We analyzed the privacy policies of 75 online tracking companies with the goal of assessing whether they contain information relevant for users to make privacy decisions. We compared privacy policies from large companies, companies that are members of self-regulatory organizations, and nonmember companies and found that many of them are silent with regard to important consumer-relevant practices including the collection and use of sensitive information and linkage of tracking data with personally-identifiable information. We evaluated these policies against self-regulatory guidelines and found that many policies are not fully compliant. Furthermore, the overly general requirements established in those guidelines allow companies to have compliant practices without providing transparency to users. Few companies disclose their data retention times or offer users the opportunity to access the information collected about them. The lack of consistent terminology to refer to affiliate and non-affiliate partners, and the mix of practices for first-party and third-party contexts make it challenging for users to clearly assess the risks associated with online tracking. We discuss options to improve the transparency of online tracking companies’ privacy practices
