There are consumer protection statutes that apply to purchases of
cars, including things like the obligation that warranties be clear
and non-misleading. There have been many, many lawsuits over the
years that establish that auto makers can be held liable for
negligence in their design choices. And there is a great deal of
direct regulation of cars, such as seat belt and air bag
requirements. Plus NTSB stuff that leads to mandatory recalls when
some hidden problem relevant to safety is identified.
In addition to that, there are consumer-funded services that
actually track and rate the reliability of cars. (Think of Consumer
Reports).
In addition to that, the experience of driving a car is readily
accessible and understandable as good or bad in various dimensions
without special training.
We are quite a long way from most any of that in the realm of
website/online terms of service.
Chris S.
On 2/14/2013 4:00 AM,
">
wrote:
"
type="cite">I'm not sure I really understand this debate.
Why should we have to read a privacy policy
in the first place? If we buy say, an automobile, we are not
presented with a long and detailed list of its various
components, their quality and functions, and asked if we
agree or disagree with the choice of component or how it is
being used. Quite rightly, we expect the car company to
address all these issues in ways we can trust - and we
expect them to be taken to the cleaners if they fall down on
quality, safety and so on.
The mere fact of introducing an 'agreement'
between the buyer and the car company on the
quality/functionality of its components would open up a huge
temptation for the car company to blind the buyer with
science, cut corners, take advantage --- all now with the
defence 'but you agreed to it'. That's exactly what has
happened with so-called 'privacy'.
I do not see why I should have to read
anything, tick anything to agree to anything when I share my
data with a company for commercial purposes. I should 'just
know' that I am only sharing data that is 100% related to
the task in hand, that any data I share will only be used
for the purposes of providing the service and facilitating
the transaction, that it will not be passed on to anyone
else, and that it will be kept by the seller only for as
long as service provision is necessary.
I shouldn't have to read small print or tick
boxes about this. It should be the standard, default norm -
just taken for granted - and any company transgressing on
this norm should be taken to the cleaners (by regulators and
public opinion), just as a car company transgressing on
quality and safety should be taken to the cleaners. I
blogged about this recently
here.
As soon as we start arguing about whether
the small print is readable or not, we have already ceded
the principle and the argument to the data landgrab
industry.
Alan M
-----Original Message-----
From: Mary Hodder
"><
>
To: Phil Wolff, PDEC
"><
>
CC: Sean Bohan
"><
>; J Clark
"><
>; ProjectVRM list
"><
>
Sent: Tue, 12 Feb 2013 17:25
Subject: Re: [projectvrm] Fwd: [ PFIR ] Proposed California
law requires site privacy polices not to exceed 8th grade
language and 100 words
I don't think the proscribed reading level is the problem
with the bill.. that would probably work out fine.
It's the length and the fact that it's customary to
have multiple policies.. 2-4.. that would cause this
bill to be toothless.
And I'm not sure you can tell people not to speak (or
companies that == people).
What if just the list of collected data, in the
slimmed down 100 word privacy policy, were more than 100
words?
Then what? For facebook, this list is all possible
Ip Address
IP location
Name
Address
City
State
Zip Code
Country
Birth date
Browser Type
OS Type
Pages visited within site
Pages clicked upon within site
"likes"
"comments"
Pages arrived from (offsite)
Pages going to (offsite)
Location checkins
contact's list
friend types
friends recommended to others
friend requests sent
friend requests received
Pages visited (offsite, with "like" or "comments"
Status updates
Shared from others
Payment information (for promoted posts and gifts)
Pages promoted
Gift and recipient
Ads clicked
photos uploaded
videos uploaded
links shared
searched within FB
searched outside FB
messages and IMs
promoted
job history
job years
quotes
liked items for profile
relationship status
schools attended
school years
history and year
privacy settings
login settings
I'm sure I've missed a bunch.. but that list is 116
words..
Even at 200 words, which Adrian's white paper on
consent dialogs suggests, there's not a lot left for the
rest of the dialog and privacy information.
mary
On Feb 12, 2013, at 4:14 AM, Phil Wolff, PDEC
wrote:
A few examples come
to mind in support of
this attempt.
Readers' Digest
targeted sixth-grade
reading level for its
entire history. They are
famous for explaining
law, foreign affairs,
human biology, anatomy
and physiology using
simple language and
illustrations. "This is
Joe's liver"
Wikipedia has a
"language" of "Simple
English". This is a very
restricted vocabulary
(850 words) and writers
are translating
everything from
engineering and
Einstein's relativity to
social sciences into
Simple English. It
really works, stripping
away jargon,
hundred-dollar-words
where a five-penny word
will do, losing all
pretension. Intensely
valuable for people for
whom English is a second
language, with some
kinds of cognitive
challenges, or for whom
vocabulary is a
barrier. http://simple.wikipedia.org/
http://simple.wikipedia.org/wiki/Special_relativity
Apps that score text
for readability often
check word length (in
syllables), sentence
length, paragraph
length, structure
simplicity/complexity,
and grammar rules that
prevent semantic
confusion. So overall
length of a contract or
advisory should help,
but there are many other
factors that contribute
to readability and
access by someone who
doesn't read much or
read well.
I don't know if it's
still true, but I was
told when I first study
technical writing that
the average person is
most comfortable reading
three or four years
below their highest
academic grade level.
Where inclusion is a
goal, and I'd think it
would be in the case of
readable contracts,
shooting for 6th grade
seems both important and
attainable.
On Feb 10, 2013, at 9:57 AM, Mary Hodder
<
">
>
wrote:
What's
interesting about this is that it would be
fairly easy to get around, if it passes.
So.. a site or app does a 100 word,
easy to read Privacy Policy.
Then they do a TOU and Data Policy..
for the rest of what usually goes in those
things.
It's silly to write a law this way..
and I think would also violate free speech
rights...
I could see requiring a simple text
summarizing a privacy policy in 100 words,
but I just don't see this going
anywhere useful, even if it does pass.
Which I doubt it will.
On Feb 10, 2013, at 11:51 AM, Sean
Bohan wrote:
Awesome share -
Thanks!
From a business context, Pharma
companies and their agencies focus
on a 7-8th grade reading level for
all communications meant to be
read/experienced by patients.
On Sun, Feb 10, 2013 at 12:24 PM,
J Clark <
">
>
wrote:
FYI,
FWIW.
In California, I was
told a few years ago by a
Criminal Prosecutor &
Law School Professor, an
average jury pool has an
8th grade education.
Elsewhere in the US, it's
closer to a 7th grade
equivalent, which isn't
saying much these days.
Begin forwarded
message:
From: "PFIR \(People For
Internet
Responsibility\)
Announcement List"
<
">
>
Date: February 9, 2013
7:33:50 PM PST
Subject: [ PFIR ] Proposed
California law
requires site
privacy polices
not to exceed
8th grade
language and 100
words
Reply-To: "PFIR \(People For
Internet
Responsibility\)
Announcement List"
<
">
>
--
------------------------------------------------
Sean W. Bohan
------------------------------------------------
Mobile: 646-234-5693
|