From the bill itself:
While it's true people often skip over lengthy policy documents because they're lengthy, limiting the amount of words may do more harm than expected, by shackling and curbing just what developers and creators can tell consumers. And, long or short, people are going to skip disclosure policies.
That's not the issue with which we should be concerned. Our concerns should lie in just what personal data our feudal lords are sharing with third parties and what kind of data retention policies they're practicing. That's the inherent problem with our security. Not how long the text of the policy is.
Jim Fenton, the chief security officer of digital identity service OneID, says the data-use issue is the real problem with the bill, which "doesn't include information about how the recipient of the data may use it and how long any of the personally identifiable information may be kept."
Higgins isn't the only one in the space who remains unconvinced.
CA legislator thinks privacy policies should be <100 words j.mp/Xu7Hvw Why not set cap at 140 characters so they're tweetable?— Eric Goldman (@ericgoldman) February 9, 2013
"This proposal is a bad joke, though it's not very funny," added Eric Goldman, an Internet law professor at Santa Clara University's School of Law.
Brian Draves, OneID's general counsel offers another option to improving the legislation. He posits that "a better solution would be to enforce a set of required disclosures at the beginning of each policies." Draves thinks this notification would be easier to understand for consumers than limiting text to word counts.
"Our goal is to engage the public by creating a dialogue," Chau wrote in an email to ReadWrite, encouraging interested parties to visit the Assemblyman's website. Such dialogue could improve this bill, or lay the foundation for something better down the road.
Image courtesy of Shutterstock