The recent Facebook privacy scandal involving Cambridge Analytica highlighted the fact that most people do not understand the privacy policies to which they have agreed.  Millions of people had their data reused in ways in which they likely had not intended for it to be used. The issue of incomprehensible privacy policies is even greater when the data are highly sensitive, as is the case with many forms of health-related data. When people do not understand the privacy policies presented to them, they cannot make educated decisions in which the benefits and risks of sharing personal information are appropriately weighed.
In a recent article published in JMIR: mHealth and uHealth, Preeti Singh, John Torous, and I explored the complexity of privacy policies of Indian apps for mental health and compared their complexity to the privacy policies of apps intended to address a physical ailment prevalent in India; diabetes. After analyzing the privacy policies of 41 Indian apps related to diabetes and 29 Indian apps related to mental health using 15 different readability measures, we concluded that there were no significant differences in the readability of the privacy policies for the two types of apps. Nonetheless, both types of apps typically had privacy policies that would present a challenge to users. The privacy policies of diabetes apps had a mean length of 1,875 words and those of mental health apps had a mean length of 2,421 words. Thus, reading one of the privacy policies would take about as long as reading an academic article! To make matters worse, the privacy policies were on average written at a college reading level. Because most people in both India and the United States do not have a college education, this is a significant barrier to general understanding. [5, 6]
The current state of affairs makes it difficult for app users to safeguard their privacy. In order to empower people using apps to protect their privacy, app developers can be encouraged to produce brief, clear privacy policies which can realistically be read and understood by the majority of people. The GNU General Public License is one example of the type of uniform policy that can be implemented to spare users the effort of reading unique, lengthy privacy policies for each digital tool that they use. Alternatively, legal regulations can protect the public from potentially harmful uses of data. Working along these lines, the European Union implemented the General Data Protection Regulation (GDPR) in 2018 and is developing an ePrivacy Regulation (ePR).
 Granville K. Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens. The New York Times. 2018. [cited 3 May 2018] https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html. [Link]
 India’s Supreme Court rules privacy is a fundamental right [Internet]. AP News. 2017 [cited 24 September 2017]. Available from: https://apnews.com/12c1222843d24573a74388c3f68d1f69 [Link]
 Seeman N, Tang S, Brown AD, Ing A. World survey of mental illness stigma. Journal of affective disorders. 2016 Jan 15;190:115-21.
 Powell A, Singh P, Torous J. The Complexity of Mental Health App Privacy Policies: A Potential Barrier to Privacy. JMIR Mhealth Uhealth. Journal of Medical Internet Research. 2018 July; 6(7), e158
 Office of the Registrar General & Census Commissioner [Internet]. Census of India Website. 2017 [cited 24 September 2017]. Available from: http://www.censusindia.gov.in/2011census/C-series/C08.html [Link]
 American FactFinder. United States Census Bureau. 2017 [cited 24 September 2017]. Available from: https://factfinder.census.gov/faces/tableservices/jsf/pages/productview.xhtml?pid=ACS_15_5YR_S1501&src=pt [Link]