How to decode privacy policies - Information Security Office

If you feel like you don’t have any control over your data, you’re not alone. But you have more control than you might think. Thanks to certain requirements in laws like the European Union’s General Data Protection Regulation (GDPR), privacy policies may be getting shorter and easier to read, but for now, knowing a few important keywords can help.

Deciphering words that matter

Use your computer or phone’s “Find on page” function to search for these keywords.

Keyword	What it probably means if you see it
Third parties	Your data is going to be sold to other companies, probably a data broker. These companies collect online data and sell it to pretty much anyone interested in learning more about customers, voters, students, and consumers … like you. It’s legal but not always honest.
Except	Whatever the policy just said, doesn’t matter. It’s not uncommon for companies to say they won’t sell your data, “except under certain circumstances.” Those exceptions probably make all the difference.
Such as	This sneaky term is used when companies want to give you a few examples, but not the complete picture. It might as well mean “whatever we want.”
Retain	This tells you how long a company will keep your data. Companies should only keep your data for as long as you’re their customer. If longer, they’re mining your data.
Delete	If the company gives you options to delete your data, they’re showing some respect for you. If they don’t, they’re acting like they own your data, not you.
Date	Check the date the policy was last updated. If it's recent, the company is taking your privacy more seriously. If not, they might not deserve your trust.
Control	This might be the most important word to find because it indicates your options in determining how your data is treated. Many companies have privacy settings, but they aren't always turned on by default.

Keyword

What it probably means if you see it

Third parties

Your data is going to be sold to other companies, probably a data broker. These companies collect online data and sell it to pretty much anyone interested in learning more about customers, voters, students, and consumers … like you. It’s legal but not always honest.

Except

Whatever the policy just said, doesn’t matter. It’s not uncommon for companies to say they won’t sell your data, “except under certain circumstances.” Those exceptions probably make all the difference.

Such as

This sneaky term is used when companies want to give you a few examples, but not the complete picture. It might as well mean “whatever we want.”

Retain

This tells you how long a company will keep your data. Companies should only keep your data for as long as you’re their customer. If longer, they’re mining your data.

Delete

If the company gives you options to delete your data, they’re showing some respect for you. If they don’t, they’re acting like they own your data, not you.

Date

Check the date the policy was last updated. If it's recent, the company is taking your privacy more seriously. If not, they might not deserve your trust.

Control

This might be the most important word to find because it indicates your options in determining how your data is treated. Many companies have privacy settings, but they aren't always turned on by default.

What can you do really?

Based on what you find, you might want to act. Consumers may have limited options, but we're not powerless.

Take your business elsewhere. Reward companies that do privacy right with your business and ditch companies that don't. When we do, we might help encourage entire industries toward a more ethical future.

Take control. If a company provides options to do things like consent, opt-out, adjust privacy settings, or delete your data, you should take advantage of them. These tools aren't helping you if you don't use them. Get in the habit of checking each website's or service's options when you sign up.

Be picky. Companies have trained us to not value our data. But think twice before you share anything online. The less data about you out there, the fewer chances it can be used unethically.

Speak up. If you see something weird or alarming in a privacy policy, say something. Your online voice can matter more than you think. Many companies are obsessed with their image, and constantly monitor social media for chatter about them, good and bad. Change only happens when everyday folks put pressure on companies to do the right thing and treat us like people … not ones and zeros.

Article provided by MediaPRO Cybersecurity & Privacy Education