A New York Times review of 150 website privacy notices argues there is still work to be done to make privacy disclosures say what the law requires and be an effective tool for the user.

“The vast majority of…privacy policies exceed college reading level… That means a significant chunk of the data collection economy is based on consenting to complicated documents that many Americans can’t understand.”

“Despite efforts like the General Data Protection Regulation to make policies more accessible, there seems to be an intractable tradeoff between a policy’s readability and length. Even policies that are shorter and easier to read can be impenetrable, given the amount of background knowledge required to understand how things like cookies and IP addresses play a role in data collection.”

“As data collection practices become more sophisticated (and invasive), it’s unlikely that privacy policies will become any easier to comprehend. And if states continue to draft their own data protection laws, as California is doing with its Consumer Privacy Act, privacy policies could balloon with location-specific addendums.”

Details from The New York Times.