About the study
NordVPN studied the privacy policies of the 20 most popular websites in 19 countries, including the UK, Canada, Australia, and the US. We found out how long it takes to read these privacy policies and how complicated they are.
Everyone should read the privacy policy upon visiting a website or before creating an account to make their online life more secure. Sadly, skipping over a lengthy and convoluted privacy policy is very tempting, and many people do so.
Our goal is to raise awareness about privacy policies by sharing our findings and to help internet users read them without spending a shocking amount of time or missing the parts that indicate malicious use of their personal information.
What do the UK results show?
Our study shows that UK privacy policies are the longest among the English-speaking countries studied. The average privacy policy in the UK consists of 7,774 words. A person reads approximately 238 words per minute, which means it would take a little over 32 minutes to read an average privacy policy.
Reading all the privacy policies of the top 20 most visited UK websites would take over ten hours. Likewise, reading the privacy policies of the 96 websites a person typically visits in a month would take much longer than a full workweek — 52.3 hours. If you spent this time working for a local minimum wage, you would earn approximately 745.82 USD or 610 GBP.
Here is how long it would take to read the privacy policies of the websites people visit a month and how much you could earn in that time in different countries:
Which privacy policies were the most complicated and which were the most reader-friendly?
We used two scales — the Coleman-Liau Index and Flesch Reading Ease Score (FRES) — to measure and evaluate the readability of the privacy policies. Despite having the longest privacy policies compared to other Anglophone countries analyzed, the UK takes the lead in terms of readability by both FRES and Coleman-Liau measures.
The privacy policy of the BBC did exceptionally well in the FRES test with its “plain English” reading level, understandable by early-mid teenagers. BBC also took the lead on the Coleman-Liau scale, with the privacy policy of The Guardian a close second.
Netflix did the worst out of the 20 privacy policies we examined in terms of readability on the Coleman-Liau scale, with XVIDEOS not far behind. eBay scored lowest on the FRES scale, while Netflix did only a little better.
Overview of the global insights
The average privacy policy out of the 20 analyzed worldwide was 6,461 words long, taking a little over 27 minutes to read. This means that reading all the top 20 websites’ privacy policies for a given country would take a little over nine hours. Each month, users visit around 96 different websites, so globally it would take around 43 hours to read a month’s worth of policies.
The study revealed some interesting differences between countries and their respective privacy policies:
- European countries have more comprehensive privacy policies than other regions. Due to the General Data Protection Regulation (GDPR), the privacy policies in European countries are generally longer. For example, eBay suggests it takes 15 minutes to read their privacy policy, but it could take well over an hour in a region covered by the GDPR.
- The longest in almost all countries were Facebook and/or Instagram privacy policies.
- Germany had the longest policies, while South Korea had the shortest ones. Our research shows that reading all 96 websites internet users visit in a month in these countries would take 70 hours (Germany) and 31 (South Korea) respectively.
- Generally, readability was very poor. Most FRES scores were in the “difficult” (college-level) reading level bracket, while many were only readable by graduates.
- Overall, in the Netherlands the privacy policies were the most readable, including some translations.
- UK policies were the most readable in Anglophone countries by FRES and Coleman-Liau measures.
Here is how long it would take to read the privacy policies of the top 20 websites in different countries:
NordVPN’s tips on reading a privacy policy
As our study shows, carefully reading each privacy policy from the beginning to the end would take a surprising amount of time. No wonder many users skip this step, risking their privacy. So here are a few tips on how to read privacy policies quickly and easily:
- See what data the website collects. The data the website collects from its users is usually covered in the beginning of most privacy policies, so read it carefully. If a website requires data that does not seem relevant to their services, treat it as a warning sign.
- Check for “red flag” keywords. Try searching the policy document for keywords like “sell” and “sold,” indicating that your data may be sold to third parties. Also look for words like “partners,” “affiliates,” and “third parties” with whom your data might be shared or sold to. Lastly, look for words “may” and “for example,” because they might give away the website’s malicious intent regarding its users’ data (as in “might analyze your content, for example, your emails”).
- Visit reliable websites. You can minimize the risk of having your information misused by visiting verified, reputable websites. Try to avoid new and sketchy-looking websites, especially those that don’t have a privacy policy.
Methodology
We examined the privacy policies of 20 sites from 19 countries. These policies were either in English or machine-translated into English where English was not the original language. By calculating the number of words in a policy, we estimated how long it would take to read it. Then we evaluated the understandability of each policy using the FRES and Coleman-Liau readability tests.
Like what you’re reading?
Get the latest stories and announcements from NordVPN
We won’t spam and you will always have the choice to unsubscribe