As an alternative, I argue for a concept I've been calling "visceral" privacy notice. Rather than tell people at length what your privacy practices may be, you show them what they really are. Facebook took a step in this direction today, joining Google and Yahoo! in what I hope to be an emerging best practice.
The basic idea is that experience can itself be a form of non-verbal notice, one that is substantially more efficient than language or symbols at creating in consumers an accurate mental models of a website or product. Other techniques include making collection forms more formal in design, which can alter user expectation and behavior, and leveraging people's familiarity with a previous technology---for instance, requiring that cell phone cameras make an audible shutter sound. More here, here, here, and here.
Today Facebook joined Google and Yahoo! in offering a form of visceral notice to users. Specifically, Facebook has assembled interactive tools that permit users to see how their profile looks to the public, what apps they use, etc. Most exciting of all, Facebook offers a unique new tool that lets users see exactly how ads are targeted by going through the motions of creating an ad themselves.
Obviously Facebook and others could do more to safeguard user privacy and security. But innovative forms of "notice" such as Google Dashboard and Ad Preference Manager, Yahoo! Ad Interest Manager, and now Facebook Interactive Tools represent encouraging signs of progress.