76 business days. That's how long Time Magazine found it'd take the average person to read every privacy policy that impacts them. And that was in 2012.

As marketers, we're supposed to be reaching audiences with content written at a 7th grade level, right? We hear that often.

So why do we expect that the people visiting our websites should be able to sort through the legalese that is our privacy policy?

Beyond whether that's the "right" thing to do, the stats tell us that brands leaning into explaining how data is used are experiencing strong ROI gains.

That said, what if your privacy policy was treated like a source for building trust with your audiences?

Here are some ideas on how you can do that. 

Think about the user experience

If you don't know what a sentence means when you read it, your audience doesn't either. Think creatively about how you can make this easier. If your legal team feels strongly about keeping dense language in, that's their prerogative. Yours, as a marketer, is to make suggestions about how you can add to the experience to make it digestible.

• Add definitions for each section breaking down what a person is reading. Add something like a Too Long Didn't Read section so you're A) well-protected reputationally if your audience raises concerns later, and B) you assert that you care about your audience's understanding.
• Add visual components to make reading easier. Use your design chops to think about how you can break content up into blocks, add imagery, or discern between content and terms using colors. If you're telling audiences how they can opt out of certain marketing or targeting practices, include screenshots. Apply the same best practices you would in any other area of your site to ensure both brand consistency and credibility.

Keep your policy actually read-able

On average, according to The New York Times, it takes 18 minutes to read a single privacy policy. And it's getting worse all the time: Google's privacy policy took 2 minutes to read in 1999; today, it takes 30 minutes based on its increasingly complicated data practices. Apply content writing best practices to make the policy more legible.

• Keep it short. See the BBC's: “We have to have a valid reason to use your personal information. It's called the ‘lawful basis for processing.’ Sometimes we might ask your permission to do things, like when you subscribe to an email. Other times, when you'd reasonably expect us to use your personal information, we don't ask your permission, but only when: the law says it's fine to use it, and it fits with the rights you have.” [This policy could go one step further by linking out to which laws they're referencing.]
• Avoid negative compounds. A common example is “We do not share information unless . . .” Instead, companies should write sentences such as “We only share information if . . .”
• Avoid jargon and keep sentences legible. Aim for 20-25 words per sentence to stay at the fabled 7th-grade reading level.

Provide resources for further learning

If you don't have the internal resources for building robust data privacy literature, that's understandable -- but there are plenty of organizations that do, and you can provide links to their work. My favorites include Common Sense Media, the National Cybersecurity Alliance, and Forrester.

Be a human

Again, when in doubt, assume that the average person isn't as versed in legal and marketing topics as you are. Explain what you're talking about, give options for further education, and make opt-outs easy. As a baseline, always ask yourself if the way you're writing is assuming consent or explicitly asking for it. If the former, start again.

---

Need support in implementing these tips? 

>> Book 1:1 help to formulate your action plan or discuss a strategic objective.

>> Contact me about ongoing support with brand positioning, data privacy literacy, and acquisition planning.