Privacy policies aim to address the first requirement by informing consumers of the information practices that are followed by the entity.
"Of the 64 policies examined, only four (6%) were accessible to the 28.3% of the Internet population with less than or equal to a high school education. Thirty-five policies (54%) were beyond the grasp of 56.6% of the Internet population, requiring the equivalent of more than fourteen years of education. Eight policies (13%) were beyond the grasp of 85.4% of the Internet population, requiring a postgraduate education. Overall, a large segment of the population can only reasonably be expected to understand a small fragment of the policies posted." [JP]
This report is not alone in claiming that privacy policies are hard for the average user to understand -- U.S. Federal Trade Commissioner Sheila Anthony commented, "many privacy policies are beginning to look like complex legal documents that do not give consumers real choice." [ComputerWorld] Some companies such as CitiGroup try to address this issue by offering alternate versions of their policy that is more readable -- CitiGroup, for example, provides a version that outlines their policy in 10 concise points, and has stated that consumers tend to prefer this version to the full legal one. [ComputerWorld] However, these kinds of companies are the exceptions rather than the rule -- as it currently stands, most privacy policies are beyond the comprehension of a majority of readers, and even readers who are capable of comprehending the policy won't necessarily read it.