Cylab News

CyLab Research on the Cost of Reading Privacy Policies Makes Waves

posted by Richard Power
August 17, 2008

"Carnegie Mellon CyLab researchers Lorrie Cranor and Aleecia M. McDonald are creating quite a disturbance in the force with their paper on “Cost of Reading Privacy Policies.”

Carnegie Mellon CyLab researchers Lorrie Cranor and Aleecia M. McDonald are creating quite a disturbance in the force with their paper on “Cost of Reading Privacy Policies.” (Read the paper.)

Here is a sampling of excerpts from recent media coverage, with links to the full texts of the stories:

Online ad industry executives are taking issue with a new Carnegie Mellon University report concluding that regulation might be necessary to "provide basic privacy protections." The report, by Aleecia McDonald and Lorrie Faith Cranor, found that online privacy policies take users an average of 10 minutes to read. If every U.S. Web user read the privacy policy at every site visited, the time spent reading privacy policies would total an estimated 44.3 billion hours per year, according to the report. Media Post, 10-9-08

It would take nearly a day every month to read the privacy policy of every website you visited, according to new research. Carnegie Mellon researchers Aleecia McDonald and Lorrie Faith Cranor claim the average privacy policy takes around 10 minutes to read, with some taking as much as 42 minutes. One "popular site's" privacy policy ran to a staggering 7,669 words or 15 pages of text.

With the average person visiting 119 different websites over the course of a month, it would take nearly 20 hours just to read their privacy policies alone. The cumbersome length of privacy policies is often cited as the reason they're commonly ignored, and the researchers claim that has a knock-on effect for people's online security. "Internet users likely do not understand the risks to their privacy," the research claims. PC Pro, 10-9-08

When multiplied across the major sites that most users visit in a year, it's clear that getting a good sense of what web sites are doing with personal information could consume a good chunk of one's time. In fact, the authors estimate that it could take anywhere from 16 to 444 hours per person per year, with most Americans needing a full 200 hours to get through everything. Ars Technica, 10-8-09

The length of privacy policies is often cited as one reason they are so commonly ignored. "Studies show privacy policies are hard to read, read infrequently, and do not support rational decision making," said the researchers, acknowledging the fact that the policies are rarely read.

The researchers also investigated how quickly people could read privacy policies when they were just skimming it for pertinent details. They timed 93 people as they skimmed a 934-word privacy policy and answered multiple choice questions on its content. Out-Law.Com, 10-6-08

Recent News

Three New YouTube & iTunes Videos Showcase CyLab Seminar Series

CyLab’s New Smartphone app, SafeSlinger Empowers Users’ to Strengthen Their Own Security and Privacy

CyLab Research, Again, Has Big Impact on IEEE Symposium on Security & Privacy

[see all cylab news]

Recent chronicles

Lightning in a Bottle? A Brief Tour of CyLab Online

Mike Farb Offers Insights Into SafeSlinger, CyLab's Powerful New Smartphone App

Anthony Rowe on Wireless Sensor Networks for Building Energy Management

[see all cylab chronicles]