I guess I'm of two minds on some of this stuff. There is no question that there is a necessity of ensuring that the kinds of choices and policies being put forward are better understood.
Quite candidly, I don't think any of these things are designed to be read, to begin with. Even if we did have better language, the reality is that given the number of sites people visit and interact with, and given the move towards mobile and wireless environments, the notion that people are going to sit and read the privacy policy before they engage in a website every time is unrealistic.
More realistic is to set in place some of the mechanisms, such as “do not track”, to ensure that with the choices people would make, the reasonable person would likely say, “I'm quite comfortable providing you with a certain amount of information”. It may be the case that they are not even aware of the implications of that, but let's take it as a given that a person who uploads a photograph or posts some of their likes or dislikes is doing so with some amount of knowledge it is being used and distributed to whatever circle they may have identified. We have concerns about how that may be misused and aggregated and the rest of it, but there is some amount of knowledge and choice there.
Then there are things around tracking your activity online. As I mentioned, literally all of your political parties have the “like” buttons. They have the tweet buttons to make it easy to retweet. We all like these things because they make it easy for us to tell our network. The reality is that every time you insert that on a website, it actually sends a message back without anything else. As long as you are logged into Facebook or Twitter—whatever the site happens to be—it is sending a message back to Facebook that the person has now visited that website.
I believe that kind of tracking activity goes well beyond the reasonable expectation of what a user expects. I frankly would be suspicious about any kind of plain language that would make it clear enough for a person to say, “Yes, this is what I would like you to do. As long as I happen to have some sort of Facebook widget included on the page, I would like you to track every website that I happen to visit for the next two months”.
We need mechanisms to allow people to opt out of that more readily. We have seen some of those mechanisms, but too many of the large players have been reluctant to do so, because I think it runs counter to some of their business models. That's why there is a role for government to step up to the plate. If they are not willing to self-regulate appropriately, then government is going to do it for them.