>Far more often, it's there to protect the company.
That's pretty much true. And why shouldn't a group try to limit their liability?
>"I have read and agree to the privacy policy," is a coded way of saying, "I have read and agree to waive my claims to privacy, as outlined in the privacy policy."
That's often, but not always true. For example, here's a [sanitized] privacy policy I wrote for a website I set up for a specific (noncommercial) purpose:
"[Site] Privacy Policy
No personal information^ will be stored on the https://www.[site] web server (except as specifically authorized), and every effort will be made to protect the integrity and privacy of such information.
[Site], its management or assignees will never sell personal information collected on this site, nor will they use such information for purposes other than specifically related to the operation of the [Site] website and/or to facilitate the dissemination of information regarding [purpose of site] and other group activities related to [potential users] and other [user purpose] related group activities.
Under no circumstances will street address or telephone number information be stored on the www.[site] by [Site], its management or assignees.
[Site], its management and assignees will never, under any circumstances reveal email addresses, street addresses and/or telephone numbers to anyone without explicit authorization. From time to time, [site] may offer services to allow [potential users] to contact each other. For these services, [Site], its management and assignees makes no warrantee of fitness for any purpose, including maintaining the privacy of users' personal information.
All personal information will be held in confidence and will only used for the purposes of the [potential users] [purpose of site] and official [membership organization] business.
This business includes (but is not limited to) providing personal information for inclusion (by the [membership organization]) in a printed work to be published at a later date. If this published work is then used for illegal and/or nuisance purposes, [Site], its management and assignees disavow any responsibility or liability for the use of that information by third parties for any purpose.
If a subscriber (limited to members of the [potential users]) chooses to share their personal information with other subscribers via any mechanism made available through the [Site] web site, mailing list or other conveyance provided by [Site], its management and assignees disavow any responsibility or liability for the use of that information by third parties for any purpose.
Under no circumstances will [Site], its management or assignees be liable or otherwise legally responsible for the theft, misuse or other unauthorized use of personal information.
Any person or entity registering on, providing contact information, or subscribing to the [Site] web site explicitly agrees to all the terms of this privacy policy.
This policy applies to the www.[Site] web site and the [Purpose of site]@[Site] mailing list.
If any portion of this policy is found, by any competent jurisdiction, to be invalid or unlawful, the remainder of this policy will continue to be in force.
The terms of this policy may be modified at any time at the discretion of [Site]. It is the responsibility of the subscriber to review the terms of this policy on a regular basis. Current versions of this policy can be found at https://www.[site]/privacy.html.
^Personal Information: Data such as street address, email address and telephone number which would enable direct contact with the subject of that information."
It does two specific things:
1. Informs users how their PII will (and will not) be used;
2. Clarifies the liability of those who own/run the site.
Unlike most "privacy" policies, there's nothing underhanded or privacy invading/data stealing involved.
That's pretty much true. And why shouldn't a group try to limit their liability?
>"I have read and agree to the privacy policy," is a coded way of saying, "I have read and agree to waive my claims to privacy, as outlined in the privacy policy."
That's often, but not always true. For example, here's a [sanitized] privacy policy I wrote for a website I set up for a specific (noncommercial) purpose:
"[Site] Privacy Policy
No personal information^ will be stored on the https://www.[site] web server (except as specifically authorized), and every effort will be made to protect the integrity and privacy of such information.
[Site], its management or assignees will never sell personal information collected on this site, nor will they use such information for purposes other than specifically related to the operation of the [Site] website and/or to facilitate the dissemination of information regarding [purpose of site] and other group activities related to [potential users] and other [user purpose] related group activities.
Under no circumstances will street address or telephone number information be stored on the www.[site] by [Site], its management or assignees.
[Site], its management and assignees will never, under any circumstances reveal email addresses, street addresses and/or telephone numbers to anyone without explicit authorization. From time to time, [site] may offer services to allow [potential users] to contact each other. For these services, [Site], its management and assignees makes no warrantee of fitness for any purpose, including maintaining the privacy of users' personal information.
All personal information will be held in confidence and will only used for the purposes of the [potential users] [purpose of site] and official [membership organization] business.
This business includes (but is not limited to) providing personal information for inclusion (by the [membership organization]) in a printed work to be published at a later date. If this published work is then used for illegal and/or nuisance purposes, [Site], its management and assignees disavow any responsibility or liability for the use of that information by third parties for any purpose.
If a subscriber (limited to members of the [potential users]) chooses to share their personal information with other subscribers via any mechanism made available through the [Site] web site, mailing list or other conveyance provided by [Site], its management and assignees disavow any responsibility or liability for the use of that information by third parties for any purpose.
Under no circumstances will [Site], its management or assignees be liable or otherwise legally responsible for the theft, misuse or other unauthorized use of personal information.
Any person or entity registering on, providing contact information, or subscribing to the [Site] web site explicitly agrees to all the terms of this privacy policy.
This policy applies to the www.[Site] web site and the [Purpose of site]@[Site] mailing list.
If any portion of this policy is found, by any competent jurisdiction, to be invalid or unlawful, the remainder of this policy will continue to be in force.
The terms of this policy may be modified at any time at the discretion of [Site]. It is the responsibility of the subscriber to review the terms of this policy on a regular basis. Current versions of this policy can be found at https://www.[site]/privacy.html.
^Personal Information: Data such as street address, email address and telephone number which would enable direct contact with the subject of that information."
It does two specific things:
1. Informs users how their PII will (and will not) be used;
2. Clarifies the liability of those who own/run the site.
Unlike most "privacy" policies, there's nothing underhanded or privacy invading/data stealing involved.
I wish more privacy policies were like that.