Reading the privacy policies they encounter monthly would take almost 42 hours
The cybersecurity company NordVPN has looked into the top 20 websites in 19 countries to check how much it would take to read their privacy policies.
The study showed that it would take a full workweek (41.3 hours) to read the privacy policies of the 96 websites Canadians typically visit monthly.
The average privacy policy in Canada consists of 6,148 words and takes 26 minutes to read.
“Even though we keep reminding users to read the privacy policy, one in three Canadians still doesn’t look at any legal information online. However, this is understandable. We would need to spend a quarter of a month visiting the websites we need. A minimum-wage worker in Canada would earn around $479.46 during that time,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.
“On the other hand, reading a privacy policy is as important as having one. That is why companies should work hard to make their privacy policies short and easy to understand. Meanwhile, users should choose trusted websites and know what to look for.”
The reading time of privacy policies was calculated by counting the number of words in the privacy policy and evaluating its readability with the FRES and Coleman-Liau readability tests. More information about how these tests work can be found here: https://nordvpn.com/blog/privacy-policy-study-ca/
What Websites Performed the Best and the Worst?
The study found that reading the privacy policy of the most visited Canadian websites would take almost nine hours. The longest in almost all countries was the privacy policy of Meta’s social media platforms (Facebook or Instagram) – 19,434 words. However, they scored better in terms of readability (“fairly difficult” with a score slightly over 50 on FRES and around the 12th-grade level on Coleman-Liau). The whole policy takes around 82 minutes to read.
Nevertheless, X (previosly known as Twitter) had a much shorter privacy policy (4,175 words) with the same readability score as Facebook or Instagram. It takes around 17 minutes to read. In the past, X was trying to make its privacy policy as accessible as possible by presenting the Twitter Data Dash, a computer game that helps understand the company’s privacy policy better.
In anglophone countries (the US, Canada, Australia, and the UK), Zoom scored the worst on the FRES readability test (only 24.9), which is worrying given the privacy concerns surrounding the platform. It would take 30 minutes to read the privacy policy of Zoom.
Netflix scored the worst on the Coleman-Liau test (14.98) in these countries, which is concerning because of the fact that it can be used even by children. The privacy policy of Netflix would take 36 minutes to read.
Germany Had the Longest Privacy Policies, but that is Common for Most EU Countries
Privacy policies in Germany were found to be the longest, consisting of 10,485 words on average, and take around 44 minutes to read. That is a lot, knowing that the global average is around 6,460 words and 27.14 minutes.
Other EU countries also had quite extensive privacy policies (Italy – 7,068 words, Poland – 7,314, France – 7,318).
“Countries with more detailed rights (such as EU countries with the GDPR) naturally have longer privacy policies to cover everything included in the laws. This trend also shows the ambivalence of the matter — the broader the rights for privacy, the bigger the responsibility for the consumer,” says Warmenhoven.
How Do You Spot Red Flags in the Privacy Policy?
Even though privacy policies take a long time to read, they help to make sure user privacy is secured. In order to save time while reading privacy policy, Adrianus Warmenhoven recommends to look for certain red flags and concerning things.
- See what data is collected. The first part of most privacy policies outlines what data the website collects from its users. If they ask for more data that seems relevant to their services, it could be a sign of potential misuse.
- Search for “red flag” keywords. You can try searching for words such as “sell” or “sold” to make sure you find places in the privacy policy where it is mentioned that your data may be sold to third parties. Other good keywords could be “partners” or “affiliates.” Lastly, try searching for the words “may” or “for example.” These words are used to hide some malicious actions the company takes against its users, like “may sell data.”
- Trust the verified websites. The fewer websites used by a person, the less information is at risk of being misused. Try to avoid new and sketchy-looking websites, especially those that don’t even have a privacy policy.
