Privacy Policy Score Criteria
The privacy policy of a complany is a key indicator as to the way one can be expected to be treated by a company. While the privacy policy has never, as of this writing, been upheld in court for an inability to demonstrate coompensatory damages, the FTC can make a companie's life miserable for violating it.
Beyond the enforceability of the privacy policy is the tone it sets. If the policy is a lot of double-talk, vagueries and lawyer-speak there is probably something being hidden. Privacy policy can also be determined as much by what it doesn't as by what it does say.
| Criteria | Score | Description | Rationale |
|---|---|---|---|
| UGD Statement | +1 Yes -1 No |
Does the privacy policy include a statement about User Generated Data, or does it limit it's privacy statements to the "personal data" that is generally already protected by law? | Privacy policies generally carry some carefully crafted statement about personal data. The personal data definition is usually specifically defined to be forms of data they are already required to protect by law. Statements covering any User generated data not protected by law are important. Sophisticated software of today's companies can easily be used to indirectly derive just about anything that could be found out with personal data by analyzing UGD rendering "personal data" protections irrelevant placations. |
| Objective Readability | (6-FKGL) | The privacy policy is put through a Flesch-Kincaid Grade Level evaluation and the returned score is subtracted from 6Flesch of Flesch-Kincaid identified "65" as the optimal reading ease score. A 65 reading ease score maps to a grade level score of "6." and reflected here. | "Easy to read" is very subjective. For this reason we are using the Flesch-Kincaid Grade Level (FKGL) test to determine score. In an effort to ensure this score is weighted to scale with the rest of the privacy policy criteria, the FKGL score is subtracted from an optimum grade level target audience of "6." This way the delta, plus or minus from optimum is the actual number used in this criteria. |
| Subjective Readability | +2 GlanceGot it at a glance. Good clear message(s) at the front of the privacy policy that are consistent with the fine print, if there is any. +1 ClearThe message is there fairly quickly, though it took some scrolling and looking around in the page. +0 LegibleIt requires in depth reading, but the message of the privacy policy is understandable by the average person once the effort is made. It doesn't require a documentation professional to comprehend. -1 UnclearDocument is understandable, but leaves significant enough question to have reservations over privacy practices. -2 LegaleseA long document full of legalese that leaves the average reader uninformed or misguided as to the actual intention and conduct of the privacy policy publisher. |
Is the privacy policy well formatted, in plain language, clear and understandable or is it full of legal doubletalk? | "Easy to read" is very subjective. The Flesch-Kincaid score is a good tool for measuring readability based on writing mechanics, however sometime good old fashioned subjectivity is needed to fully understand the human factor. EvaluatorIn fairness our evaluator(s) understand what they are looking for in a privacy policy according to the guidelines presented on this site. is given 2.5 minutes (approx. time spent watching a video on the net) to determine the degree of protection provided the privacy policy being reviewed. A score is then given based on how well the evaluator thought they "got it." |
| Monetization | +1 No 0 Unknown -1 Yes |
Does the privacy policy address the monetization of customer information? | This score reflects only the privacy policy addressing monetization. Common knowledge assessment of product vendor monetization practices is addressed in the "Business Model" category of the criteria. |
| UGD Ownership | +1 UserA clear statement is made in the privacy policy that the end user retains ownership of all User Generated Data (UGD). +0 UnknownThere is no statement made either way whether the ender user reatins ownership of all User Generated Data (UGD) -2 VendorThe privacy policy indicates, whether bltantly stated or not, that the vendor company takes ownership of any portion of User Generated Data (UGD). |
A simple question of whether the vendor chooses to take ownership of all information produced by the end user. | Some vendor companies side-step copyright laws as a means to side-step privacy issues by claiming ownership of all the data they store. A company cannot be accused of violating anyone's privacy if they are simply analyzing their own data. To maintain a perspective of end user data ownership would have the company in a position of nosing around in someone else's data, which is in fact the case regardless of the ownership claims made by the company. |
Note: It is the perspective of the advocacy that any product connecting to the Internet should have a privacy policy, not just on-line services that process and store data. Product privacy policies should inform the customer, or potemerPotential Customer, exacty what data is sent where from the product when and what is done with this data. It is perfectly acceptable to refer to a more general privacy policy to describe what is done with data once sent by the product.