It would take up to nine hours to read the privacy policies of the top 20 most visited sites in the U.S. and about 47 hours to comb through the privacy policies of the 96 sites Americans frequently visit every month, according to new research by NordVPN.
Privacy policies are notoriously difficult to read, and their length doesn’t make the task any easier. NordVPN found that the average privacy policy in the U.S. is nearly 7,000 words long and would take over 29 minutes to read.
“Even though we keep reminding users to read the privacy policy, one in three Americans still doesn’t look at any legal information online. However, this is understandable. We would need to spend a quarter of a month visiting the websites we need. A minimum-wage worker in the US would earn around $338.14 during that time,” Adrianus Warmenhoven, a cybersecurity expert at NordVPN, said in a press release.
“On the other hand, reading a privacy policy is as important as having one. That is why companies should work hard to make their privacy policies short and easy to understand. Meanwhile, users should choose trusted websites and know what to look for,” Warmenhoven added.
The Best and Worst Privacy Policies
For this study, NordVPN looked at the privacy policies of the top 20 sites in 19 countries, counting the number of words in each policy and estimating how long it would take to read each one based on the Coleman-Liau Index and Flesch Reading Ease Score (FRES) tests.
NordVPN researchers found that Meta’s Facebook and Instagram had the longest policies with about 19,434 words. Despite their length, these policies are generally easy to read. The privacy policies of X (Twitter), Discord, and Reddit were also very reader-friendly.
While it would take about 82 minutes to read through the privacy policies of Facebook or Instagram, you’ll need just 17 minutes to go through X’s privacy policy (4,175 words).
On the other end of the spectrum, Zoom, Netflix, and Wikipedia don’t have reader-friendly privacy policies.
“Zoom scored particularly poorly on both tests, which is worrying given the privacy concerns that surround the platform. Netflix scored worst on Coleman-Liau, while Wikipedia, known for its minimal data collection, scored surprisingly badly for both readability and length,” NordVPN said.
EU Countries Have ‘Longer’ Privacy Policies
Globally, NordVPN researchers found that reading the privacy policies of the top 20 websites in any country takes over nine hours and up to 43 hours for the 96 websites users frequent each month.
Due to the General Data Protection Regulation (GDPR), European countries generally have more extensive privacy policies. So, while privacy policies in Germany are notably long, they are dramatically shorter in South Korea.
“Countries with more detailed rights (such as EU countries with the GDPR) naturally have longer privacy policies to cover everything included in the laws. This trend also shows the ambivalence of the matter — the broader the rights for privacy, the bigger the responsibility for the consumer,” Warmenhoven noted.
The UK had the most readable privacy policies among the Anglophone countries in the study. And, overall, the Netherlands had the most readable privacy policies, NordVPN said in a blog post on Monday.
How to Read Privacy Policies
While having more easily digestible privacy policies would certainly help Americans’ privacy knowledge — which a 2022 survey showed was lacking — the onus is on consumers to read the privacy policy of a company before using their products or services.
To make this task easier, NordVPN recommends focusing on sections detailing what type of data the company collects from users. Watch out for keywords like “sell,” “partners,” and “affiliates,” and be cautious of ambiguous phrases like “may” or “for example” that might hint at potential data misuse.
For more tips, check out our guide to the twenty most difficult-to-read privacy policies.
For more news, follow us on X (Twitter), Threads, and Mastodon!
