An anonymous reader shared this investigative report from The Markup:
Over the past quarter-century, privacy policies — the lengthy, dense legal language you quickly scroll through before mindlessly hitting “agree” — have grown both longer and denser. A study released last year found that not only did the average length of a privacy policy quadruple between 1996 and 2021, they also became considerably more difficult to understand. “Analyzing the content of privacy policies, we identify several concerning trends, including the increasing use of location data, increasing use of implicitly collected data, lack of meaningful choice, lack of effective notification of privacy policy changes, increasing data sharing with unnamed third parties, and lack of specific information about security and privacy measures,” wrote De Montfort University Associate Professor Isabel Wagner, who used machine learning to analyze some 50,000 website privacy policies for the study…
To get a sense of what all of this means, I talked to Jesse Woo — a data engineer at The Markup who previously helped write institutional data use policies as a privacy lawyer. Woo explained that, while he can see why the language in Zoom’s terms of service touched a nerve, the sentiment — that users allow the company to copy and use their content — is actually pretty standard in these sorts of user agreements. The problem is that Zoom’s policy was written in a way where each of the rights being handed over to the company are specifically enumerated, which can feel like a lot. But that’s also kind of just what happens when you use products or services in 2023 — sorry, welcome to the future!
As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: “We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights.” That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to “support or improve the provision of the Services.”
The article ends with a link to a helpful new guide showing “how to read any privacy policy and quickly identify the important/creepy/enraging parts.”