Fewer than half of Facebook and Google users understood the sites' privacy policies

A study points to notifying users within applications as an alternative

Most users of Facebook and Google had fundamental gaps in understanding, even after reading privacy policies, about how the websites handled their information and how other Web users could discover it, according to a study released by the digital branding firm Siegel+Gale [cq].

Users understood the privacy policies less well than they did government documents or bank card agreements, the study said. They earned comprehension scores between 35 and 40 out of 100 for both policies. The survey asked just over 400 people to read the companies' policies and then answer questions about them online.

"We forced users to pay attention to this, but even through forcing them to pay attention, they still couldn't understand what was in these privacy policies and were failing to grasp the basic information that was supposed to be communicated," said Brian Rafferty [cq], global director of insight at Siegel+Gale.

The study is hardly the first to find that users are uneasy with how much of their information becomes public through their use of websites and mobile applications. It is among a growing body of research demonstrating the ineffectiveness of privacy policy statements as a way to keep users informed about how their data is used.

After reading the policies, just 23 percent understood that their Google+ profile is visible to anyone online. Just 30 percent knew that even with the strictest privacy settings activated, their Facebook user names remain public.

The study also pointed to problems with Google's efforts earlier this year to notify users that it was consolidating the privacy policies for its diverse services. Less than half of users understood that the company's privacy policy related to their use of YouTube and Google Maps.

A Google spokesman called the company's user education campaign "the most extensive notification effort in Google's history."

The study suggests that informing users within the app or website how their information is being shared is a better way to safeguard privacy.

Justin Brookman [cq], director of the Project on Consumer Privacy at the Center for Democracy and Technology, agreed.

"Privacy policies are not a great way to inform users," he said.

"When I'm trying to figure out a privacy question on Facebook, I go to the help center or FAQs or whatever it is," Brookman said. "I don't ever go to the privacy policy. Same thing with Google."

Brookman pointed out that both Google and Facebook have begun including more intuitive notification methods.

A Google spokesman pointed to those features, and said its "privacy center, published FAQs, Help Center articles, Good to Know website andA in-product notifications help explain what data we collect, how we use it and how people can manage their information."

Facebook has also moved toward including more information about how users' information can be accessed. The company did not respond to a request for comment.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022