Six Lines


Posted by Aaron Massey on 19 Aug 2013.

The Office of the Privacy Commissioner of Canada recently announced the conclusion of a study of more than 300 websites for their privacy policies. Here’s one of their preliminary findings:

About one out of every ten sites we looked at did not appear to have a privacy policy.

Another 10 percent had a privacy policy that was hard to find – sometimes exceedingly difficult to find, since it was buried in a lengthy Legal Notice or in the Terms and Conditions.

While almost 90 percent of the sites we swept had some sort of privacy policy or privacy notice, some policies offered so little transparency to customers and site visitors that the sites may as well have said nothing on the subject.

Although it wasn’t the focus of our research, I can say anecdotally that we had similar trouble finding web-based policy documents on websites when collecting policy documents last year for our research published this summer. This is a problem, particularly when many jurisdictions require policy documents to be posted conspicuously.

Luckily, this problem is easily solved using an approach similar to robots.txt or humans.txt. Why not just have a plain text file listing the URIs of the policy documents for your organization? This would allow search engines or other web crawlers to quickly identify them, which would, in turn, make it easier for the average consumer to locate them.

To be fair, this approach won’t solve a lot of important problems with policy documents. Many of them are ambiguously worded or otherwise challenging to read. However, solving all of those problems with technologies is likely an effort in futility anyhow. Many of the problems of policy documents aren’t technology problems. Locating policy documents shouldn’t be one of them.

I’m not proposing a standard here today, but I don’t think it really requires a lot. It may simply require the title of the policy document, the URI where it can be accessed, and possibly some versioning information. If you have any thoughts about this, please contact me on Twitter: @akmassey.