Does Anyone Read Online Privacy Policies?

At, the link to the privacy policy is at the bottom of the homepage, in small print. At, the policy measures 10 printed pages and5,200 words in length. To read the full policy at, visitorshave to click out and back into the policy page at least twice.

Though the public’s desire for privacy protection within e-commerce iswell-documented, the vast majority of online shoppers appear unwillingto take the time to read an e-tailer’s privacy policy.

“Some people read privacy policies, but it’s a tiny minority,” Susannah Fox,director of research at the PewInternet and American Life Project in Washington, D.C., told theE-Commerce Times. “People aren’t that aggressive when it comes toprotecting their own privacy.”

In fact, Forrester Research analyst Christopher Kelley told the E-CommerceTimes that less than 1 percent of the visitors to six major online travelsites during April actually read privacy policies.

“Consumers are incredibly concerned about privacy,” Kelley said. “But theydon’t want to lift a finger to protect their own privacy.”

Lost Money

The failure of consumers to take an active approach to privacy would be good news for manye-tailers, except for one fact: Consumers are more likely to buy and tospend more online if they feel their privacy is safe.

As a result, e-tailers with solid privacy policies in place may have amarketing tool they can use to attract more customers — and big spenders.

Kelley cited travel site Expedia (Nasdaq: EXPE), which “pushes” parts ofits privacy message to consumers while the site locates flights matchingsearch criteria. Three of six messages shown to customers while the searchengine does its work relate to the site’s privacy policy and highlight thefact that PricewaterhouseCoopers has audited and approved of it.

“That’s the type of reassurance consumers need,” Kelley said, recommending that e-tailers confident in their privacy policies “put them right in theface” of their customers, by showing a synopsis of the policy just beforethe checkout process starts, for instance.

Gray Area

It’s a bit more tricky, however, for e-tailers whose privacy policies arenot as cut-and-dry. Several e-commerce sites, including Amazon, have comeunder fire from watchdog groups for being inconsistent andhard-to-understand when it comes to privacy standards.

Consumers are apparently inclined to give even those merchants a freeride, at least for the time being. Depending on what information is atstake, however, consumers can get more aggressive.

For instance, the Pew Project’s Fox said surfers visiting financial sitesor seeking health information are much more likely to check out privacystatements, but still only a fraction do so.

A Matter of Trust?

On e-tail sites, people are apparently either comfortable enough to betrusting or too lazy to do anything about their concerns. At electronicse-tailer, only about 1 percent of all visitors to the site everclick on the link to the privacy policy. spokesperson Kathy Beaman told the E-Commerce Times that even fewerhave ever asked to opt out of data collection.

“It’s a really small number,” Beaman said.

Other e-tailers reported similar statistics.

Passive Resistance

Since it is not in an e-tailer’s best interest for a customer’s attentionto be diverted away from shopping, even for a moment, even if the privacypolicy contains only reassuring news, most do little to attract attentionto their privacy pages.

The public isn’t exactly clamoring for action. Fox said a Pew surveylast summer found that more than half of all Internet users do not know whatInternet cookies are, and the majority who do accept them from Web sitesanyway.

In other words, information is being collected passively while acustomer shops online.

Jail Time

Yet Pew’s research has also revealed that Internet users want strictprivacy policies and tough punishment. Many favor jail time for anyone whoviolates them.

“There’s a disconnect there,” Fox said. “Internet users express concernabout online privacy, but most don’t change their behavior.”

Or as Kelley stated it: “Consumers want to feel safe, but they aren’twilling to do the work.”

For that reason, though most do not favor government intervention in theInternet as a rule, a majority of consumers welcome U.S. Federal TradeCommission (FTC) involvement in policing privacy, according to Kelley.

“There is a strong sentiment to have the FTC come in and make it safe,”said Kelley. “But in the meantime, there is a great opportunity fore-tailers who have strong policies and feel confident enough to be up frontabout it.”


  • After reading a few dissertations on the handling of my private information, the length of such documents appear to rival ‘war and peace’ in length, and is about as clear as the original novel (in russian). In this case, I feel that there is no reason to read the statement, which in turn, give me one less reason to revisit the site for whatever reason I was there in the first place.

    If there is only one site, (or perhaps a few) offering me the product I want and the privacy statement is excessively long or complicated, I return to the stone age method of a phone call or visit to my local retailer. If this is not an option, perhaps I need to review my need for the product!

    The lazy or anxious consumer may forgive everything, if he can get what he seeks quickly and with minimal pain.

    And this is the real issue. What level of pain is the consumer willing to tolerate for his ‘needs’? Why should he have to monitor his privacy when the site owners should have the same feeling about his privacy that he does? He doesn’t want to be a policy policeman. He has better things to do with his time than to keep track of online retailers who would take advantage of him. The next fancy widget is calling him. Or is it the cry of his hungry child?

    • Madhurima brings up an excellent point. I AM a lawyer practicing, writing and speaking about privacy and – true confession – I don’t read privacy policies very closely at all when I AM transacting for my own benefit (although with research and representation-related matters, I take a very different approach, of course.) Consequently, I believe that standardization of privacy policies would be a great help. People could then find in the policy what is important to them. Those who are concerned should take heart; this is the essence of P3P (Platform for Privacy Preferences), the software ‘solution’ for privacy — at least online privacy (offline is a whole other matter). P3P is being developed by the creators of the internet, W3C, and it is NOT a proprietary product (least mention of it gets edited out here). It is an open standard available to all developers. P3P has its critics and its weaknesses, but it is a start, and hopefully only one of the tools that will be available to consumers who desire privacy protection. Anyone that wants to know more about P3P can easily find more information in any search engine.

      • Some E-commerce sites that do not carry ads can be confident that their practices protect consumers. However, do not forget that every Web site that carries ads receives cookies from ad-serving companies, most of which profile (track) users across sites. These third-party ad servers end up learning plenty about users as they visit even the most careful and privacy-friendly of sites. Even if the information gathered on these sites is not personally identifiable, it is aggregated with info gathered on other sites.

        Some of these third-party ad servers admit to collecting personally identifiable information on some of their other sites, but they then claim that they do not merge names with the info collected on all the sites they serve ads onto.

        One can either believe them or wonder why, if no merging is ever involved, they crowd their data servers with personally identifiable information at all.

        It must be said that even sites with the best intentions cannot guarantee their users protection from the third-party ad servers they work “with”.

  • It’s not that the people are too lazy to protect their own interests. But they perceive the internet as a ‘time reducing medium’ and the privacy policies are ever so long. The main or the differing features should be highlighted for people to read them. The idea is to reduce the time taken to do anything, not lengthen it!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels