Privacy policies—we’ve all read them.
Well… we’ve all signed off as if we read them.
In fact, 91% of users consent to legal terms of service without reading them.1
Since the General Data Protection Regulation (GDPR) went into effect in the EU in 2018, companies have been scrambling to make customer data more accessible and manageable without compromising their business goals.
We started questioning if increased privacy regulations and updated privacy policies have actually become more approachable by the average person. Using natural language processing technology, we analyzed the privacy policies of some of the most popular mobile apps to determine how difficult they are to read and their overall sentiment.
Responding to the allegations, Sleep Number admitted this was a feature that was considered but never implemented. Unnecessary verbiage like this can destroy the company’s reputation and tear down much of what the marketing team has built.
Target was also scrutinized after their data science team recognized a purchasing pattern among pregnant women that allowed the company to assign customers a “pregnancy score.” This predictive model, although effective for marketing, was ethically questionable among customers.
If your efforts to collect and use data for marketing purposes are perceived as invasive and overreaching, customers might be compelled to seek your competitor’s solution, or worse: legal action against you.
Privacy policies have not been around for very long. In fact, they were basically unheard of before the 1990s.3
With the consolidation of data among a small number of companies, big data and the power it presents have become a global concern.4
Privacy laws regarding your data have been passed in numerous states and countries over many years, including the Electronic Communications Privacy Act (ECPA) of 1986, the Children’s Online Privacy Protection Act (COPPA) of 2013, and the Cyber Intelligence Sharing and Protection Act (CISPA) of 2015.
Many of these privacy laws enable governments to gear more towards data accessibility.
The ECPA, for example, allows the government to access digital communications like email, social media messages, and more. Interestingly, if the data is older than 180 days, the government does not need a warrant for the information and companies must oblige the requests.
In fact, between January and June of 2018, the government made 57,868 requests for user data from Google alone.5
The EU passed the General Data Protection Regulation with the intention of increasing the average person’s availability to their data. So, how have privacy policies evolved since GDPR?
On May 25, 2018, GDPR went into effect and privacy policies took center stage.6
In the months and weeks leading up to this date, companies were scrambling to update their privacy policies to meet the EU’s requirements or face a substantial fine.
The goal of GDPR was to protect the privacy of citizens and increase transparency into how personal data is used. Having autonomy over one’s personal data may seem like an inalienable right, but currently, this is not the case.
Since GDPR, updates to privacy policies have moved in the opposite direction. The word count of privacy policies has actually increased by more than 25% on average, and reading levels have increased by more than 3%.7
This increase in length and complexity has further distanced the average user from understanding what they are consenting to. Words like cookies are definitely more approachable than other technical babble, but what do these terms mean?
We analyzed all ten of the privacy policies in this study and compiled the word cloud below of the most common words used.
So what are some terms commonly used in privacy policies that we as mobile marketers must understand?
What are cookies?
Cookies are files that store browsing data and communicate between the browser client and server. Many times, like when you return to a browsing experience you’ve previously started, cookies can help persist your experience without having to start over.
These cookies help customize and improve the user experience in many ways.
Although cookies are not retrievable by third parties, some companies that place advertisements on websites and mobile apps are able to collect user data and ultimately show ads tailored to the individual’s interests.
Cookies and web beacons are in cahoots.
Web beacons are typically small images used to monitor user behavior. These pass along information such as IP address, type of browser, time on page, and set cookie values.
Typically, these web beacons are used by third-party analytics providers, such as Google Analytics.
Beacon technology is slightly different for mobile. Beacon marketing uses Bluetooth technology to transmit information to devices within the desired proximity.
Location services allow apps and websites to use a combination of cellular data, WiFi, GPS networks, and Bluetooth to determine your location.
While your cell phone manufacturer might use your location for anonymously crowd-sourced location data gathering, you are subject to the location services terms and policies of third-party apps.8
Although many applications request access to your location at all times, even when you are not using the app, you do have the option to share your location only while using the app. You also have the option to never share your location.
This data can be used for location-based marketing tactics such as geofencing.
As privacy concerns become more relevant to the average person, the policies outlining one’s privacy should be more approachable, right?
Although regulations are typically written with the best intentions, they can complicate things and privacy policies have unfortunately suffered as a result.
In our study of the privacy policies from ten popular mobile apps, we used the Flesch-Kincaid grade level algorithm to test readability.9 This readability test is the comparison of sentences, words, and syllables to determine the ease of reading a given text.
We found that the average reading grade level of these privacy policies is 11.5.
Considering the average American reads at an 8th-grade level, privacy policies are not readable by the vast majority of the US population.10
Assuming the people reading privacy policies have the necessary level of literacy to read them, we wondered how long they would take to read.
Interestingly, average reading speeds are actually lower on screen compared to paper. The average person reads 200 words per minute on screens. We used the most optimistic of average reading speed estimates: 250 words per minute.11
If you were to read all ten consecutively, without any distractions, it would take you 3 hours.
Using natural language processing from IBM’s Watson tool, we were able to analyze sentiment.12
We did notice an interesting trend in sentiment. For mobile apps that have a basis in the physical world, such as Venmo transferring real currency or Uber moving real people, the sentiment was less positive.
This might seem obvious because there are real-world liabilities at stake.
It’s surprising, however, that the privacy policies of companies such as Google, Snap, Facebook, and Instagram are all written with a more positive voice.
We’ve come to expect financial disclosures to be fraught with legally precise language since they deal with sensitive financial data, which explains Venmo’s lack of positivity. But considering how much sensitive data is collected by Google and Facebook, we would expect them to have a more serious tone.
The positive sentiment of these privacy policies could be explained as a way to become more readable and approachable by the average American, or it could be argued that these companies are trying to mask their true intentions with a positive spin.
Data breaches and subsequent privacy concerns will likely continue into the foreseeable future.
In fact, 94% of IT professionals believe mobile security breaches will become more frequent. And with 70% of users that are concerned their personal information will be shared without their permission, protecting user information is vital for mobile marketing teams to consider.
More regulations will almost certainly be proposed and legal teams will author new clauses further muddying the waters for privacy policies. As a mobile marketer, it’s important for you to understand:
Being conscious of user intent and being sensitive about the use of their data will allow you to operate with more customer centricity and better retain users. Learn more about boosting user retention by downloading and reading our pocket guide to user retention.
The User Retention Pocket Guide