[Silhouette]

One way to do this would be to have privacy standards. EU PP0, PP1, PP2, etc., that would conform to particular uses of one's data.

Or at least have those as standardised starting points that cover the routine points that will be the same for 90% of data processing operations, so you only have to specify additional detail for things that might be unusual or surprising.

If you look at the template privacy policy that SpicyLemonZest linked to, a large proportion of it is boilerplate that covers either reasonable and normally expected data processing or standard notifications required under the GDPR etc. Repeating that more-or-less verbatim on every website someone visits today doesn't help either that person or those websites.

It would simplify things greatly if instead of all that boilerplate, a short list of one-liners is all you need to state if you're only performing normal data processing for common purposes, as defined by official privacy standards along the lines pbhjpbhj suggests but perhaps specific to each common purpose. Then you only need to elaborate on anything unusual or particularly sensitive, and anyone interested in how you're processing data about them can quickly identify such cases (or verify that there aren't any and they don't have anything to worry about).