[throwaway2048]

I really fail to see how having a privacy policy is any protection against prism or data collections abuse. especially considering 95% of them have clauses that state in effect, "we and our partners can do anything we want with your data".

[hermanhermitage]

The whole 'privacy policy' thing is a an fantasy that simply doesn't exist in international law. Its two words that provide the illusion of following some process of decency without any obligations whatsoever.

[iSimone]

I'm not sure I'm following entirely. I agree that whoever wants to cheat can cheat and deceive their users about the fact that he/she is using personal data in a way that is contrary to privacy laws. That doesn't mean you should not inform users in a proper/legally compliant way, does it?

[hermanhermitage]

Most statements of 'privacy policy' ate usually statements of anti-privacy or retention and sharing policy. A true statement of privacy would demonstrate that no information is recorded in a durable manner and that no information is available for third party inspection. Privacy has a concrete meaning.

[Facens]

That's exactly what we try to avoid, because not only "doing anything we want with users data" is wrong, but also because it's not legal in most countries. Forcing website owners to inform their users precisely, other than being a legal duty, is how you use transparency to to ensure that users' rights are respected. The moment we forget about informing users and pretending to be informed is the same we start forgetting about privacy rights, and that subtly and slowly leads to huge privacy violations like the whole PRISM shame.

I know that we're still selling stuff, but our hope is to do something good along the way, and a world with more privacy information is surely a better one :)