3
June
2024

How a free bottle of wine highlighted that no one reads privacy policies

Instead of listing every possible purpose for using personal data, perhaps a better approach would be to focus on key issues and risks, such as informing data subjects if their data is shared with any third parties or if it’s transferred abroad.

Alena Makarevich | CORPORATE AND COMMERCIAL ASSOCIATE

Following reports that a business hid a free bottle of wine offer in the privacy policy on their website just to prove that no one reads terms and conditions, Alena Makarevich, Commercial Lawyer at Primas Law shares her thoughts on whether data protection laws may be outdated. 

Tax Policy Associates, an independent tax policy think tank, included an offer of a ‘free bottle of wine’ within the full privacy policy displayed on their website in February as an experiment to test if anyone would actually read it. The prize went unclaimed until May, proving the point of Founder Dan Neidle, who came up with the idea, that indeed ‘no one’ reads the T&Cs on the company’s website. 

Alena shares how whilst the experiment pokes fun at seemingly bureaucratic nature of privacy policies, the importance of data use transparency is no laughing matter. She suggests that clearer guidelines for companies as well as a balance between transparency and the amount of information included in privacy policies may be welcome by businesses and customers alike.  

“The fact that it took so long for anyone to claim the free wine shows that privacy policies may not be serving their intended purpose” Alena explains.  

“Every business that collects personal data has to have a privacy policy in place under the UK privacy laws, whether you’re a social media giant that collects extensive amounts of personal data or a small online consultancy that simply collects their customer details for service provision.  

“While the bottle of wine experiment proves a point, and pokes fun at a seemingly bureaucratic nature of privacy policies, it’s crucial that businesses don’t overlook a key aspect of the law, which is transparency around how businesses use customer data. Personal data is highly valuable to businesses and can easily be misused. 

“The concept of transparency is important and cannot be overlooked. It allows data subjects (customers) to make informed decisions about their privacy, builds trust between consumers and businesses and makes organisations accountable for their data use practices.  

“However, as the bottle of wine experiment shows, having a long and comprehensive privacy policy may be counterproductive in promoting transparency.  

“Current legislation requires businesses to inform data subjects of all the purposes for which they use the data, which often results in lengthy privacy policies. This can make navigating the process of implementing and maintaining a compliant policy feel time consuming and expensive for many businesses. 

“The long list of use purposes within a privacy policy currently needs to include all the ways in which data is used, some of which will be obvious when you request products or services from a company, such as using data to register you as a new customer, process your order, etc. There seems to be little benefit of overloading privacy policies with this information as most data subjects won’t mind, and in fact, expect that their data will be used for general business purposes.  

“The sheer size of privacy policies and the amount of detail that goes in there rarely attracts a reader. There’s a need for balance between transparency and conciseness. A shorter and more focused policy that clearly informs data subjects about how their data is used without overwhelming them might be a solution. A more streamlined policy could also reduce business costs.  

“Instead of listing every possible purpose for using personal data, perhaps a better approach would be to focus on key issues and risks, such as informing data subjects if their data is shared with any third parties or if it’s transferred abroad. 

“Some reform in that area and clearer guidelines may indeed be welcome by business and customers alike. Currently the same guidelines apply to businesses of all types and sizes. Businesses who process larger volumes of data are more likely to want to commercialise their data by selling it to third parties, so the risk of that data being misused is higher where large volumes of data are being handled. Clearer guidelines that are based on the amount of personal data that businesses process would likely help to streamline compliance.  

Alena Makarevich is a Corporate and Commercial Associate at Primas Law, an award-winning UK law firm.  For more advice on terms and conditions guidelines, visit the Primas website. 

Share this