Are They Worth Reading? An In-Depth Analysis of Online Advertising Companies’ Privacy Policies

23 Pages Posted: 1 Apr 2014 Last revised: 18 Jul 2015

See all articles by Lorrie Faith Cranor

Lorrie Faith Cranor

Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology

Candice Hoke

Carnegie Mellon University

Pedro Leon

Carnegie Mellon University

Alyssa Au

University of Pittsburgh

Date Written: March 31, 2014

Abstract

We analyzed the privacy policies of 75 online tracking companies with the goal of assessing whether they contain information relevant for users to make privacy decisions. We compared privacy policies from large companies, companies that are members of self-regulatory organizations, and non-member companies and found that many of them are silent with regard to important consumer-relevant practices including the collection and use of sensitive information and linkage of tracking data with personally-identifiable information. We evaluated these policies against self-regulatory guidelines and found that many policies are not fully compliant. Furthermore, the overly general requirements established in those guidelines allow companies to have compliant practices without providing transparency to users. Few companies disclose their data retention times or offer users the opportunity to access the information collected about them. The lack of consistent terminology to refer to affiliate and non-affiliate partners, and the mix of practices for first-party and third-party contexts make it challenging for users to clearly assess the risks and make meaningful decisions. We discuss options to improve the transparency and usability of online tracking companies' privacy practices.

Keywords: Privacy, online tracking, behavioral advertising, self-regulation, privacy notices, FIPPs

JEL Classification: M37, O38

Suggested Citation

Cranor, Lorrie Faith and Hoke, Candice and Leon, Pedro and Au, Alyssa, Are They Worth Reading? An In-Depth Analysis of Online Advertising Companies’ Privacy Policies (March 31, 2014). 2014 TPRC Conference Paper, Available at SSRN: https://ssrn.com/abstract=2418590 or http://dx.doi.org/10.2139/ssrn.2418590

Lorrie Faith Cranor

Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology ( email )

5000 Forbes Avenue
Pittsburgh, PA 15213
United States

Candice Hoke

Carnegie Mellon University ( email )

Pittsburgh, PA 15213-3890
United States

Pedro Leon (Contact Author)

Carnegie Mellon University ( email )

Pittsburgh, PA 15213-3890
United States

Alyssa Au

University of Pittsburgh ( email )

135 N Bellefield Ave
Pittsburgh, PA 15260
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
550
Abstract Views
2,700
Rank
92,009
PlumX Metrics