Companies, particularly those in the information and communications technology sector, collect, aggregate, and store immense amounts of information about billions of people around the world. Privacy policies represent the primary means through which companies articulate to the public how they manage this user information. Extensive research has documented the problems with such policies, including that they are difficult to understand. This paper presents an analysis of 23 policies from 16 of the world's largest internet and telecommunications companies and shows the specific ways that vague or unclear language hinders comprehension of company practice. It argues that the lack of clarity in such policies presents a significant barrier toward empowering people to make informed choices about which products or services to use. The incoherent language in privacy policies can also hinder the widespread adoption of machine learning or other techniques to analyze such policies. Clearer disclosure from companies about how they use, share, and retain all types of information they collect will shed light on what the life cycle of user information looks like.
Acknowledgement to Ranking Digital Rights for making this paper possible.