproof. Joseph suggests. Looking for the word control to find what data settings you can change., He also looks for bullet points.
That sum up. A policy. If a company can’t even give you some high level highlights of what’s going on that suggests that they probably aren’t as mature in their privacy thinking..
You can also easily check the date the privacy policy was published or last updated. You’ll wan na see something relatively recent to show the company takes privacy, seriously., Finally, and crucially, Joseph says: we’ll wan na figure out what information is collected about us. He’s skeptical of companies That collect location information even if it’s technically stored in the aggregate, meaning that location data isn’t directly tied to your account..
Basically, he just treats location information as sensitive and doesn’t readily share it. Nate searches for the phrase such as in the policy which is actually a bad thing.. If a privacy policy uses the term such as that means they’re collecting all sorts of stuff and they’re, not gon na tell you what they’re collecting.
Just out of curiosity. Let’S look at some ( curious music ) of these privacy policies and try out these tips. Alright. So, let’s of course, ( shuffling ) start with Instagram’s privacy. Policy., One word that Joseph mentioned is the word not.. The reason you wan na search for not is because companies typically won’t put that in because that means they cannot do something and that really limits them..
This is interesting., It says we will not rent or sell your information to third parties outside Instagram., But then it lists a bunch of exceptions, including giving this information to third party advertising partners, which is not good and that’s probably what you’re most interested in.. How about trying such as. There is a such as there is a such as. There’s five such ases here.. So here we have a such as that means.
We also share certain information, such as cookie data., So that means they could be sharing cookie data, but it also leaves it very open.. It could be other stuff. Too. Nate would not be happy. Now what’s interesting about Instagram. Is they actually have a separate policy called the Data Policy and we’re gon na check that out.? I am interested in the controls that Instagram offers, like Joseph mentioned, so I’m searching control., (, tapping, ) And immediately you can see, learn more about how you can control. Who can see the things you share.. So it brought me to this page on Facebook, because Instagram is owned by Facebook and I can actually go to my privacy settings and change them.
And I can actually edit who can see my future posts. Right now. It’S public which is not good.. We can actually make it to friends., So now only friends will see my future posts.
Go back to this data. Policy.. This is interesting.. It says facial recognition..
So if I click that it takes me straight to this facial recognition, settings page and it says, do you want Facebook to be able to recognize you in photos and videos, I’m uncomfortable with that, so I would say no. A lot of people. Probably don’t know that these pages exist, so it’s actually a nice feature that Instagram slash Facebook calls your attention to these. If you know what to search for in the data policy. Again, is any of this ( shuffling ) going to make me not use Instagram, Probably not because I like Instagram, But it’s good info to have., Plus, maybe vocal users can make a difference in company policies.. Alright.
Is there nothing else we can do What? If I really really hate this policy, Keep in mind, you could always say no to giving a retail store your e-mail or phone number.. You could even ask why they need it.. You could also set up a burner. E-Mail account that you only use for spam mail. That at least segments your online identity, a little bit. Nate, also says we can request our data from companies because after GDPR was enacted, they have to give you your data.
If you request it. They’ll often still give it to you, even if you don’t live in Europe. So now we’re privacy policy, professionals, sort of., But honestly, even still, privacy policies are a mess and no one wants to spend forever reading them, except for maybe Joseph and Nate.
Now this is where things get interesting. Joseph believes. Ai will help us eventually parse through these policies and make sense of them..
I really hope we can get to what I think are standardized machine-readable privacy policies. Long-term. We really need these policies to be machine readable. So they can be digested at scale., Nate and the EFF. However, aren’t proponents of these AI-assisted readings. Nate believes that AI would actually be terrible and could easily gamed.
Certain phrases like such as and not would trick the system, which does make sense, given that we’re just looking for those phrases too.? Instead, he thinks that privacy policy itself needs to be solved with more information on data and how it’s used. “. Maybe then ,” he says: “ AI would work.” For now we’re going to just have to use our brains a little bit and try to understand what these privacy policies are telling us. When advocates.
(, digital zipping, ) or researchers, or even the general public, reads something in a privacy policy that is alarming to them. That has a way of trickling upward to companies. And a lot of the stories that we read about that are like what is this company doing? That usually, is first revealed through some sort of public statement. They’Ve made oftentimes in their privacy policy.
.