Yeah, that's what I thought. Nobody reads privacy policies. They're not really meant for the users, anyway -- they're meant to protect companies from potential lawsuits. As such, they're long, complicated and often packed with enough legalese to make even an eager litigator's eyes glaze over.
Some CEOs of companies that make products to collect endless mountains of data don't even read privacy policies.
"It's almost impossible for users to read and understand privacy policies. All of the [services] I use, it doesn't matter if it's Netflix or whatever, I don't read privacy policies. I wouldn't understand it without a lawyer," says Florian Gschwandtner, CEO of Runtastic, which makes a number of fitness tracking devices, including the new Orbit fitness band, as well as a collection of fitness apps for iOS, Android, Windows Phone and BlackBerry.
The reality is that privacy policies have never been more important. (For details on why, read: "Fitness Trackers are Changing Online Privacy -- and It's Time to Pay Attention.") Many of the latest gadgets are designed to collect all kinds of user data, and much of their value is in the analysis of that information. But how do you know what happens to your information after you hand it over to that fitness tracker or smartwatch? Do you want a company secretly selling your data to your insurance company, for example, so it can track your exercise habits, weight gain (or loss), alcohol intake or whatever other stats you decide to track, and then adjust your premium accordingly?
Today, lots of device and app makers sneak all kinds of protections into privacy policies that let them do just about whatever they want with your data, assuming you're willing to accept the terms of service (ToS).
"Somewhere in there they should be explicitly listing what they collect from you, or what you're providing," Gillula says. "It could be anything from a user name or an email address to 'We log your IP address and the unique identifier of your smartphone when you sync you device'."
If you're not clear on why a device, app or service needs a certain kind of information, be wary. The company isn't necessary doing anything suspect with the information, but it should make it clear why they're collecting certain types of data.
"The bigger concern is who they will share [your data] with," Gillula says. "Usually they will either say, 'We share it with third parties but only when they agree to protect your data in the same way that we do,' or they'll say they share it with third parties in the course of 'normal business operations.'"
Gillula says you should beware of companies that state they may share your data with third parties or "partners" so that they can deliver ads or to help develop new products and services. "That is usually a red flag. They're giving the information to other parties. From there, who knows where it goes?"
If a company sells or exchanges data that's not directly connected to anything you have specifically requested, or that's not specific to the service you're getting, you may want to be wary, according to Gillula.
"If you're just relying on the band itself and you never really take a close look at the app or the reports, you may miss what some of the sensors are catching," Zefo says. "You want to be clear on the information being collected. You also want to see if the information is being transferred somewhere else."
Zefo suggests looking for statements on how the company protects your data after it is collected.
"I have chosen to allow the device to collect information that I know it's collecting. That was a decision I made. I know how it's being analyzed," Zefo says. "That's OK with me, but I don't want someone else getting that data that shouldn't have it."
If you see a company trying to reserve its rights to share data very broadly, be wary.
"It doesn't mean they're doing anything nefarious with it," Zefo says. "But it makes it harder to determine what exactly they're doing with it. It may be worth an email to customer service to ask for the details, if it seems like it's overly broad."
Haley recognizes that today's privacy policies aren't user friendly -- but, at this point, it's the user's responsibility to protect his own privacy by reading the policies. "Companies have a responsibility to make clear what they're doing," he says. "It shouldn't be on the user to have to go through those polices. We're not all lawyers."
Haley also says that free apps often pose a more significant risk than paid software: "There's often a hidden price."
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.