TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | On the Paradox of the Simple Privacy Policy Related reading: Is the Media Overreacting to Spotify’s New Privacy Policy?



Sometimes you’re damned if you do, and you’re damned if you don’t.

That’s how it seems after watching the media react to changes in some companies’ privacy policies over the course of the last couple of weeks.

The latest controversy revolves around a bold move from anti-virus software maker AVG. On September 14, AVG issued a press release touting its new one-page privacy policy as a user-friendly statement that’s “simpler, clearer and more transparent,” according to AVG’s Chief Legal Officer Harvey Anderson. The move was a follow up to a promise made earlier in the year by the company’s CEO Gary Kovacs while keynoting the Mobile World Congress 2015. During that speech, Kovacs promised a simple privacy policy that users could understand.

On top of this bold move, AVG went a step further and challenged other companies to do the same.

Sounds good, right? Avoid the long, droning legalese of traditional privacy policies, where companies are criticized for trying to hide what they’re doing, and make something that consumers, and the media, can get behind. Increase transparency and bolster trust.

Well, that’s not exactly what’s happened so far.

Last week, PCWorld published a column with the headline, “AVG’s new privacy policy is uncomfortably honest about tracking users.” Columnist Jared Newman explains, “in making its privacy policy easier to understand, AVG has also opened itself up to a backlash.” The main concern is that AVG’s antivirus software tracks users’ web behavior. To wit: a post about the new privacy policy on Reddit received nearly 1,600 upvotes (as of last week) and a boatload of user comments—and though the comments were mostly from the paranoid, comments like these may be of concern to AVG: “Time to look for a new antivirus.”

Media criticism didn’t stop there and continues into this week. In a column for Slate on Tuesday with the headline, “When Anti-Virus Software Is Really Spyware,” Lily Hay Newman says the situation is “concerning” because essentially “the same product that is protecting people from adware, spyware and malware, might be exactly that.” She does give AVG credit for “being more up front about what it might do with user data, but that doesn’t mean the business model isn’t creepy.”

But is that business model any different from the way other anti-virus companies work? Or are they just more straight with how they’re explaining it and drawing attention to themselves by releasing a new, plain-language privacy policy? Who knows? It’s not discussed in Newman’s article, that’s for sure.

So, AVG goes against the grain and publishes a simple privacy policy and gets two weeks, and counting, of media flak. It doesn’t really seem like they’re getting much benefit for being up-front and transparent.

But is it better than the alternative?

Take, for another example, the media uproar surrounding Spotify’s recent privacy policy changes, which were delivered more in the old style of comprehensive legalese. Once it dropped, Wired reported on the music-streaming service’s “eerie” policy, one that “you can’t do squat about.” The column points out that Spotify “wants to go through your phone," “be your Facebook friend,” and if you don’t like it, don’t use the service.

Since the language wasn’t plain, journalists were left to re-cast it, sometimes in a disparaging light.

The fallout was so bad, Spotify’s CEO Daniel Ek released a statement apologizing to users for being vague in its new privacy policy. “We are in the middle of rolling out new terms and conditions and privacy policy and they’ve caused a lot of confusion about what kind of information we access and what we do with it. We apologize for that. We should have done a better job in communicating what these policies mean and how any information you choose to share will—and will not—be used.”

He then goes on record to “clear things up.” It’s true, he notes, that Spotify may ask permission to access photos, location, voice or contacts, but users will be asked for their express permission first. Ek also stated the company would revamp its privacy policy to be more clear about its changes. By early September, Spotify released a new, “plain language” privacy policy.

So, are privacy pros damned if they do write simple privacy policies, and damned if they don’t? Perhaps, but I think there’s good reason to argue for “simple is better.”

It’s true that some on Reddit said they won’t use AVG any longer, and, yes, Slate likens its anti-virus software to spyware. But they likely would have reacted to that information in the policy anyway, as they did with Spotify’s. Ultimately, I’m confident being honest with your customers will prevail. Yes, Slate’s Newman said, their business model is creepy, but she also conceded that at least they’re being up front with their consumers. And that’s a start. Giving them contextual notice and usable controls are likely the next.

PCWorld’s Jared Newman takes a similar sentiment. “AVG’s new policy illustrates exactly why companies tend to drown their data collection practices in legalese. There’s no penalty for doing so, and being transparent only invites more outrage. In that sense, AVG at least deserves credit for helping users make informed decisions.”

Yes, maybe being up front with your customers may invite outrage if you’re doing something they think is outrageous, but if you then provide controls to ameliorate the user concerns, trust can be cultivated. And what company doesn’t want the trust of its users?

photo credit: Privacy via photopin (license)

1 Comment

If you want to comment on this post, you need to login.

  • comment Ben • Sep 23, 2015
    Nice work Jed!