Privacy Policies: Have we Really Learned from GDPR?

by Matt Lincoln - July 03, 2019
Privacy Policies: Have we Really Learned from GDPR?

As a Pardot Consultant, GDPR and Privacy Policies are a frequent topic of conversation with customers.

Two of the most common discussion points are around opt-in checkbox texts, as well as linking a privacy policy to a form or landing page.

Here’s an example of Nebula’s opt-in checkbox text:

I am happy to receive news, product updates and event invites from Nebula

We’ve certainly seen these checkbox disclaimers become clearer and more descriptive over the past year. However it’s the subject of privacy policies where there is still plenty of work to be done.

Making privacy policies fit for purpose

Including a link to one of these policies at the bottom of a landing page, or under a form is often seen as the end goal. However, a fascinating opinion piece from the New York Times highlights that most organisations are doing a terrible job at making privacy policies fit for purpose.

Most organisations include a policy to protect themselves legally. This is problematic, because they are forgetting that it’s a privacy policies job to inform website users how their personal information will be captured, stored and used.

Household names, for example Disney, AirBnb, Uber, CNN and Facebook, display privacy policies which are too long or too difficult for most visitors to read.

In the New York Times analysis, some policies took up to 35 minutes to read. Some even had a reading difficulty score calculated as higher than Immanuel Kant’s ‘Critique of Pure Reason’.

Difficulty reading score
Source: New York Times

Your privacy policy is not fit for purpose if it is too long and difficult for users to understand. Consider that GDPR Articles 12, 13, and 14 clearly state the requirements for providing an easy to understand privacy policy. This is applicable whether or not data is captured from your visitors.

Evaluating your policy

It’s worth re-evaluating your own privacy policy against these criteria:

  • How concise is it?
  • Is it transparent and honest?
  • Is it written in clear and plain language?

If you’d like a great example of how a privacy policy can be simple, short and engaging, then click this link and scroll slowly down the page. You don’t need to go to such extremes to get the point across; because a clearly-worded, concise text version is absolutely fine.

What happens if we don’t simplify our privacy policies? Let’s hope you don’t get the iTunes treatment and have your privacy policy made into a parody graphic novel!

Related Content


Get In Touch

Whatever the size and sector of your business, we can help you to succeed throughout the customer journey, designing, creating and looking after the right CRM solution for your organisation