It’s Not You; Privacy Policies Are Difficult to Read

Here are some tips that parents and edtech companies can use to make privacy policies easier to understand.

July 17, 2018
Irene Lee
Privacy Intern/Law Clerk at Common Sense Media

CATEGORIES Privacy Evaluation Initiative

Only 36 percent of teens and 25 percent of parents who use social media believe that social media networking sites and applications adequately explain how they use user data, according to a recent survey from Common Sense Media and SurveyMonkey. Incredibly, the BBC has found that privacy policies for social media read at a university level.

Companies that collect personal information are required to have a privacy policy, but this policy only needs to disclose what is legally required.  For a complete overview of a company’s practices, we recommend also reading a company’s terms and conditions (often called “Terms of Use” or “Terms of Service”) before using a service or application.

Readability

Readability is a reader’s ability to comprehend the language used in a text.  Readability scores use either one or a combination of factors, such as word count, to determine the comprehension difficulty of a text.  While no readability score is 100 percent accurate, scores for the same policy on multiple tests can show a policy’s difficulty in relation to that of other policies.  

The average American adult reading level is between 7th and 8th grade.  Not surprisingly, the average reading level for privacy policies of the education technology (edtech) companies evaluated in Common Sense Media’s Privacy Evaluation Initiative is approximately the 10th grade.  

Findings

We analyzed the policies of 1,700 edtech products to determine their readability.  Our findings indicate the average word count of privacy policies to be 2,610 words with a median of 1,828 words.  Given approximately 500 words per page, we found that the average privacy policy length is about 5 pages. In addition to a privacy policy, however, edtech products also often provide terms and conditions, as mentioned above.  Our research shows that the average word count for these terms and conditions policies is 4,228 words, with a median of 3,446 words or approximately 8 pages. Although the average word count for terms and conditions is higher than that for privacy policies, the readability scores between the two are quite similar, with terms  and conditions scoring slightly higher across all readability tests.

As for privacy policies in general, about 75 percent of the edtech companies analyzed fell above the average reading level.  The following logarithmic chart illustrates the relationship between reading level and word count. Our results show a positive correlation between an increase in a policy’s Flesch-Kincaid Grade Level, the most used readability test, and higher word count.

Types of Readability Tests

There are currently six commonly-used readability tests.  Examples of different scores come from Common Sense Media’s Privacy Evaluation Initiative.  Red lines on graphs indicate the ideal score.

Automated Readability Index (ARI)

ARI uses characters to estimate the U.S. grade level necessary to understand a given text.  Scores can range from 1 to 18. Since the average American reads at an 8th grade level, an ideal ARI score for privacy policies would be an 8.  Below is a breakdown of scores ranging from middle school to a college graduate level.

Score

Grade Level

6-8 Middle school

9-12

High school

13-16 College
16-18 Graduate school
18+ Post-graduate

Coleman-Liau Index

The Coleman-Liau Index also uses characters to approximate the U.S. grade level needed to understand a text.  The ideal score on the Coleman-Liau Index is 8.

Flesch-Kincaid Grade Level

There are two types of Flesch-Kincaid readability tests: grade level and reading ease (discussed below).  Flesch-Kincaid Grade Level uses a combination of word count and sentence length to estimate the U.S. grade level necessary to understand the text.  While scores usually correspond with a U.S. grade, scores above a 10 can indicate the number of years of education needed to understand the text. Examples include Smithsonian Networks with a readability of Grade 7 (middle school), and Disney with a readability of Grade 15 (college graduate).  Like ARI and the Coleman-Liau Index, an ideal Flesch-Kincaid Grade Level is Grade 8.

Flesch-Kincaid Reading Ease

Like its counterpart, the Flesch-Kincaid Reading Ease uses word and sentence length, along with syllable count, to determine the ease at which a text reads.  Scores can range from 0.00 (most difficult, ideal for college graduates) to 100.00 (least difficult, ideal for 5th grade students or 11-year-old children), but these are not strict guidelines.  The ideal Reading Ease score is between 60 and 70.

Gunning Fog Index

The Gunning Fog Index estimates the number of years of formal education needed to understand a text.  The index calculates a score ranging from 6 to 17 based on complex words and sentences. A score of 6 indicates a 6th grade level, while scores of 16 and 17 indicate reading levels of a college senior and a college graduate, respectively.  An ideal Gunning Fog score is approximately 8.

SMOG Grade

SMOG, or Simple Measure of Gobbledygook, estimates the number of years necessary to understand a text.  The formula uses the number of multisyllabic words for every 30 sentences to calculate a grade between 4 and 16 (plus or minus 1.5 grades).  An ideal score ranges from 6.5 to 9.5.

A Growing Trend Toward Difficulty

The following tables summarizes the average scores of the commonly-used six readability tests:

Readability Test Ideal Score
Automated Readability Index (ARI) 8
Coleman-Liau Index 8
Flesch-Kincaid Grade Level 8
Flesch-Kincaid Reading Ease 60 to 70
Gunning Fog Index 8
SMOG Grade 6.5 to 9.5

At Common Sense Media, we use readability tests in our Privacy Evaluation Initiative to show how well edtech companies are making their policies understandable for the general public.  Based on the data obtained through the Privacy Initiative Policy Annotator, there is a trend for edtech companies to have privacy policies above the reasonable readability level for American adults across all of the commonly-used readability tests.  Below are our findings that indicate the readability averages for the edtech policies evaluated for each test:

Readability Test Average Score
Automated Readability Index (ARI) 10.84
Coleman-Liau Index 13.69
Flesch-Kincaid Grade Level 10.98
Flesch-Kincaid Reading Ease 46.66
Gunning Fog Index 12.34
SMOG Grade 10.17

Readability becomes even more relevant as more individuals, particularly in the European Union and California, receive more control over their data and privacy.  Issues regarding Facebook and Cambridge Analytica have also raised awareness of online data protection and catapulted legislation that confers more rights to inexperienced individuals.  Despite increased awareness, the general public still has difficulty absorbing privacy regulation and taking preventative steps.  

In a recent study from Blue Mountain Media, 90 percent of those surveyed stated that they were concerned about online security; however, 60 percent of those concerned admitted that they do very little to protect their privacy.  60 percent of surveyed individuals also stated that they did not read the terms and conditions before downloading an app, and 17 percent reported that they would continue using an online service despite knowing about past data breaches and security issues.  

In light of these findings, we at Common Sense Media have some solutions that both parents and edtech companies can take to improve the readability of privacy policies.

Solutions for Parents

1. Look at Common Sense Media’s Privacy Evaluations.

The evaluations can give you and your child an idea of what edtech companies should do to protect personally identifiable information.  There are also examples of issues that many privacy policies address and explanations of what certain terms mean.

2. Take a look at Common Sense Media’s own Privacy Policy and short form Privacy Policy for each edtech evaluation under “Print Full Text”.
3. Encourage your teen to look at Common Sense Media’s Teen Terms of Use.

The Teen Terms of Use explains privacy and terms of use for individuals aged 13 to 17 in a coherent, age-appropriate manner.

4. Contact an edtech company’s privacy department if you have questions or concerns about you or your child’s privacy.

Edtech companies, and other operators, are required under the Children’s Online Privacy Protection Act (COPPA) to list the operator’s contact information for all privacy inquiries.  As a parent, you can request that operators give you an opportunity to review and delete information collected about your children.  You can also refuse consent for future collection of personally identifiable information.

5. Use a policy’s layout to guide you to important information.

If a company has a table of contents, use the table to guide yourself to specific sections of a policy that will explain information collected about your children and other mandatory disclosure requirements.

6. Read an edtech company’s privacy policy for children, if available.

Solutions for Edtech Companies

1. Write privacy policies clearly and concisely.

Researchers have found that it would cost approximately $781 billion in opportunity cost or 76 work days per year for a person to read all of his or her privacy policies.  Many companies, like Google, have replaced older policies with newer ones to comply with the EU’s General Data Privacy Regulation (GDPR) transparency standards.  Because the average human attention span is 8 seconds, edtech companies should strive for sentences between 20 and 25 words long.  

2. Write without using jargon or difficult words, if possible.

There are exceptions for this rule, such as disclosing legal concepts like waivers and indemnity.

3. Write with a credible and lively voice.

According to the Center for Plain Language, informal language and liveliness play large roles in how companies effectively communicate with consumers.  Although the Center advises against excessive informality, it also suggests that informality can reduce the distance between the company and the reader.  Informality also decreases the readability level so that it is closer to the target audience’s level. In addition, the Center found that the most readable privacy policies showed respect and concern for the reader and used a consistent voice, choosing either a conversational or formal tone.

4. Avoid negative compounds.

Sentences that use negative compounds are often harder to understand.  A common example is “We do not share information unless . . .”  Instead, companies should write sentences such as “We only share information if . . .”

5. Use pictures, graphics, and other visuals.

Visual aids are helpful, especially for explaining how to change one’s privacy settings in an app or online.

6. Change formatting and layout to ease readability.

Insert a short summary of what the privacy policy addresses in clear, understandable language.  Including a table of contents, a bulleted list, or color helps readers identify important sections of the privacy policy.   

7. Understand a user’s expectations.

The best way to communicate effectively through writing is to ask yourself if a person without specialized knowledge would understand the text.  The same concept should apply to privacy policies.