• Tech
  • privacy

These Companies Have the Best (And Worst) Privacy Policies

6 minute read

Only the most diligent among us actually read technology companies’ privacy policies, though we all should. They lay out what the companies that we interact with daily are collecting and sharing about us—not to mention, in some cases, about our families and friends and everyone else we happen to correspond with.

But it’s not just on us, the users, to make an effort. Companies can package this information in a place that’s easy to find and in way that’s easy to understand and act on, or they can bury it beneath mounds of tedious legalese in some cobweb-strewn corner of their website.

In an effort to assess, exalt and shame some of the world’s leading tech companies for how they’ve presented privacy information to millions of users, TIME reached out to the Center for Plain Language. Every year, this non-profit grades government agencies on how well they’re following the spirit and letter of the Plain Writing Act—a 2010 law designed to eliminate bureaucratic gobbledygook. The Center also works with businesses, with the mission of teaching the powerful among us about how important it is to communicate in clear, comprehensible English.

We asked the Center’s experts to judge and rank the privacy policies of seven tech companies that most consumers know. They did this on several levels, assessing everything from design and tone to how many words writers tried to pack into each sentence. They also examined the more subjective “spirit” of their policies. Does the policy, for instance, make it easy for people to limit the ways in which the company collects their personal information? Or are instructions about opting out obscured in the policy’s hinterlands with no hyperlinks?

Here are their results, ranked from the company with the best-presented privacy policy to the worst, according to the Center for Plain Language:

  • Google
  • Facebook
  • LinkedIn
  • Apple
  • Uber
  • Twitter
  • Lyft
  • To be clear, this is not an assessment of what data these companies have decided to collect from users or what they’ve decided to do with that data. Instead, it’s about how obvious they have made those decisions to the users affected by them. The companies who did this the best avoided jargon and confusing sentence structure, clearly organized their information and used a lively tone. The policies that did not rank highly contained 100-word-long sentences, obtuse explanations and little sense of design.

    “A privacy policy that consumers are unlikely to read or understand provides no protection whatsoever,” the Center’s experts write in their report. “The results of our study are quite consistent, especially at the top and bottom of the rankings: Google and Facebook do a good job of communicating their privacy policies in a way that allows consumers to understand and make decisions—at least motivated consumers. And Lyft and Twitter do a poor job of communicating those policies. The remaining companies—LinkedIn, Uber, and Apple—do better in some areas than others.”

    The Center used both expert judges to assess policies at a high level and software to evaluate the policies at the sentence level. Here are some telling comments about each company’s policy from judges Deborah Bosley, Meghan Codd Walker and Jeff Greer—all members of the Center for Plain Language Board. You can read the full version of their report at the bottom of this post.

    #1. Google: No privacy notice is perfect, but Google has created a good model for a clear, plain language approach. I’m at times skeptical/concerned about how much access Google has to my personal information, but this notice’s audience-focused approach actually increased my trust in them.”

    #2. Facebook: “I think we should note the difference between the Apple and Facebook policies. Apple [simply] points out how they minimally store customer data. Facebook, in the “What kinds of information” section, documents just about every interaction a customer has, and then talks about how those interactions are collected and stored. I’m marking this as above average not because I agree with Facebook’s practices, but because they’ve clearly communicated those practices.”

    #3: LinkedIn: “I appreciate LinkedIn’s obvious efforts to make their privacy policy easier to understand . . . But when you dive deeper into the more thorough policy, I think the language and structure leave something to be desired. The sentences should often be shorter, and the lack of headers and bullets within sections make wading through the content harder—even if it mostly avoids jargon. I would use this privacy policy as a ‘good intentions but not quite there’ example of plain language.”

    #4: Apple: The notice seems to have some respect for the audience and feels credible. But I don’t think they genuinely want people to read the notice, given how they’ve hidden the paths for adjusting how you share your information.”

    #5: Uber:Outside of the short introduction, there’s nothing here that distinguishes the tone. It feels and reads like a document written by lawyers for people who don’t really read this kind of document. This could be softened with the use of contractions, or better yet, a plain language translation of the legalese.”

    #6: Twitter: There are occasional moments of clarity, but many of the sentences and paragraphs are long and hard to read . . . this is mostly a black and white wall of text.”

    #7: Lyft:The only decent parts of this notice are the clear headings they provide for each section. Readers can tell what should be in that section, but then the writing is so unclear, they likely won’t find the information they need . . . Everything about this notice screams, ‘We don’t want you to read this!'”

    The report ends with the Center noting that all the policies show room for improvement, though they realize only a certain amount of candor is likely to come from such tech companies.

    It seems unlikely that a business would give its customers this very plain message: “By reading this policy, you agree to let us keep track of you, your email and photos, where you go, your devices, the Internet providers you use, and possibly the same information for everyone in your social network. And if we decide we want more information, we will let you know—in some way—maybe before we start tracking that, too.”

    On the other hand, the use of plain language tends to build trust between a company and its customers . . . the market will likely dictate when and the extent to which the companies improve.

    Here’s the full report from the Center for Plain Language:

    Center for Plain Language Privacy Policy Analysis

    More Must-Reads From TIME

    Contact us at letters@time.com