Privacy Tips

Data Collection Red Flags: What to Look for in Privacy Policies

October 21, 2022
6 min

How often do you really read through privacy policies? Maybe you click on “accept” just to get to the next screen, or you have a difficult time even finding it on a site. Unfortunately, blindly accepting privacy policies can be a major contributor to data collection and sales.

According to the Pew Research Center, 97% of Americans have agreed to the terms and conditions of a privacy policy, with more than a quarter claiming that they are prompted to accept at least one privacy policy a day. Only one in five people actually read through most or all of these privacy policies, meaning that the vast majority of people in the US aren’t completely aware of what they’re signing.

In short, a company could get away with openly selling your data for profit four out of five times. And that’s a pretty serious problem. In this case, knowledge is definitely power, and you should spend an extra five minutes skimming before agreeing to any policy.

Keep reading to learn what to look for…

The Privacy Policy is Buried

The number one rule of selling your data for profit is that we don’t talk about selling your data for profit.

If you can’t locate the privacy policy within just a few seconds on a website, they may be intentionally making it difficult to find. It becomes an even bigger issue if you have to click through several pages to find the policy, or if it’s sporting an alternative (hard to understand) title.

When this happens, make sure you carefully read the entire policy to protect yourself against shady data practices.

Legalese Makes it Difficult to Understand

A privacy policy that reads like it was written in a completely different language is a privacy policy that you weren’t meant to understand.

Some companies hide unethical data practices behind walls of legalese, making information difficult to translate or access for those of us without law degrees. Using language to mask unsafe or revenue driven data collection, storage, and sharing practices is a common occurrence, and something that you should consider a glaring red flag.

Tread carefully and take your time to understand your rights in these situations.

Frequent Mentions of “Third Parties”

Some companies contract with third parties to test their security, take payments, handle certain company functions, and to support their workflows. While this isn’t a red flag in itself, it is important that you pay close attention to the language used to describe relationships with these third parties.

It’s easy for a company to tout the fact that it doesn’t sell or store your data when they are openly sharing it with less ethical third party vendors who are selling data and giving them a portion of the profits. In the privacy policy, any mentions of third parties or contractors should be qualified with details on what and how data is shared. The more info, the more transparent the company is attempting to be.

Problematic Terms

Using the “command+F” feature for Mac, and “ctrl+F” for Windows allows you to quickly search through a privacy policy for tell-tale problematic terms. Look up words like, “sell,” “data collection,” “third parties,” “advertising,” and “marketing.”

In addition to the obvious terms, it can help to get creative. Instead of saying, “we use your data to spam you with non stop targeted ads,” a company may say, “we use your data to personalize or customize your online experience.”

No matter how it’s worded, this means that they are likely using tracking pixels or tracking snippets to gather data on your personal online activity. Yeah, ads may be more targeted, but without gaining consumer consent, this is still a violation of your privacy.

Vague Data Information

Every privacy policy should have multiple sections describing how data is collected and used in great detail. This keeps companies compliant with industry regulations while providing the consumer (you) with a complete overview of their data’s journey.

Short, vague, or missing information around data is a “full stop” issue. When in doubt, don’t accept terms and conditions of a privacy policy until you’re satisfied that you have all of the information being provided around data.

Don’t be afraid to contact the company and ask for clarification when necessary.

No Info on How to Remove Your Data

You may not know this, but you have the absolute right to request that a company destroy or not use your data in certain ways. It’s your data, and you shouldn’t have to fight to have control over how it’s stored and used.

Every good privacy policy will have sections covering your rights to your data and providing direct instructions on how to take control of it. The easier the process, the more privacy conscious the company in many instances.

Do not sign off on terms and conditions without getting details on this information. Period.

Stay Up to Date with Cloaked!

Want more great privacy tips, industry news, and tech insights? Follow us on LinkedIn, Twitter, and Instagram, and make sure to request early access to Cloaked!

View all