We have not been able to avoid the privacy policies in our post-GDPR world, but finding out what these legal documents are trying to tell us is not easy. In general, they are full of legal jargon and boring comments about the data and how they are handled. I understand why nobody wants to spend time reading them.
Cardozo and Jerome suggest looking for information gathered about you. The company will not necessarily list everything, but you can usually get at least a rough idea of the type of information that a product or service is accumulating. Jerome also looks for the word "control" because this could generate data and privacy controls that he did not know he had. The search on the Instagram data policy for "control", for example, shows where you can edit your privacy settings and how to opt out of Facebook's facial recognition technology. You may never have found these menus otherwise. You can also see the date on which a policy was published. Obviously, a more recent one is a good sign that the company is thinking about privacy more proactively.
You may also want to look up the word "no," says Jerome, because it is rare to find it in a policy. Of course, most companies would prefer not to be permanently limited to including what they are not doing, which could leave them open to lawsuits. Finally, Cardozo suggests checking how many times you find "how" because it is a red flag. Normally, I think it means that companies are specific, but Cardozo says that it's really a broad phrase that generally does not provide much information.
In general, privacy policies are long and complicated. They are designed to protect companies from lawsuits. These tips will not cover everything in a policy, but at least they will help you start your journey to discover what is really happening with your data.