How many words are behind the little 'I accept' box on that website's privacy policy? And how many minutes would it take to tweak your privacy settings on every app and website you use?

A new report from the Consumer Policy Research Centre (CPRC) has assessed the time it takes to control your privacy. They found that, on average, Australians would have to spend 30 minutes each day adjusting privacy settings on websites and apps instead of accepting the default settings. 

In addition, it would take an average of 14 hours to read through all the privacy policies encountered in one day.

Australia vs Europe

To contrast the privacy environment in different jurisdictions, the report looked at the experience of eight Australians and one European to measure the privacy policies and settings encountered in a 24-hour period. Participants timed how long it took them to find and change the privacy settings on each website or app they used.

EU protections and privacy are far stronger than here in Australia

Deputy CEO and digital policy director, CPRC, Chandni Gupta

The Australian participants recorded that it took an average of two minutes for each unique website or app, with some platforms taking up to ten minutes. While the European participant spent an average of only three seconds managing their privacy settings.

"EU protections and privacy are far stronger than here in Australia," says Chandni Gupta, deputy CEO and digital policy director of the CPRC.

Navigating privacy settings

The Australian participants said that in 45% of their interactions it was difficult to manage their privacy settings. The hardest platforms to manage were health, wellbeing and lifestyle apps, with users finding these either difficult or very difficult 80% of the time.

"It's really hard to find where particular privacy managing screens are," says Gupta. 

This can be because of so-called 'deceptive design' features and trick questions that made participants unsure about what data they're sharing.

Deceptive designs are features such as pre-ticked boxes, smaller font sizes or trick questions intended to steer users into clicking and agreeing to things they might otherwise not. 

Participants found that 37% of websites and apps had no option to adjust their privacy settings at all.

37% of websites and apps had no option to adjust their privacy settings at all

The study also measured the length of each privacy policy encountered in the 24-hour period. The average word count was 13,323, which would take about 56 minutes to read.

The longest privacy policy found in the study was Microsoft's, which runs to over 90,000 words – the length of an average novel.

Do we have options?

Often a company's privacy policy or terms and conditions require you to accept in order to access their product or service. "Our privacy protections are built on notification and consent and very much on a take it or leave it approach," says Gupta

The mental load is currently on you as an individual to navigate your privacy and to stay safe

Gupta CPRC

Consequently, Australians don't feel they have control over their personal data. A previous report from the CPRC found that only 7% of people feel companies give them real choices to protect their privacy online.

What needs to change?

There's a mismatch between community expectations and what privacy policies are providing, says Gupta.

"The mental load is currently on you as an individual to navigate your privacy and to stay safe, as opposed to that accountability being on businesses who are profiting from that data."

The CPRC is calling for a number of privacy reforms to account for "consumer burden". These include adopting a "fair and reasonable approach to data collection". This would require companies to be accountable for what they're collecting, sharing, and selling.

They are also calling for "genuine privacy by default" so consumers no longer have to opt-out of harmful practices, and to empower the regulator to ban or restrict them.

Consumers shouldn't be forced to consent to their own privacy harms

CHOICE senior campaigns and policy advisor Rafi Alam 

The federal government is currently deliberating on reforms to the Privacy Act, with a bill expected to be introduced into parliament later this year. CHOICE senior campaigns and policy advisor Rafi Alam says privacy reform in Australia is long overdue. 

"It's unacceptable that people in this country have to jump through hoops to get the slightest control over their own personal information, and even then are still vulnerable to data breaches, price discrimination, and manipulative marketing. Consumers shouldn't be forced to consent to their own privacy harms," says Alam. 

"Fortunately, the government has committed to big changes to our privacy laws that can reset the power balance between businesses and consumers, and modernise Australia's data economy to reach the standards being set overseas."

Stock images: Getty, unless otherwise stated.

Join the conversation

To share your thoughts or ask a question, visit the CHOICE Community forum.

Visit CHOICE Community