The article is assuming that the ToS and privacy statement is meant to be informative. It's not.
If you give people a good overview of what you are doing with their data, a significant portion will get pissed off. If you bore them with legalese, 99.9% of them will just sign, rather than wade through the terms.
The broken by design thing is something that's always bothered me. I posted a draft of our company's Privacy Policy to github a while back as an experiment.
Look a the Facebook's example shown in the post. Facebook could have replaced that popup with a text broth, but it didn't, and this payed.
The main privacy policy of Facebook is another example. They redesigned it with the help of TRUSTe, when they realized all that people want is to keep control of what they share (and my opinion is cleared in the article).
Furthermore, TRUSTe bases its business on the assumption that well written privacy policies increase conversions, because when people have to provide their credit card (an example), they get scared by a broth-like privacy policy.
Also think about Creative Commons: many people use it and many people rely on it when needing to know how to share content. The world is a better place with Creative Commons, and I think it will be a better place with simpler Privacy Policies and TOS :)
The Facebook popup is quite nice, but I can see two ways in which it could be improved (from a cursory observation - I don't really use Facebook much any more).
Firstly, "[...] and any other information I've shared with anyone" could quite easily result in people accidentally permitting access to data they didn't mean to. In contrast to it being viewed by anyone, there is a good chance that data will be stored elsewhere and stashed, regardless of whether the user later notices and removes it.
Having some mechanism to fully disclose what your "any other information" is, from that popup, might help people to notice accidentally shared data sooner, and prevent them sharing it with people who are storing it. The UI might take a little work, but afaik they've already got "view my profile as $foo" abilities, but that's tied to the account privacy settings pages, and not directly accessible from this sort of popup.
Secondly, and maybe not nearly as practically, but it'd be nice to see actually optional disclosure settings for apps like this. Android has a similar problem with its apps, it tells you what (coarse-grained) permissions it requires, but you only get a choice of all or nothing.
Granted, it doesn't make much sense to install your GPS-map application without giving it access to your GPS data, but in the Facebook realm, there can definitely be data or services which you want to consider optional.
There's probably even a business model in charging users (more) if they wish to disclose less about themselves, making them less attractive from your advertising revenue.
The major problems I can foresee are (a) microtransactions, and (b) actually making your user aware you're effectively selling their personal details in exchange for providing them with whatever service.
The tradeoff sounds scaring:
- Extremely accurate Privacy Policies nobody read;
- Simplified Privacy Policies everybody read, but missing something.
Facebook has probably reasons for not including too much detail on that page, but Facebook also uses users' data like nobody else. For the average website this problem is much simpler, even for the average SaaS startup which is not a social network (or a simple one like Quora). Probably that kind of website can really have a privacy policy covering every personal data use within a simplified popup, without missing relevant information.
The Facebook's popup surely has issues, but I still love it since it's something people read, and it helps people take better choices. This is what, to me, is really important of Privacy Policies.
I am a fan of simple privacy policies, but the Facebook popup is not a privacy policy; it's an access policy. It tells you what Facebook data an application gets access to. It does not tell you what the app does with that information.
If you give people a good overview of what you are doing with their data, a significant portion will get pissed off. If you bore them with legalese, 99.9% of them will just sign, rather than wade through the terms.
It's broken, but it's broken by design.