Most privacy policies are too complex and unhelpful for end-users.
Although privacy policies are meant to protect end-users, they are typically written in a way that protects the entities responsible for creating and sharing products. These policies have a lot of technical and legal information that is written at a college reading level, even though the average person reads at a middle school level. The content is often modeled after existing commercial products, which might contain terms that are not best practice or are difficult for smaller-scale entities to follow. Policies are usually hidden at the bottom of a web page and information that is relevant or actionable to the end-user is not easily visible.
Privacy policies that are difficult to find, read, and understand can cause end-users to feel overwhelmed by the information and as though they have no control over their privacy.
Privacy policies that are written in plain language can help end-users at all reading levels understand how their data is handled. Visually emphasizing how the policy content relates to the end-user, presenting this content in a logical flow, and showing what step-by-step actions they can take if they have concerns, will give end-users more agency over how their data is used. Having these simplified materials also ensures apps and websites comply with ethical review board requirements, federal regulations, and international privacy laws.
What to prepare?
The content of the policy should be at an appropriate reading level (e.g., middle school) for participants. Present the information in a logical, step-by-step flow based on how the information is used for the study. Include visual elements and narrative language that is centered around the participant, instead of having a “wall of text”. Make sure the policy is easy to find.
An example that achieves a middle school reading level
An Example of a Good Policy Summary
Center for Plain Language
Making Privacy Policies Not Suck
A Quick Primer on Readability