Fewer than half of Facebook and Google users understood the sites' privacy policies

A study points to notifying users within applications as an alternative

Most users of Facebook and Google had fundamental gaps in understanding, even after reading privacy policies, about how the websites handled their information and how other Web users could discover it, according to a study released by the digital branding firm Siegel+Gale [cq].

Users understood the privacy policies less well than they did government documents or bank card agreements, the study said. They earned comprehension scores between 35 and 40 out of 100 for both policies. The survey asked just over 400 people to read the companies' policies and then answer questions about them online.

"We forced users to pay attention to this, but even through forcing them to pay attention, they still couldn’t understand what was in these privacy policies and were failing to grasp the basic information that was supposed to be communicated," said Brian Rafferty [cq], global director of insight at Siegel+Gale.

The study is hardly the first to find that users are uneasy with how much of their information becomes public through their use of websites and mobile applications. It is among a growing body of research demonstrating the ineffectiveness of privacy policy statements as a way to keep users informed about how their data is used.

After reading the policies, just 23 percent understood that their Google+ profile is visible to anyone online. Just 30 percent knew that even with the strictest privacy settings activated, their Facebook user names remain public.

The study also pointed to problems with Google's efforts earlier this year to notify users that it was consolidating the privacy policies for its diverse services. Less than half of users understood that the company's privacy policy related to their use of YouTube and Google Maps.

A Google spokesman called the company's user education campaign "the most extensive notification effort in Google’s history."

The study suggests that informing users within the app or website how their information is being shared is a better way to safeguard privacy.

Justin Brookman [cq], director of the Project on Consumer Privacy at the Center for Democracy and Technology, agreed.

"Privacy policies are not a great way to inform users," he said.

"When I'm trying to figure out a privacy question on Facebook, I go to the help center or FAQs or whatever it is," Brookman said. "I don't ever go to the privacy policy. Same thing with Google."

Brookman pointed out that both Google and Facebook have begun including more intuitive notification methods.

A Google spokesman pointed to those features, and said its "privacy center, published FAQs, Help Center articles, Good to Know website and in-product notifications help explain what data we collect, how we use it and how people can manage their information."

Facebook has also moved toward including more information about how users' information can be accessed. The company did not respond to a request for comment.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Join the CSO newsletter!

Error: Please check your email address.

More about FacebookGoogleIDGScott CorporationTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Cameron Scott

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts