Even as regulators push tech giants such as Facebook Inc. and Google (Alphabet Inc.) to rehaul their data privacy policies, consumers remain poorly informed about such policies, a new National Institute of Public Finance and Policy study by Rishab Bailey and others show.

The study finds that while data privacy policies are disclosed to consumers, these are often poorly drafted, ambiguous, and incomprehensible. The study evaluates the quality of privacy policies of five popular online services in India—WhatsApp, Google (including the search engine and other services such as Gmail and YouTube), Uber, Flipkart, and Paytm—from the perspective of easy accessibility, readability, and comprehensibility. All the five online service providers fared low on these scores. Policy documents of Uber and Google score particularly low in terms of ease of reading.

The authors also conducted a privacy policy quiz across college campuses in and around New Delhi. On an average, respondents were able to answer only five of 10 questions asked. The respondents fared the worst on policies that had the most unspecified terms and on policies that were long. Respondents were also unable to understand terms such as “third-party", “affiliate", and “business partner".

While the study does not capture changes that may have taken effect after the European General Data Protection Regulation (GDPR) came into force, it helps us understand the limitations of the “notice and consent" framework of data privacy laws.

READ | Disclosures in privacy policies: Does “notice and consent" work?

Close