It's a common problem – the information that has to be provided to consumers about data privacy and the contractual terms they are signing up to is long and detailed. But individuals use many different products and services. Reviewing and understanding long documents for each is too time-consuming for most. So the all too common response is to simply tick the box to say that the user has read and understood the terms or privacy notice without actually doing so. That leaves businesses in the awkward position of relying on consumer acknowledgements that don't reflect reality – and potentially exposed to a risk of not having properly informed their customers.
As part of the Government's Modernising Consumer Markets project, the Behavioural Insights Team has produced a Best practice guide on how to get your contractual terms and privacy policies across more effectively. Importantly, the guide is evidence based. Rather than working on the basis of assumptions about what methods will be effective, the BIT reviewed existing evidence and did their own randomised testing to assess the different approaches. Participants were asked to look at the material presented in different ways, and answer comprehension questions to assess how well they had understood it.
The techniques found to be most effective included:
- displaying key terms as frequently asked questions
- using icons to illustrate key terms
- showing terms in a scrollable text box rather than requiring a click to view
- providing information in chunks at the right time
- using illustrations and comic strips
- informing customers how long it will take to read
- telling customers when it is the last chance to read before they commit.
What is perhaps more surprising is the list of methods that were not found to work. Use of emojis came out badly, as did shortened versions and simpler language. The “layering” approach, where a summary is presented with a hyperlink to the full explanation, was not found to be effective. Interesting, when this approach is recommended by data protection regulators like the European Data Protection Board as a way of explaining privacy policies to individuals.
The guide is not the last word on the subject, but the evidence-based approach used to support the recommendations is welcome. For those designing customer information material, and particularly information in a digital or online context, it is well worth a read.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.