Blog General

Privacy Policies of Popular Mobile Apps Compared

Subharun Mukherjee 18+ years of experience leading product strategy, Go-To-Market (GTM), new market entry, value-based sales, analyst relations, and customer experience programs. Expertise in Financial Services, eCommerce, on-demand services, and the SaaS industry.
Privacy Policies of Popular Mobile Apps Compared

Privacy policies—we’ve all read them.
Well… we’ve all signed off as if we read them.
In fact, 91% of users consent to legal terms of service without reading them.1
Now the moment of truth: have you read your company’s privacy policy?
As marketers, we must understand how these regulations and the subsequent privacy policy changes will impact our ability to use customer data and if it actually comes at the ultimate cost: lost customers.
Since the General Data Protection Regulation (GDPR) went into effect in the EU in 2018, companies have been scrambling to make customer data more accessible and manageable without compromising their business goals.
We started questioning if increased privacy regulations and updated privacy policies have actually become more approachable by the average person. Using natural language processing technology, we analyzed the privacy policies of some of the most popular mobile apps to determine how difficult they are to read and their overall sentiment.

Why Marketers Must Read Their Privacy Policies

Marketers must understand what’s in their privacy policy and how users may react to its implementation. Recently, Sleep Number came under fire for a clause in their privacy policy about tracking users while they sleep.2
The Sleep Number privacy policy alluded to the mattress’s ability to monitor audio for “snoring problems.” The minds of customers began to race, likely pondering what other audio could be extracted from their beds.
Responding to the allegations, Sleep Number admitted this was a feature that was considered but never implemented. Unnecessary verbiage like this can destroy the company’s reputation and tear down much of what the marketing team has built.
privacy policy errors to avoid public relations nightmare from sleep number
Target was also scrutinized after their data science team recognized a purchasing pattern among pregnant women that allowed the company to assign customers a “pregnancy score.” This predictive model, although effective for marketing, was ethically questionable among customers.  
If your efforts to collect and use data for marketing purposes are perceived as invasive and overreaching, customers might be compelled to seek your competitor’s solution, or worse: legal action against you.

Privacy Police

Privacy policies have not been around for very long. In fact, they were basically unheard of before the 1990s.3
With the consolidation of data among a small number of companies, big data and the power it presents have become a global concern.4  
Privacy laws regarding your data have been passed in numerous states and countries over many years, including the Electronic Communications Privacy Act (ECPA) of 1986, the Children’s Online Privacy Protection Act (COPPA) of 2013, and the Cyber Intelligence Sharing and Protection Act (CISPA) of 2015.
Many of these privacy laws enable governments to gear more towards data accessibility.
The ECPA, for example, allows the government to access digital communications like email, social media messages, and more. Interestingly, if the data is older than 180 days, the government does not need a warrant for the information and companies must oblige the requests.
In fact, between January and June of 2018, the government made 57,868 requests for user data from Google alone.5
The EU passed the General Data Protection Regulation with the intention of increasing the average person’s availability to their data. So, how have privacy policies evolved since GDPR?  

Privacy Policies Since GDPR

On May 25, 2018, GDPR went into effect and privacy policies took center stage.6
In the months and weeks leading up to this date, companies were scrambling to update their privacy policies to meet the EU’s requirements or face a substantial fine.
The goal of GDPR was to protect the privacy of citizens and increase transparency into how personal data is used. Having autonomy over one’s personal data may seem like an inalienable right, but currently, this is not the case.
Since GDPR, updates to privacy policies have moved in the opposite direction. The word count of privacy policies has actually increased by more than 25% on average, and reading levels have increased by more than 3%.7
This increase in length and complexity has further distanced the average user from understanding what they are consenting to. Words like cookies are definitely more approachable than other technical babble, but what do these terms mean?

Privacy Policy Comprehension for Marketers

Have you read your company’s privacy policy?
If you don’t fully understand the terms of your own privacy policy, how do you expect users to understand? What’s more, how do you know what language in your privacy policy might offend and drive users to churn?
We analyzed all ten of the privacy policies in this study and compiled the word cloud below of the most common words used.
common terms from app privacy policies word cloud
So what are some terms commonly used in privacy policies that we as mobile marketers must understand?
Cookies
What are cookies?
Cookies are files that store browsing data and communicate between the browser client and server. Many times, like when you return to a browsing experience you’ve previously started, cookies can help persist your experience without having to start over.
These cookies help customize and improve the user experience in many ways.
Although cookies are not retrievable by third parties, some companies that place advertisements on websites and mobile apps are able to collect user data and ultimately show ads tailored to the individual’s interests.  
Web Beacons
Cookies and web beacons are in cahoots.
Web beacons are typically small images used to monitor user behavior. These pass along information such as IP address, type of browser, time on page, and set cookie values.
Typically, these web beacons are used by third-party analytics providers, such as Google Analytics.
Beacon technology is slightly different for mobile. Beacon marketing uses Bluetooth technology to transmit information to devices within the desired proximity.
Location Services
Location services allow apps and websites to use a combination of cellular data, WiFi, GPS networks, and Bluetooth to determine your location.
While your cell phone manufacturer might use your location for anonymously crowd-sourced location data gathering, you are subject to the location services terms and policies of third-party apps.8
Although many applications request access to your location at all times, even when you are not using the app, you do have the option to share your location only while using the app. You also have the option to never share your location.
This data can be used for location-based marketing tactics such as geofencing.

Privacy Policy Readability

As privacy concerns become more relevant to the average person, the policies outlining one’s privacy should be more approachable, right?
Although regulations are typically written with the best intentions, they can complicate things and privacy policies have unfortunately suffered as a result.
In our study of the privacy policies from ten popular mobile apps, we used the Flesch-Kincaid grade level algorithm to test readability.9 This readability test is the comparison of sentences, words, and syllables to determine the ease of reading a given text.  
We found that the average reading grade level of these privacy policies is 11.5.
readability of app privacy policies measured using the Flesch Kincaid score
Considering the average American reads at an 8th-grade level, privacy policies are not readable by the vast majority of the US population.10

The Time it Takes to Read Privacy Policies

Assuming the people reading privacy policies have the necessary level of literacy to read them, we wondered how long they would take to read.
Interestingly, average reading speeds are actually lower on screen compared to paper. The average person reads 200 words per minute on screens. We used the most optimistic of average reading speed estimates: 250 words per minute.11
If you were to read all ten consecutively, without any distractions, it would take you 3 hours.
Let’s look at some individual examples. The shortest privacy policy is LetGo and reading it in its entirety would only take you 10 minutes. Facebook’s privacy policy, on the other hand, would take you just over 17 minutes to read. Airbnb, with far and away the longest privacy policy of this study, would take up 33 minutes of your time to read.   

Privacy Policy Sentiment

Using natural language processing from IBM’s Watson tool, we were able to analyze sentiment.12
We did notice an interesting trend in sentiment. For mobile apps that have a basis in the physical world, such as Venmo transferring real currency or Uber moving real people, the sentiment was less positive.
This might seem obvious because there are real-world liabilities at stake.
It’s surprising, however, that the privacy policies of companies such as Google, Snap, Facebook, and Instagram are all written with a more positive voice.
We’ve come to expect financial disclosures to be fraught with legally precise language since they deal with sensitive financial data, which explains Venmo’s lack of positivity. But considering how much sensitive data is collected by Google and Facebook, we would expect them to have a more serious tone.
The positive sentiment of these privacy policies could be explained as a way to become more readable and approachable by the average American, or it could be argued that these companies are trying to mask their true intentions with a positive spin.

What’s Next for Privacy Policies?

Data breaches and subsequent privacy concerns will likely continue into the foreseeable future.
In fact, 94% of IT professionals believe mobile security breaches will become more frequent. And with 70% of users that are concerned their personal information will be shared without their permission, protecting user information is vital for mobile marketing teams to consider.
More regulations will almost certainly be proposed and legal teams will author new clauses further muddying the waters for privacy policies. As a mobile marketer, it’s important for you to understand:

  1. Why you collect user data
  2. How that data is used
  3. How users will react to learning this information

Being conscious of user intent and being sensitive about the use of their data will allow you to operate with more customer centricity and better retain users. Learn more about boosting user retention by downloading and reading our pocket guide to user retention.

privacy policies of popular apps compared and analyzed for readability infographic

The User Retention Pocket Guide

The User Retention Pocket Guide

This pocket guide gives you a quick, high-level overview of user retention fundamentals in a highly visual guide that you can keep as a handy reference. And it includes practical tips to win loyal users and grow your app.

Download Guide Now

Posted on January 29, 2019