A recent analysis published by the New York Times looked at 150 privacy policies of popular websites and apps. It found that most take more than 15 minutes to read, with some requiring a person dedicated more than half an hour to parse every bit of detail regarding how a company uses their data.
According to the New York Times, the vast majority of privacy policies require a college or professional-level reading comprehension in order to understand them. The vast majority require university-level reading comprehension.
Even attempts to force companies into simplifying the language of these agreements have struggled to produce successful outcomes. The European Union's General Data Protection Regulation (GDPR) requires privacy policies be presented in a “concise, transparent and intelligible form, using clear and plain language”. But, after a full year of GDPR being in effect, most companies are falling short. The European Commission recently conducted a survey that found while 60 percent of Europeans attempt to read privacy statements, just 13 percent read them in full because the texts are too long or too complicated.
Florian Schaub, an assistant professor of electrical engineering and computer science at the University of Michigan pointed out that most privacy policies simply require users accept the terms in full or not use the service at all. Schaub said companies maintain the right to change their policy at will, and consumers are required to acknowledge and accept those changes or risk losing access to the service entirely.