The Atlantic reviews the privacy policies of 50 of the most popular Web sites in an effort to determine “whether most popular websites respect your privacy as much as they claim to.”
So we gathered up and analyzed the 145,641 words that make up the privacy policies of the 50 most popular American websites. (Collectively, they amount to a text that’s about as long as The Grapes of Wrath.) What we found was that these policies tell you very little about the data these websites have on you. And that’s the point.
Today’s privacy policies don’t tell consumers the whole story for two main reasons. First, websites have adopted a kind of precautionary legalese to inoculate themselves against lawsuits and fines. The vaguer and more elastic their language, the more risk reduced. Second, over the past ten years, a new industry of “data brokerage” has arisen to help sites learn more about the people like you and me on the other side of the screen. These firms cross-reference and synthesize data to create richly detailed profiles that can include purchasing habits, political affiliations, sexual orientation, religious beliefs, and medical history. Gathering and analyzing that data is big business, and it creates a strong financial incentive for the firms that collect it to make it as difficult as possible for you to opt out of their net. […]
Statements about not selling personal information concerned us because their entire meaning is dependent on the definition of “consent.” The privacy lawyers and consumer-rights advocates we talked to told us that in America, a consumer can “consent” to a website’s data sharing policy by failing to proactively “opt out” of the default settings. You can “consent” simply by using a website.