The privacy policy explains how a company or service (or a website) handles data. If a service does not have one, you may want to stay away from them.

However, having a privacy policy does not ensure the transparency of a service/company. The information available in the privacy policy reflects the company's commitment to its users' data.

So, how do you analyze the privacy policy? How can you spot a bad one? And, what does a good privacy policy look like? Here, we list some factors that make a privacy policy bad, and what an ideal privacy policy includes.

What Should a Privacy Policy Involve?

Before evaluating and judging a privacy policy, it is essential to know what it should contain.

The privacy policy should clarify the type of data a company or service collects and why it collects the said data. Whether it is a third party or the company itself, the privacy policy should disclose everything it plans to do with its users' data.

Not just limited to the data collection, the privacy policy should also include details of how the company or service protects the data from unauthorized access and if it's shared with other third parties.

privacy policy gdpr

If a company offers multiple services, the privacy policy should address the data collection/processing information for those individual services. With several services (like Google), the privacy policy should be easy to read without overwhelming the customer/visitor.

Some policies also contain information regarding the service's security practices and website firewall standards, but that should not be the focus of a privacy policy.

In addition to the above vital information, the privacy policy should also include the contact details, the date when the policy was last updated, and information about taking control of data (requesting to delete it, if needed).

Overall, a privacy policy should inform you of all the data practices by the service and any associated details to help manage it.

6 Things That Points to a Bad Privacy Policy

A privacy policy is a simple document declaring the data practices, and informing if the service is as privacy-friendly as you would need it to be.

However, certain pointers can help you spot a bad privacy policy. So, let's take a look at what they are:

1. Multiple Third Parties

It is not uncommon for services to rely on third parties while sharing some form of data about their visitors/customers. But, where do you draw a line?

If the privacy policy mentions that the data is shared with third parties while disclosing the details, it's a good indicator that the company intends to be transparent. But, if the privacy policy simply tells you that there are multiple third parties without revealing any added details, it is a potential red flag for you.

In some cases, if it is a blog/website that does not directly collect any data from you, it may not be a big deal. However, if a service deals with customers, user accounts, and other user-driven data, it needs to inform details about all the third parties related to the data collection methods.

Related: Best Chrome Privacy Extensions for Better Security

2. Clever Wording

privacy policy wording

Some privacy policies focus on evading the essential details to avoid being questioned. You can spot such policies by scanning for overwhelming vocabulary, jargon, and an ambiguous tone.

3. Lack of Details

A simpler privacy policy is always welcome, but remember that the details required in the privacy policy differ for every service and website.

If the service does not collect data and uses simple methods, it can get a pass with a no-frills policy. However, if multiple services and third parties are involved, the privacy policy needs to reflect all that data.

If you notice that a service has countless things going on, with little to none explained in its privacy policy, it can be a shady service.

4. Last Updated Date

privacy policy date

It is good to have a last updated date in the privacy policy. But, if it points to old dates, it's a sign that the company doesn't care enough to update its privacy policy regularly.

Online services/sites change rapidly, and the data collection techniques evolve as well. So, if a privacy policy mentions an ancient date, it should be a red flag. An active service always makes sure that the privacy policy reflects the company's latest data practices, for better or worse.

5. Readability

Without being easy to read, it is tough to learn the details of a privacy policy.

If the policy contains a bunch of text without making much sense, it is a bad sign. Some companies/services try to make the policy confusing to annoy readers and prevent them from reading it.

privacy policy readability

In contrast, consider it a good sign if a privacy policy is easy to read and uses simpler language.

For instance, companies like Apple ensure that anyone can easily read through the privacy policy without getting overwhelmed.

To judge the readability, you need to ensure that the privacy policy uses smaller paragraphs, less jargon, subheadings to categorize things, and use illustrations if necessary.

6. Data Accountability

If the service deals with direct data from customers, partners, and users, the privacy policy should include information on how to take control of the data. In other words, the policy should inform you of your data rights, how to request deleting them, and how to view them when needed. The privacy policy should also be GDPR-compliant if it interacts with EU customers/users.

Read More: What Is GDPR?

What's a Good Privacy Policy?

A good privacy policy avoids all the flaws mentioned above and includes all the essential information.

Some traits of a good privacy policy include:

  • Easy to read and understand.
  • Includes all the vital details to understand the data collection practices.
  • Discloses every third-party and data sharing activity.
  • Provides reasons for the data collection.
  • Discusses the security of the data stored.
  • It informs you of the important data rights and lets you take control of it.
  • GDPR-compliant.

A lot of privacy-focused services offer the best examples of good privacy policies. You can look around for similar services and evaluate the differences among them.

Stay Away From Services With Bad Privacy Policies

Users get the first impression of a particular company or service from its privacy policy. And if the company isn't transparent with its policy and data collection, you should steer clear of its services. These days, it's tough to find the perfect privacy policy, but it should be good enough if it's readable and provides all the necessary details.