I read a nice factoid on this topic this morning in Eric Schaffer’s Institutionalization of Usability book. It’s a quote from Jared Spool:
In April of 2002, Princeton Survey Research Associates surveyed 1,000 adult Internet users about their concerns with privacy on the Internet. In the survey, only 18% said they never read privacy policies most of the time, or every time they shop.
To reiterate this point –
What users said they do:
82% of users said they read privacy policies (from survey data)
What they actually did:
0.2% looked at privacy policies (in user tests)
This ‘observational data vs self-report’ argument is a road well trodden (read Jakob’s 2001 alertbox on this topic here, or a great signal vs. Noise post here), but I like this factoid because it sums up the argument so well.
[Note - typos have been removed from the original post. Thanks Jared!]