Privacy: Reading contracts from most read websites takes 40h – 10/25/2023 – Tech

Brazilians would spend almost a working week (39.5 hours) if they decided to read the privacy policies of the 96 most visited websites in the country. The data was collected by the internet security company NordVPN.

In force since 2020, the LGPD (General Data Protection Law) made it mandatory for websites to inform the intention with which they collect data and who is responsible for the service.

Furthermore, the use of information must observe good faith and respect criteria of purpose, suitability, necessity, free access, transparency, security, prevention and non-discrimination.

The size and density of contracts relating to privacy, however, may make consumer understanding unfeasible, according to lawyers consulted by Sheet.

User acceptance of the privacy policy guarantees companies legal security in possible cases of legal action, due to accusations of disrespect for the LGPD or the Consumer Protection Code (CDC).

To arrive at the number of hours spent reading privacy policies, NordVPN examined documents from 96 websites in 19 countries — the pages were chosen in order of audience.

Brazil has the ninth highest reading time, behind countries such as South Korea, Japan and Mexico, but ahead of the USA, France and Germany. In the latter country, where personal data protection laws are stricter, reading time can reach 70 hours.

In almost all countries, Meta’s platforms —Facebook and Instagram— showed the highest reading time and number of words (19,434). The usage policy for these social networks takes 82 minutes to read, according to NordVPN.

On the other hand, Meta’s texts obtained the best results in terms of readability, tied with X (formerly Twitter). NordVPN used internationally adopted comprehension tests to make this assessment.

The former Twitter achieved the same level of readability with much fewer words: 4,175, possible to read in 17 minutes. The average time between all privacy policies evaluated in Brazil was almost 25 minutes, with 5,880 words.

Twitter requests less data than Instagram. It does not ask, for example, for access to health information, files and documents, and a calendar. Furthermore, it does not take data to other social media platforms, in integrations, as occurs between Facebook and Instagram, for example. Therefore, you need to give less explanations.

Until the end of last year, Twitter made available a computer game to present its data processing policy, Twitter Data Dash, in an educational effort. The initiative was discontinued by the current owner of the social network, Elon Musk.

Questioned by Sheet, Meta responded that it would not comment on the research. The company states, however, that it has alternative ways of disclosing its privacy policy, through a checkup and a privacy center with the possibility of searching.

Wanted by Sheet via email, X (former Twitter) sent an automatic response saying he was busy. The company no longer has press representation in Brazil, after being purchased by Elon Musk at the end of 2022.

For technology lawyer Flavia Amaral, the size of the documents is a result of the requirements of data protection law. “The extension of the contract is not a problem, as long as it covers everything requested objectively. The more information for the user, the better.”

As the ANPD (National Data Protection Agency) has not determined guidelines for the presentation of documents relating to data processing, companies are free to disclose them in any way they consider best. Using images and highlighting key points can make reading easier.

Despite the challenge of reading these documents in full, users can look for key points such as what data is collected, what is the purpose of its use and whether it is delivered to third parties. Another option is to seek information from the press or entities that work with cybersecurity.

Traveling through trusted websites also prevents data leaks.

Businesses can also adopt good practices to guarantee transparency to the user, as determined by the General Data Protection Law and the Marco Civil da Internet.

Therefore, experts recommend that companies:

• Be objective when writing your privacy policy
• Highlight collected data
• Show how these will be handled and who will be responsible
• Specify security standards implemented by the company
• Check whether the sector in which you operate requires specific law