Many companies operate under laws or regulations (such as the European Union’s GDPR) that require them to publish privacy policies. Even if a company isn’t operating under these laws, they will often choose to publish privacy policies anyway, either as a genuine effort to inform their users or simply as a way to look transparent and trustworthy.
What do privacy policies look like?
Privacy policies are legal documents, so they’re often quite long, and written in a dense, formal, jargon-heavy style. This makes them hard for most people to understand, and makes it likely that most people won’t even read them.
However, privacy policies don’t have to be that way. They can be written and organized in a way that’s clear and accessible to people who aren’t lawyers or privacy specialists. When policies are written in this approachable way, it’s generally a good sign that the policy represents an honest effort to inform users, rather than simply a checking-the-box exercise to comply with laws and regulations.
- What personal information is collected, and how. This includes both information that you share voluntarily (such as your email address), and information that the company’s websites and mobile apps passively collect (via tracking). This part of the policy should also specify what tracking technologies the site uses, such as cookies or fingerprinting.
- What purposes that information is used for. Some information is required for the company to provide services to you (for example, a shopping site needs your address to ship items to you). But plenty of companies collect your information for no benefit to you, only to themselves.
- Who else your information is shared with, and for what purposes (for example, if the company is selling your information to another, third-party company). The companies buying your information usually aren’t named—instead, they’re referred to as “partners.”
- How long your information is kept. The longer your information is stored, the greater the chances that it will be misused somehow. Ideally, companies would keep your information only as long as it’s needed, and then delete it.
- What rights you have over how your information is collected, used, and shared. You may be able to request that the company delete your data, or refrain from sharing it with third parties. The policy should specify both how you can make a request with respect to your information, and how long you can expect such a request to take to process.
Ready for a better Internet?
Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.Download Brave