We all know no one reads privacy policies. What do the top websites really include in them? In its mission to get anonymous public data, The Common Data Project a New York City-based non-profit, is on a mission to eliminate the barriers that privacy policies pose.

In a new report, they analyzed ten of the most popular Web properties on the Internet, and several more emerging ones. Here’s how what they put in their policies affects your privacy, and how other enterprises can imitate their best practices.

Regardless of any similarities or differences within policies, one thing is absolutely clear: tons of data is being collected about you, though some of it may already be incidental enough to be private (such as the popularity of search terms).

Privacy is certainly not an issue limited to the Web, but it facilitates the nearly limitless ability to gather data by the boatload. The question at this point isn’t if companies will acquire your data. It’s what they’ll do with it.

Policies Analyzed

The 15 privacy policies studied encompasses both some of the biggest online portals and retailers, non-profits, and scrappy startups. The full list includes: Google, Yahoo!, Wikipedia, Microsoft, AOL, Amazon, eBay, Facebook, Craigslist, Photobucket, NYT, WebMD, Ask, Cuil, and Ixquick.

Common Themes

Out of the analysis, Common Data Project asked seven pointed questions about what companies will or won’t do. Here are some of the red flags found in existing privacy policies.

Private Data Not Covered By Policy

Yes, that’s right. In some policies, there is data collected through sites and services but not covered within the legal terms of any binding privacy policy. An example of this is the way third party advertisers will handle your data. In other words, any data collected by outside advertisers on a particular site isn’t protected.

Vague Definitions

Many top websites do a poor job of defining just what is and is not personal information. Even data crucial to legal matters, such as IP addresses, may not be included under their particular description.

Data Retention

Some of the biggest changes to privacy policies in the last year or so have been in how data is retained. Yahoo! and Google do not promise to delete your data at any time, even if you delete an account, but will anonymize it after several months.

It may not be much of a surprise from a business perspective, since giving up even anonymous data would be a huge loss to companies built around manipulating and presenting information. But crystal clear understandings of just how your data will be made anonymous is key.

Consumer Choice

One of the most promising areas that is still developing is options for users in data collection and privacy. As one example, Google now allows you to specify what kind of interests are associated with you, and thus what ads you’re presented with. This both improves their business and increases your control over what is identified with you while using Google products.

Reasonable Expectations

The Common Data Project asserts in their conclusion that users should never be expected to actually read privacy policies. Considering that no one does at this point, it’s not exactly a mind-blowing observation.

But for businesses, this presents the challenge of anticipating what people will accept from privacy policies. If no one pays attention to these policies, how can we expect them to comply with norms for how private information is handled?