Research by NordVPN supports what we’ve all known: privacy policies are too long and too difficult to understand.

According to the research, it would take someone more than 40 hours to read the policies of the 96 websites Canadians “typically visit in a month”.

An assessment of the policies using a common readability index – Flesch Reading Ease Score – determined that most are very difficult to read, requiring a university degree.

These policy documents are important, too, because they govern what a website can and can’t do (will and won’t do) with your information.

Given that most of us are unlikely to read privacy policies, especially those that are long and difficult to read, one suggestion by NordVPN is to search policies for what they call, “red flag keywords” like “‘sell’ and ‘sold,’ indicating that your data may be sold to third parties. Also look for words like ‘partners,’ ‘affiliates,’ and ‘third parties’ with whom your data might be shared or sold to. Lastly, look for words ‘may’ and ‘for example,’ because they might give away the website’s malicious intent regarding its users’ data (as in ‘might analyze your content, for example, your emails’).”