How Transparent are Corporate Privacy Statements?

Fergal McGovern

CEO & Founder

3 min read
A plant, earphones, phone, pencil and glasses on a table.

Corporate Privacy Statements are under more scrutiny than ever, especially in light of recent revelations about the NSA’s PRISM surveillance system.

In fact, many companies are so concerned about reputational damage, they have issued specific statements about consumer privacy and transparency, including GoogleFacebookMicrosoft and Apple.

Now, if you want to find out what type of information companies collect about you and how they use it, you need to look deep inside their corporate privacy statement.

Yet, these statements can be completely non-transparent.

By non-transparent, we mean peppered with overly complex and hard-to-understand language. The upshot is that the average consumer may not realize fully how their private data is used.

So, we looked at the complexity levels in online corporate privacy statements for 5 leading brands (4 of the 5 are banks). We analyzed them with VisibleThread. The question comes down to whether brands want to make it easy for consumers to understand how they use data. The results were revealing.

For example, measuring the amount of dense language (measured as the proportion of long sentences or passive voice) tells you how understandable the policy is. Equally, well-known readability measures such as the Flesch Reading Ease Index highlight complex language.

We scanned these Privacy Statements:

We analyzed the publicly available privacy statement on each site. Most sites had a single page privacy policy (4 out of our sample of 5). The exception was JP Morgan. They split out their cookie policy to a different page here. So we threw that into the mix also.

The results were:

Privacy statements' readability.

Interestingly, some brands that you assume would be quite transparent (e.g. Apple) didn’t actually have a very readable privacy policy. In fact, it is more complex than all of the financial institutions!

On the other hand, Ally came out on top in our little experiment. Similar to Rabobank in Europe, Ally puts strong emphasis on brand values that emphasize ‘clear talking’ and a ‘trust us’/’no nonsense’ tone in their communications.

Some observations:

  1. Policy Length – number of words – US Banks privacy statement has over 11 pages worth of text (3365 words to be exact). A typical printed page contains 300 words. That’s an awful lot of content to digest.

  2. % Long Sentences – The Long Sentence percentage is a particular worry. In this analysis, long sentences contain over 15 words. We recommend aiming for 5% or less in your web copy. All of the corporate privacy statements sampled had between 3 to 9 times the recommended amount of 5%. With web content, people scan and move away quickly. The copy of the brands we scanned is consistently long. The net effect is that the message is likely to not be transparent and may confuse the consumer.For example, here is an example sentence that VisibleThread picked up from the Apple corporate privacy statement:

    For other personal information, we make good faith efforts to provide you with access so you can request that we correct the data if it is inaccurate or delete the data if Apple is not required to retain it by law or for legitimate business purposes”.

    Light Blue – long sentence
    Maroon – passive voice

    Have a read of it. You might need a double take. When we did a mini-test around the office, well let’s just say there was some debate as to what the exact meaning was. That single paragraph is cloaked in a long complex sentences with a modest sprinkling of passive voice.

  3. Average Sentence Length – The result is not good, ranging from an average of 15 (Citibank) to 20 (US Bank) words per sentence. Just like long sentences, when your average sentence is long, the reader may find it harder to understand.

  4. Passive Voice – Passive sentences can mask information. In the analysis, the results ranged between 9% for Ally (could do better) to a pretty bad 17% for JP Morgan (pretty bad). The passive voice percentage should be much lower. In fact some would argue when dealing with critical obligations and accountability, it should be as close to 0% as possible.

  5. Readability – The Flesch readability index measures copy readability. A score of 20 – 35 indicates the content has a poor readability score. It means the reviewer must possess at least an advanced degree to understand the corporate privacy statement. As a result, the content is likely to be inaccessible and not transparent when skimmed by the average consumer. For more transparent and less confusing copy, aim for a score of 50 or above.


  • In light of PRISM, consumers need to understand what data companies collect and how they use it.

  • Complex privacy statements make it hard to digest and make them non-transparent.

  • When we looked at online corporate privacy statements, it looks like many brands have real issues with complexity and transparency in their copy.

  • If a corporate privacy statement is complex and hard to understand you will frustrate your customers and may lose them. It will not help your brand image especially if your brand ethos is customer-focused.


Book a Demo