red arrow pointing right
Back to insights

No One Reads Privacy Policies—Here's How to Create a Reader-Friendly One

August 2021
August 2021

When the Internet first arrived, no one expected that personal data would be the most in-demand commodity. Fast forward to several decades later, where the world now revolves around and relies on the Internet for its economic and social activities. It’s so difficult to avoid the Internet since it has become a necessity for most things, like work and school. Due to its ubiquity, it has also led to the rising concern of data privacy.

Privacy lawyer Rahul Matthan recently noted that “Consent is cumbersome to obtain, and so privacy policies are drafted in the widest possible language to give companies considerable leeway in third-party data transfers […] there is no need for them to ever seek our consent again.” He then goes on to say that consent “no longer effectively protects personal privacy in our present data-rich world.” Privacy policies are so lengthy and purposely vague that your average Internet user never reads them, creating an endless list of problems.

Why People Don’t Want to Read Privacy Policies

There are billions of smartphone users with an average of 60 apps, which means they’ve more than likely agreed to most of these apps’ privacy policies without actually reading them. These notices are often incredibly long and full of complicated jargon, which is why it’s so cumbersome to take time out of a busy day to read a lengthy, convoluted legal text.

In fact, Deloitte surveyed 2,000 customers and found that 91 per cent of people agree to legal terms and conditions without even reading them. The percentage is even higher in those aged 18 to 34 at 97 per cent. Thanks to the European Union’s General Data Protection Regulation, there are incessant cookie notices on websites that people click through out of habit because they’re more concerned about accessing the website they want to see. Even if someone wanted to be meticulous about their data, research suggests that it would take 76 workdays to read all the privacy policies they run across while using the Internet for a year.

The Challenges of Writing Better Privacy Policies

The difficulty of reading privacy policies is well-known. Some have advocated for providing more accessible ways of giving notice and acquiring consent while abiding by data compliance laws, like simplified language or “just in time” consent prompted at the point of information collection. Even though they have noble intentions, they often aren’t successful at drawing customer attention. They interrupt the process of getting information, entertainment, or completing transactions with as little disruption as possible.

How to Create a More Readable Privacy Policy

Still, that doesn’t mean it’s impossible to create a reader-friendly privacy policy. You can first start by organising the policy and creating a table of contents and hyperlinks that direct the reader to each section, including definitions of technical terms. That way, your users don’t have to go on an Easter egg hunt to look for pertinent information regarding a particular area.

Then, write a summary section for the most critical parts, specifically those that concern your use of their information and cookies. This is also the law in many jurisdictions, so it’s best to include this in your policy anyway.

Keep your language as simple as possible. It can be challenging to avoid using some terms since certain concepts and topics in privacy are innately complex, but it is possible to explain what they mean in layman’s terms. You’ll also want to work with a lawyer or data privacy consultancy to ensure that you didn’t dilute the meaning in the process. Your users will also appreciate it when you are as specific as possible in your privacy policy instead of being vague. Otherwise, they’ll feel betrayed and deceived if you do something they didn’t realise was covered by the vague wording.


Privacy policies have received much scrutiny over the last few years due to increasing (and valid) concerns about data compliance and privacy. By crafting more accessible and readable notices, you’ll ensure compliance while earning your users’ trust and appreciation.

Scaramanga is a data privacy consultancy specialising in data protection solutions, information security, and compliance consulting. Our experienced team of lawyers, engineers, information security and compliance specialists provide our clients with effective and rapid support to meet their needs. Book a consultation today!