How can you tell if a company is “good” or “bad” on privacy?
Like most of us, you probably don’t have the time or patience to read through all this stuff before you sign up for a new product or service. But, if you look hard enough, there are useful clues to be gleaned from these thousands of words of fine print.
After reading through hundreds of companies’ privacy policies ourselves, while developing Confidently’s privacy service, we’ve identified 5 clues to look out for:
Look for a “Do Not Sell” link. Under the California Consumer Privacy Act (CCPA), any company that’s selling personal information (and has more than $25M in annual revenue) must include a prominent “Do Not Sell My Personal Information” link at the bottom of their home page.
So if a website includes that link, they’re selling data -- and you can opt out of them selling yours. If the website doesn’t include that link, then they’re probably not selling data (though they could be “sharing” it, or they do less than $25M in annual revenue, or they’re just not complying with the law). So absence of the link isn’t necessarily 100% good news.
Search for “in the past 12 months we have not sold...” This is a key phrase to watch for, related to point #1. Most companies that don’t sell your data happily include this language in their privacy policies. So if this language isn’t there (or something very close to it), it’s a pretty clear indicator that they have sold users’ personal data in the recent past -- and may well do so again in the future. Beware!
Search for “exercise your privacy rights.” Under the law, companies have to provide consumers a mechanism to exercise the rights to see their personal data, delete their personal data, and (if a company is selling their data) to opt out from data sales. Ideally, that process is as easy as submitting a webform or logging into their privacy settings through a customer dashboard. But if it’s harder than that -- like, requiring a phone call, an email, or even (shudder) sending a letter -- that’s a clear sign that they don’t want to make it easy for you, and they probably don’t value your privacy.
Search for “California privacy rights.” Thanks to the CCPA, companies must provide a summary of their privacy provisions in a standardized way that, while still wordy, at least puts all the key information in one place. It also makes it easier to compare companies against each other. Get acquainted with this language, and you’ll start to see how most companies are handling privacy -- which makes the outliers stand out.
We hope these tips are helpful! What other clues have you seen in company privacy policies? Email us at firstname.lastname@example.org to let us know — and we’ll share some of these additional tips on our blog too!