Shared publicly  - 
 
Proposed California law requires site privacy polices not to exceed 8th grade language and 100 words. We all do know that privacy policies can become long and complicated, but they encompass complex principles.  And while we're probably very much in favor of making them as understandable as possible, trying to limit privacy policies in such an arbitrary manner makes about as much sense as trying to legislate the value of pi.  In fact, the actual bill itself would violate its own designated limits many times over. And I've now just about hit the actual 100 word limit itself.  Sorry about 
7
Lauren Weinstein's profile photoAlex Law's profile photoAlan Olsen's profile photoPeter Sitterly's profile photo
13 comments
 
Maybe they can up goer five it. Nobody wants to read several long legal documents just to use web services though. A better idea would be to standardize some common protections and certify the site with icon labels, like Creative Commons.

Google could pick up the metadata and warn you when you visit a low privacy site automatically.
 
+Pavlos Papageorgiou Attempts to convert privacy policies to machine-readable directives have been tried before, and have all basically failed miserably.  These are not simple concepts, and they have direct legal implications.  You can't get blood from a stone.
 
Aiming for 8th grade language isn't a bad idea, as long as there's some wiggle room. But 100 words max? Are they crazy? Have they ever written anything before?
 
I don't understand why that would be limited to privacy policies.

Shouldn't mortgage contracts be limited to 100 8th-grade words? Or health insurance contracts? Car rentals contracts? Airplane tickets? Laws?
 
This will make so much work for lawyers as the courts are required to decide if a standard phrase of 8th grade words mean the same thing as an obscure latin phrase the courts have avoided clearly defining in simple english for centuries.
 
Deep inside, I think it's fundamentally misguided. It's possible that sponsors of such a proposed law believe that privacy policies are made more complex than necessary in order to be opaque.

The reality is that they are complex because they describe complex systems, and in many cases they complexity of such systems is only exposed through terms of service and privacy policy: those are situations where implementations details "leak" back to the users.

Limiting privacy policies to 100 words means that complex problems become impossible to solve, because complex problems require complex solutions.

I see two possible outcomes:

-privacy policies do get shrunk down to 100 words without the products themselves changing, so that nobody has any chance of having meaningful information about what the products really do, boiling down to saying "this product handles your private information" which provides no more information than prop 65 warnings.

-products disappear from California, the same way COPPA resulted in many products getting simply forbidden for pre-teens.
 
Another possibility would be that sites would tend to define privacy policy per se very narrowly (as you suggest) but also refer to much longer general TOSes for much that would previously have been considered part of typical privacy policies.
 
To make maters even more complicated, a 100 word privacy policy cannot met legislated requirements in Australia, where US companies have long claimed they have to be based in California and that California Law is what applies to their services. If this causes them to move to, say, Nevada, and play the same game, it will not help anything, and may open them to claims thier choice of legislative venue is to avoid the laws of other jurisdictions.
 
Most lawyers can't say hello in less than 100 words.
 
Reducing the language of a privacy policy just means more people will sue for asinine reasons.

"This website handles your private information..."

"I'll sue! I used your website to publish information. Therefore, it became public information. However, you never claimed your website would handle my public information, but it did. Liar!"

"This website handles your public and private information..."

"I'll sue! What gives your website the right to handle MY information? It's mine!"

"This website does everything. You don't exist. Go ahead and sue us. We've got more money and power than you do."
Add a comment...