Are They Worth Reading? An In-Depth Analysis of Online Advertising Companies’ Privacy Policies
23 Pages Posted: 1 Apr 2014 Last revised: 24 Aug 2014
Date Written: March 31, 2014
Abstract
We analyzed the privacy policies of 75 online tracking companies with the goal of assessing whether they contain information relevant for users to make privacy decisions. We compared privacy policies from large companies, companies that are members of self-regulatory organizations, and non-member companies and found that many of them are silent with regard to important consumer-relevant practices including the collection and use of sensitive information and linkage of tracking data with personally-identifiable information. We evaluated these policies against self-regulatory guidelines and found that many policies are not fully compliant. Furthermore, the overly general requirements established in those guidelines allow companies to have compliant practices without providing transparency to users. Few companies disclose their data retention times or offer users the opportunity to access the information collected about them. The lack of consistent terminology to refer to affiliate and non-affiliate partners, and the mix of practices for first-party and third-party contexts make it challenging for users to clearly assess the risks and make meaningful decisions. We discuss options to improve the transparency and usability of online tracking companies' privacy practices.
Keywords: Privacy, online tracking, behavioral advertising, self-regulation, privacy notices, FIPPs
JEL Classification: M37, O38
Suggested Citation: Suggested Citation