Abstract
This paper reports on a formal subject-based experiment, which seeks to evaluate the readability of privacy policy statements found on the Internet. This experiment uses 50 participants and privacy policies collected from 10 of the most popular web sites on the Internet. It evaluates, using a cloze test, the subjects’ ability to comprehend the content of these privacy policies. The paper also compares its results with the results from previous studies on this topic. In general, it finds that privacy policies are “difficult” to comprehend.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
An increase in the Flesch Grade Level score indicates the document is less readable. On the other hand increase in cloze test indicates that the document is easy to comprehend. Hence, there exists an inverse correlation between the FGL index and the cloze score.
is an effect size used to indicate the standardized difference between two means. It is a widely used in meta-analysis. It is defined as the difference between two means divided by a standard deviation for the data.
References
ALEXA (2008). Top 100 most visited websites, (Online). Available:http://www.alexa.com/site/ds/top_sites?ts_mode=lang&lang=en (Accessed: Aug. 08, 2008).
Borchers, C. A. (1990). Content area teachers’ uses of textbooks and content area reading strategies in Kansas science, social studies, and English secondary school classes. Ph.D. thesis, Kansas State University.
Bormuth, J. R. (1966). Readability: a new approach. Reading Research Quarterly, 1, 79–132.
Chall, J. S. (1988). The beginning years. In B. L. Zakaluk & S. J. Samuels (Eds.), Readability: Its past, present, and future. Newark: International Reading Association.
Coleman, E. B. (1962). Improving comprehensibility by shortening sentences. Journal of Applied Psychology, 46–131.
Coleman, E. B., & Blumenfeld, P. J. (1963). Cloze scores of nominalization and their grammatical transformations using active verbs. Psychology Reports, 13, 651–654.
Davison, A. (1984). Readability formulas and comprehension. Comprehension instruction: Perspectives and suggestions. New York: Longman.
Fanguy, R., Kleen, B., & Soule, L. (2004). Privacy policies: cloze test reveals readability concerns. Issues in Information Systems, V(1), 117–123.
Fries, C. C. (1963). Linguistics and reading. New York: Holt, Rinchart and Winston.
FTC (1998). Privacy online: A report to congress, June 98. www.ftc.gov/reports/privacy3/ (Accessed: Mar. 3, 2008)
Gemoets, D., Rosemblat, G., Tse, T., & Logan, R. (2004). Assessing readability of consumer health information: an exploratory study. Lister Hill National Center for Biomedical Communications, National Library of Medicine, Bethesda, MD, USA.
Haar, J., & Kossack, S. (1990). Employee benefit packages: how understandable are they? The Journal of Business Communication, 29(4), 367–382.
Harris, A. J. (1962). Effective teaching of reading. New York: David McKay Company, Inc.
IWS (2008). Highest internet penetration rate. http://www.internetworldstats.com/top25.htm (Accessed: Mar. 3, 2008).
Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools: a usability evaluation of online privacy notices. Proceedings of ACM Conference on Human Factors in Computing Systems: CHI, 2004, 471–478.
Jonides, J., Lewis, R. L., Nee, D. E., Lustig, C. A., Berman, M. G., & Moore, K. S. (2008). The mind and brain of short-term memory. Annual Review of Psychology, 59, 193–224.
Klare, G. R. (1963). The measurement of readability. Ames, IA: Iowa State University Press.
Klare, G. R. (1975). Assessing readability. Reading Research Quarterly, 10, 62–102.
Klare, G. R. (1985). Matching reading materials to readers: The role of readability estimates in conjunction with other information about comprehensibility. In T. L. Harris & E. J. Cooper (Eds.), Reading, Thinking, and Concept Development. New York: College Entrance Examination Board.
Mariotti, A. S., & Homan, S. P. (2001). Linking reading assessment to instruction: An application worktext for elementary classroom teachers (3rd ed.). Mahwah: Lawrence Erlbaum Associates.
McConnell, C. R. (1982). Readability formulas as applied to college economics textbooks. Journal of Reading, 14–17.
McLeod, J. (1965). Gap-reading comprehension test manual. Melbourne: Heinemann.
Meyer, B. F. J. (2003). Text coherence and readability. Topics in Language Disorders, 23, 204–224.
National Telecommunications and Information Administration (2002). A Nation Online: How Americans Are Expanding Their Use of the Internet, http://www.ntia.doc.gov/ntiahome/dn/
Oberauer, K., & Kliegl, R. (2006). A formal model of capacity limits in working memory. Journal of Memory and Language, 55, 601–626.
Rankin, E. F., & Culhane, J. W. (1969). Comparable cloze and multiple-choice comprehension test scores. Journal of Reading, 13, 193–198.
Reay, I., Beatty, T., Dick, S., & Miller, J. (2007). A survey and analysis of the P3P protocol’s agents, adoption, maintenance, and future. IEEE Transactions on Dependable and Secure Computing, 5(2), 151–164.
Ruddell, M. R. (2005). Teaching content reading and writing (4th ed.). Hoboken: Wiley.
Stevens, K. T., Stevens, K. C., & Stevens, W. P. (1992). Measuring the readability of business writing: the cloze procedure vs. readability formulas. Journal of Business Communication, 29, 367–382.
Sumeeth, M., & Miller, J. (2008). Are on-line privacy policies readable? International Journal of Security and Privacy, in print.
Taylor, W. (1953). Cloze procedure: a new tool for measuring readability. Journalism Quarterly, 30, 415–433.
The Gramm-Leach Bliley Act (2008). http://www.ftc.gov/privacy/privacyinitiatives/glbact.html, (Accessed: May 30, 2008).
Vacca, R. T., & Vacca, J. A. L. (2005). Content AREA reading: Literacy and learning across the curriculum (8th ed.). Boston: Pearson Education.
Williams, A., Siegel, A., & Burkett, J. (1974). Readability of Textual Material—A Survey of the Literature, AFHRLTR-74-29, Air Force Human Resources Laboratory.
Zakaluk, B. L., & Samuels, S. J. (1988). Readability: its past, present and future. Newark: International Reading Association.
Ziefle, M. (1998). Effects of display resolution on visual performance. Human Factors, 40(4), 555–568.
Author information
Authors and Affiliations
Corresponding author
Appendix A: Privacy policy as displayed on the desktop
Appendix A: Privacy policy as displayed on the desktop
Google privacy policy
Last modified: October 14, 2005
At Google we recognize that privacy {1}______________ important. This Policy applies to all {2}________________ the products, services and websites offered by {4}________________ Inc. or its subsidiaries or affiliated {5}________________ (collectively, Google’s “services”). In addition, where {6}________________ detailed information is needed to explain {7}________________ privacy practices, we post separate privacy {8}________________ to describe how particular services process {9}_______________ href=“http://www.google.com/privacy_faq.html#personalinfo”{10}________________ information, which are accessible from the {11}________________ bar to the left of this {12}________________.
Google adheres to the US {13}________________ harbor privacy principles of Notice, Choice, {14}_______________ Transfer, Security, Data Integrity, Access and {15}________________, and is registered with the U.S. {17}________________ of Commerce’s safe harbor program.
{18}________________ you have any questions about this {19}________________, please feel free to contact us through our {22}________________ or write to us at Privacy {23}________________, c/o Google Inc., 1600 Amphitheatre Parkway, {24}________________ View, California, 94043 USA.
We offer a number of services {28}________________ do not require you to register {29}________________ an account or provide any personal {30}________________ to us, such as Google Search. {31}________________ order to provide our full range {32}________________ services, we may collect the following {33}______________ of information:
When you sign {35}________________ for a Google Account or other {37}________________ service or promotion that requires registration, {38}________________ ask you for personal information (such {39}________________ your name, email address and an {40}________________ password). For certain services, such as {41}_____________ advertising programs, we also request credit {42}__________________ or other payment account information which {43}________________ maintain in encrypted form on secure {44}________________. We may combine the information you {45}________________ under your account with information from {46}________________ Google services or third parties in {47}________________ to provide you with a better {48}________________ and to improve the quality of {49}________________ services. For certain services, we may {50}________________ you the opportunity to opt out {51}________________ combining such information.
Google cookies:
When you visit {53}________________, we send one or more cookies {54}________________ a small file containing a string {55}________________ characters - to your computer that {56}________________ identifies your browser. We use cookies {57}________________ improve the quality of our service {58}________________ storing user preferences and tracking user {59}___________, such as how people search. Most {60}________________ are initially set up to accept {61}________________, but you can reset your browser {62}________________ refuse all cookies or to indicate {63}________________ a cookie is being sent. However, {64}________________ Google features and services may not {65}________________ properly if your cookies are disabled. {66}________________
Log information:
{67}________________ you use Google services, our servers {68}________________ record information that your browser sends {69}________________ you visit a website. These server {71}________________ may include information such as your {72}________________ request, Internet Protocol address, browser type, {73}________________ language, the date and time of {74}________________ request and one or more cookies {75}________________ may uniquely identify your browser {76}________________
User communications:
When {77}________________ send email or other communication to {78}________________, we may retain those communications in {79}________________ to process your inquiries, respond to {80}________________ requests and improve our services.
Affiliated sites:
We {82}________________ some of our services in connection {83}________________ other web sites. Personal information that {84}________________ provide to those sites may be {85}________________ to Google in order to deliver {86}________________ service. We process such information in {87}________________ with this Policy. The affiliated sites {88}________________ have different privacy practices and we {89}________________ you to read their privacy policies. {90}________________
Links:
Google {91}________________ present links in a format that {92}________________ us to keep track of whether {93}________________ links have been followed. We use {94}________________ information to improve the quality of {95}________________ search technology, customized content and advertising. {96}________________ more information about links and redirected {97}_______________, please see our FAQs.
Other:
This Privacy {100}________________ applies to web sites and services {101}________________ are owned and operated by Google. {102}________________ do not exercise control over the {103}________________ displayed as search results or links {104}________________ within our various services. These other {105}________________ may place their own cookies or {106}________________ files on your computer, collect data {107}________________ solicit personal information from you. {108}________________ only processes personal information for the {109}________________ described in the applicable Privacy Policy {110}________________ privacy notice for specific services. In {111}________________ to the above, such purposes include:{112}________________ Providing our products and services {113}________________ users, including the display of customized {114}________________ and advertising; Auditing, research and {115}____________ in order to maintain, protect and {116}________________ our services; Ensuring the technical {117}_______________ of our network; and Developing {118}________________ services. You can find {119}________________ information about how we process personal {120}________________ by referring to the privacy notices {121}________________ particular services.
Google processes personal {122}________________ on our servers in the United {123}________________ of America and in other countries. {124}________________ some cases, we process personal information {125}________________ a server outside your own country. {126}________________ may process personal information to provide {127}________________ own services. In some cases, we {128}________________ process personal information on behalf of {129}________________ according to the instructions of a {130}________________ party, such as our advertising partners.{131}________________
Choices for personal information:
When {132}________________ sign up for a particular service {133}________________ requires registration, we ask you to {134}________________ personal information. If we use this {135}________________ in a manner different than the {136}________________ for which it was collected, then {137}________________ will ask for your consent prior {138}________________ such use.
If we propose {139}________________ use personal information for any purposes {140}________________ than those described in this Policy {141}________________ in the specific service notices, we {142}________________ offer you an effective way to {143}________________ out of the use of personal {144}________________ for those other purposes. We will {145}________________ collect or use sensitive information for {147}________________ other than those described in this {148}________________ and/or in the specific service notices, {149}______________ we have obtained your prior consent. {150}______________
You can decline to submit personal {151}______________ to any of our services, in {152}________________ case Google may not be able {153}________________ provide those services to you.
{154}________________ sharing:
Google only shares personal {155}________________ with other companies or individuals outside {156}________________ Google in the following limited circumstances: {157}________________
We have your consent. We require {158}_______________ consent for the sharing of any {159}________________ personal information.
We provide such {160}________________ to our subsidiaries, affiliated companies or {161}________________ trusted businesses or persons for the {162}________________ of processing personal information on our {163}____________. We require that these parties agree {164}________________ process such information based on our {165}_____________ and in compliance with this Policy {166}________________ any other appropriate confidentiality and security {167}________________.
We have a good faith {168}________________ that access, use, preservation or disclosure {169}________________ such information is reasonably necessary to ({170}________________) satisfy any applicable law, regulation, legal {171}________________ or enforceable governmental request, (b) enforce {172}________________ Terms of Service, including investigation of {173}_______________ violations thereof, (c) detect, prevent, or {174}____________ address fraud, security or technical issues, {175}________________ (d) protect against imminent harm to {176}________________ rights, property or safety of Google, {177}________________ users or the public as required {178}________________ permitted by law.
If Google {179}________________ involved in a merger, acquisition, or {180}________________ form of sale of some or {181}________________ of its assets, we will provide {182}________________ before personal information is transferred and {183}________________ subject to a different privacy policy. {184}________________
We may share with third parties {185}________________ pieces of aggregated, non-personal information, such {187}________________ the number of users who searched {188}________________ a particular term, for example, or {189}________________ many users clicked on a particular {190}________________. Such information does not identify you {191}________________.
Please contact us at the {192}________________ below for any additional questions about {193}________________ management or use of personal data. {194}_____________
Information security:
We take appropriate {195}________________ measures to protect against unauthorized access {196}______________ or unauthorized alteration, disclosure or destruction {197}________________ data. These include internal reviews of {198}________________ data collection, storage and processing practices {199}________________ security measures, as well as physical {200}________________ measures to guard against unauthorized access {201}________________ systems where we store personal data. {202}______________
We restrict access to personal information {203}________________ Google employees, contractors and agents who {204}________________ to know that information in order {205}________________ operate, develop or improve our services. {206}________________ individuals are bound by confidentiality obligations {207}________________ may be subject to discipline, including {208}________________ and criminal prosecution, if they fail {209}________________ meet these obligations.
Data integrity {210}________________:
Google processes personal information only for {211}________________ purposes for which it was collected {212}________________ in accordance with this Policy or {213}________________ applicable service-specific privacy notice. We review {214}________________ data collection, storage and processing practices {215}______________ ensure that we only collect, store {216}________________ process the personal information needed to {217}________________ or improve our services. We take {218}________________ steps to ensure that the personal {219}________________ we process is accurate, complete, and {220}________________, but we depend on our users {221}________________ update or correct their personal information {222}________________ necessary.
Accessing and updating personal {223}______________:
When you use Google services, {224}________________ make good faith efforts to provide {225}________________ with access to your personal information {226}___________ either to correct this data if {227}________________ is inaccurate or to delete such {228}________________ at your request if it is {229}________________ otherwise required to be retained by {230}________________ or for legitimate business purposes. We {231}________________ individual users to identify themselves and {232}________________ information requested to be accessed, corrected {233}________________ removed before processing such requests, and {234}________________ may decline to process requests that {235}________________ unreasonably repetitive or systematic, require disproportionate {236}________________ effort, jeopardize the privacy of others, {237}________________ would be extremely impractical (for instance, {238}________________ concerning information residing on backup tapes), {239}________________ for which access is not otherwise {240}________________. In any case where we provide {241}________________ access and correction, we perform this {242}________________ free of charge, except if doing {243}________________ would require a disproportionate effort. Some {244}________________ our services have different procedures to {245}________________, correct or delete users’ personal information. {246}________________ provide the details for these procedures {247}________________ the specific privacy notices or FAQs {248}________________ these services.
Enforcement:
Google {249}________________ reviews its compliance with this Policy. {250}________________ feel free to direct any questions {251}________________ concerns regarding this Policy or Google’s {252}________________ of personal information by contacting us through this {255}___________ site or by writing to us {256}________________ Privacy Matters, c/o Google Inc., 1600 {257}________________ Parkway, Mountain View, California, 94043, USA. {258}________________ we receive formal written complaints at {259}________________ address, it is Google’s policy to {260}________________ the complaining user regarding his or {261}________________ concerns. We will cooperate with the {262}________________ regulatory authorities, including local data protection {263}________________, to resolve any complaints regarding the {264}______________ of personal data that cannot be {265}________________ between Google and an individual.
{266}________________ to this policy:
Please note {267}________________ this Privacy Policy may change from {268}________________ to time. We will not reduce {269}________________ rights under this Policy without your {270}________________ consent, and we expect most such {271}________________ will be minor. Regardless, we will {272}________________ any Policy changes on this page {273}________________, if the changes are significant, we {274}________________ provide a more prominent notice (including, {275}________________ certain services, email notification of Policy {276}________________). Each version of this Policy will {277}________________ identified at the top of the {278}________________ by its effective date, and we {279}________________ also keep prior versions of this Privacy Policy in an archive for your {282}___
Rights and permissions
About this article
Cite this article
Singh, R.I., Sumeeth, M. & Miller, J. A user-centric evaluation of the readability of privacy policies in popular web sites. Inf Syst Front 13, 501–514 (2011). https://doi.org/10.1007/s10796-010-9228-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-010-9228-2