Document Type

Article

Disciplines

Privacy Law

Abstract

Despite being subjected to decades of sharp criticism, privacy policies published by companies remain a linchpin of privacy regulation. Representations in these policies provide the main measure against which consumer privacy can be judged. Policies are rarely read by consumers. Instead, these policies are interpreted by company decision makers tasked with interpreting whether a proposed course of action is consistent with stated policies as well as underlying privacy law. To be effective, policies must constrain use of consumer data even when they are given a company-friendly reading.

Experimental evidence on the interpretation of privacy policies provides no grounds for encouragement about such constraint, because it suggests that policies are often so ambiguous that neither laypeople nor experts can consistently interpret them. This Article supports those experimental findings with real-world evidence— court filings by experts appointed to consider the legality of transfers of consumers’ private data. The study finds that even independent, court appointed experts rely on interpretive practices that are unreliable and inconsistent. It reveals divergences concerning what even relatively common, standard privacy policy provisions actually mean, in relatively common situations, such as the attempt to sell data as part of a reorganization or liquidation. This suggests that privacy regulation should not rely too heavily on the language of privacy policies unless greater consensus can be reached.

The Article then proposes to put the interpretation of privacy policies on more sound footing. It explores two primary approaches. Privacy policies could be subjected to more certain meaning through a turn to standardization, where policies are communicated by reference to interpretive principles laid out by regulation or by understanding grounded in empirical research on the meaning of the various terms. Alternatively, privacy policies could be subjected to a set of interpretive principles that would provide a more certain basis for interpretation and also encourage drafters of policies to state themselves more clearly.

Download

Included in

Privacy Law Commons

Share

COinS