Reading the Privacy Policies You Encounter in a Year Would Take 76 Work Days

One simple answer to our privacy problems would be if everyone became maximally informed about how much data was being kept and sold about them. Logically, to do so, you'd have to read all the privacy policies on the websites you visit. A few years ago, two researchers, both then at Carnegie Mellon, decided to calculate how much time it would take to actually read every privacy policy you should.

First, Lorrie Faith Cranor and Aleecia McDonald needed a solid estimate for the average length of a privacy policy. The median length of a privacy policy from the top 75 websites turned out to be 2,514 words. A standard reading rate in the academic literature is about 250 words a minute, so each and every privacy policy costs each person 10 minutes to read.

Next, they had to figure out how many websites, each of which has a different privacy policy, the average American visits. Surprisingly, there was no really good estimate, but working from several sources including their own monthly tallies and other survey research, they came up with a range of between 1,354 and 1,518 with their best estimate sitting at 1,462.

So, each and every Internet user, were they to read every privacy policy on every website they visit would spend 25 days out of the year just reading privacy policies! If it was your job to read privacy policies for 8 hours per day, it would take you 76 work days to complete the task. Nationalized, that's 53.8 BILLION HOURS of time required to read privacy policies.

To put a dollar amount on this massive time suck, Cantor and McDonald followed some standard procedures that the economics literature suggests could be used to calculate the opportunity cost of tasks. First, they split up web surfing between work and home visits. For work visits, they valued the time spent reading privacy policies at two times that worker's wages to take into account overhead and salary. For home visits, they multiplied the time spent reading at home by one-quarter of average wages. (A simpler hours multiplied by wages calculation would yield a higher cost than the one the researchers calculate here.)

The net effect of all this complicated figuring is that the researchers calculated the hypothetical opportunity cost to the nation of actually reading the Internet's privacy policies. The number they came up with is stunning:


That's greater than the GDP of Florida, which has the fourth largest state economy in the US.

It's also worth noting that this calculation was made in 2008, so undoubtedly, the number would be larger today, given the growth of the U.S. Internet population and the number and diversity of websites. Of course, no one is actually going to read all those privacy policies. What that massive number tells us is that the way we deal with privacy is fundamentally broken. The collective weight of the web's data collection practices is so great that no one can maintain a responsible relationship with his or her own data. That's got to change.