The site’s privacy options are not very diverse, as they are tough to find and utilize

You’ve probably come across a pair of shoes that constantly follow you around the Internet, appearing in ads on different sites for weeks at a time.

The enormous majority of ads these days are targeted—that is, you see the ad because the advertiser thinks you, specifically, might be interested in what they have to offer. Maybe you visited a store’s website for a pair of shoes, or maybe there’s something in your browsing history that puts you in their target demographic.

While many websites offer the ability to opt out of targeted advertising or unsolicited emails, We discovered IN our latest research that using privacy options is not always straightforward. But it helped us formulate some uncomplicated solutions that could make life easier for users on the web.

Anything but standardized

Our team With tests co-workers We analyzed the privacy options available on 150 English-language websites. We looked for three common types of privacy options on each page: requests to remove—i.e., opt out of—email marketing, opt-outs from targeted advertising, and data deletion options. For each privacy option, we noted where it was located on the website and what steps were required to utilize the option.

The good news is that most sites offer appropriate opt-out or deletion options. Eighty-nine percent of sites with email marketing or targeted advertising offered opt-outs, and 74% had a way for users to request deletion of their data.

More good news: almost all websites now have a link to their privacy policy on their home page, and many of those policies also include privacy choices.

The bad news is that the privacy policies we studied were long—an average of 3,951 words. They were tough to read, and only a third included a table of contents. These policies were written at a level well above an eighth-grade reading level. considered suitable for the general publicWorse still, the sections containing privacy choices were even more tough to read and understand than the rest of the policy, requiring college-level reading skills.

Key terms are not consistent across privacy policies across sites. When we examined the headings of privacy policy sections, we looked for phrases that appeared in multiple policies, such as “your choices” and “opt out.” Unfortunately, we didn’t find much consistent information.

This makes it tough for users to scan or search for keywords or phrases that could lend a hand them understand their options. Users would benefit from standardized language across all sites that describes their privacy choices.

Even if a user finds privacy options on the site, it may not be clear to them how to utilize them.

We found that some opt-out links, instead of leading to an opt-out tool, led to the home page of the advertising industry association that hosts the opt-out tool, but elsewhere on the site. Other links were broken. Some policies included multiple links to different opt-out options, but the sites did not explain the differences between the links or whether a user would need to visit one or all of them.

One particular website we came across, Salesforce, had links to six different opt-out tools. We don’t think users should have to navigate a website’s complicated relationships with third parties; the websites themselves should make it straightforward for users to opt out of targeted ads, regardless of who serves them.

Uncertain effects

Once someone does manage to quit, it’s not always clear what will happen.

Most of the websites we visited did not clearly inform users of what they could opt out of. Some websites allow users to ask not to be tracked for advertising purposes, while others allow users to opt out of targeted advertising but not tracking. In this case, the hypothetical shoe ad would not appear on the page, but the company advertising the shoes could learn that you visited the page.

Only about half of sites offering opt-outs from targeted ads explained whether opting out of targeted ads also means users won’t be tracked. Users may believe they’re being protected from tracking when in fact they’re not.

Even when the choice is clear, using the sites is not always straightforward.

For example, to unsubscribe from all emails from Amazon, we had to scroll through 79 options before we saw the “unsubscribe from all marketing” option.

At The Up-to-date York Times, deleting data collected about us required completing 38 separate steps, including finding and reading the privacy policy, clicking a link to a deletion request form, selecting a request type, checking up to 22 checkboxes, filling out eight form fields, checking four additional confirmation boxes, and completing an “I am not a robot” test.

Even if these design decisions are unintentional, companies effectively discourage users from using privacy options.

Consistency is the key

When it comes to digital privacy, we believe consistency is key.

Sites need to offer easy-to-find, understand, and utilize options. They should simplify things by offering one-click opt-outs that consolidate multiple links and dozens of options.

It goes without saying that opt-out links must work.

If websites offer users the ability to make detailed choices, it would be helpful to collect them all in one place and adopt consistent terminology.

In addition, websites must explain what the opt-out options mean.

Perhaps most importantly, regulators should hold companies accountable not just for offering choice, but for providing choice that consumers can actually utilize.

[ You’re smart and curious about the world. So are The Conversation’s authors and editors. You can get our highlights each weekend.]