Slate’s new privacy policy is a dumpster fire

By | May 31, 2026
0 Comment

My wife, who is a “Slate Plus” subscriber over at Slate, received this email today:

When she shared it with me, I observed an obvious, immediate red flag: the email does not say what was changed in the new policy, or offer a link to something the recipient can read to find out what has changed. This is always a bad sign, which means one of two things: either the company changing its privacy policy doesn’t want you to know what has changed, or they have no idea themselves what has changed so they can’t tell you.

After carefully reviewing Slate’s new privacy policy, I think it’s almost certainly the latter. The new policy was obviously created by incompetent clowns, and I doubt they could tell readers what the effective changes are even if they wanted to.

I don’t know what Slate’s generative AI policy is, but honestly I suspect that if they’d run the policy through generative AI and told the AI to clean it up, they would have ended up with something better than what they ended up publishing.

You probably think I’m exaggerating about how bad it is. Fair enough. I’ll show you receipts.

However, before doing that, I want to say this: the TLDR of this privacy policy is that Slate collects a ton of privacy-invasive information about you and shares it with many other companies, because they are all-in on making money by using ad-tech in privacy-invasive ways to display personalized ads to their readers. Ugh. Below is the section of the privacy policy which makes this most clear. They can’t even get this right; the second paragraph in this section is missing the bullet it should have to be consistent with the rest of the section.

B. Categories of Information shared or sold with third parties In the preceding twelve (12) months, we have shared, sold or bought the following categories of personal information with the third parties listed below: Personal Identifiers: We provide your IP address, hashed email address, and Device ID to co-marketing partners, advertising platforms, social media platforms, analytics providers, and marketing companies. • Commercial Information: We provide information about your commercial transactions with us to co-marketing partners, advertising platforms, social media platforms, analytics providers, and marketing companies. • Internet or Other Electronic Network Activity Information: We provide information about your Internet or other electronic network activity information to co-marketing partners, advertising platforms, social media platforms, analytics providers, and marketing companies. • Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We provide our observations about you to co-marketing partners, advertising platforms, social media platforms, analytics providers, and marketing companies.

Now, about those receipts…

Below is the second paragraph of the policy. It refers to “such information” but “information” isn’t mentioned earlier in the paragraph, so what is it talking about? Note, also, the reference to “Privacy Statement” here; for some inexplicable reason, the page in various places calls itself both a “Privacy Policy” and a “Privacy Statement”. The inconsistency is ridiculous.

Slate is a daily magazine on the web and podcast network. Founded in 1996, we are a general-interest publication offering analysis and commentary about politics, news, business, technology, and culture. This Privacy Statement also explains how we may use and disclose such information, as well as your ability to control certain uses of it. By using this site, you agree to the data collection, use, disclosure and storage practices described in this Privacy Statement.

Moving on. The text shown below says “and” where it should say “or”, since obviously the people reading this page are not located in all of those states at the same time (this mistake is repeated throughout the page). There is extra and missing whitespace in numerous places in these two paragraphs. The phrase “opt out” used as a verb is hyphenated when it shouldn’t be. The email address in this text should be clickable but isn’t (this mistake is repeated inconsistently throughout the page. This page should have been proofread by many people before it was published. How were these absurdly obvious errors allowed to remain in the final version?

If you are located in the United States, including in California, Connecticut, Maryland, Nebraska, New Hampshire, Oregon, Tennessee, Texas, Utah and Virginia and would like to opt-out of the sale or sharing of your personal information, click here, call us at 646-389-7548 or email us at privacy@slate.com. Once you make a sales opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by calling us at646-389-7548 or emailing us at privacy@slate.com.

The language of the paragraph below is repetitive gobbledegook. Furthermore, the second sentence of this paragraph does not belong in the section in which this paragraph is included, which is entitled “Information You Provide”.

We collect information from you when you choose to provide it to us, and which is adequate, relevant, and reasonably necessary in relation to our processing of your information. We limit our collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the disclosed purposes for which the personal data is processed, as disclosed in this privacy statement. This may include when you purchase a product, create an account with us, sign up for our email lists, use our Services, participate in a survey or promotion, or otherwise contact us.

The two consecutive paragraphs below are partially redundant and partially contradictory. They repeat the same bit of California law and offer two different, contradictory mechanisms for exercising the opt-out right provided by it.

California prohibits a third party from reselling personal information unless you have received explicit notice and an opportunity to opt-out of further sales. The businesses listed on our Third Party Partners Page receive personal information from us and may resell that information. To opt-out of those sales, click on: [California Consumer Privacy Act (CCPA) Opt-Out Icon + "Cookie Preferences" button] The CCPA prohibits a third party from reselling personal information unless you have received explicit notice and an opportunity to opt-out of further sales. The following businesses receive personal information from us and may resell that information. To opt-out of those sales, please visit the third-party opt-out notices on our Third Party Partners Page.

The paragraph below repeats exactly the same information that was already provided earlier in the page.

If you are located in the United States, including in California, Connecticut, Maryland, Nebraska, New Hampshire, Oregon, Tennessee, Texas, Utah and Virginia and would like to opt-out of the sale or sharing of your personal information, click here, call us at 646-389-7548 or email us at privacy@slate.com.

The word “Us” should not be capitalized in the paragraph below. Again, how did stupid errors like this make it into the final, published version of this policy?

We may obtain information about you from other sources, including social networks that you use to connect with Us. If you use a third party service to login, link to us, or communicate with us (such as a social network or third party video chat), we may receive certain information about you from the third party based on your registration and privacy settings on those third party services. This information may include name, user name, demographic information, updated address or contact information, interests, and publicly-observed data, such as from social media and online activity.

I can’t even with the list below. It starts out using semicolons at the end of each bullet item, then seems to be wrapping up the bulleted list by putting “; and” at the end of a bullet item and then a period at the end of the following one. All that would be fine if they didn’t then include three more bullet items terminated by periods. This is absurdly clownish.

We use and retain information that we collect through the Services for a variety of purposes, including to: • Provide you with the products, promotions, services, newsletters, and information you request and respond to correspondence that we receive from you; • Customize and personalize your use of the Services; • Provide Slate Plus users with premium content, products, promotions, and information; • Contact you via email and otherwise about products, services, and events that we think might be of interest to you; • Contact you with surveys, legal notices, and other information that may be relevant to your use of the Services; • Maintain or administer the Services, perform business analyses, or for other internal purposes to improve the quality of our business, the Services, and other products and services we offer; • Publish stories, comments, and other information posted in our interactive online features; • Process employment applications and inquiries; • Create articles and other content; • Detect, investigate, and prevent activities that may violate our policies or may be fraudulent or illegal; • Deliver advertising, including interest-based advertising, including for cross-contextual behavioral advertising purposes, to show you relevant ads both on our Services and elsewhere, and measure the effectiveness and reach of ads; and • To help maintain the safety, security, and integrity of our Site, products and services, databases and other technology assets, and business. • For testing, research, analysis, and product development, including to develop and improve our Site, products, and services. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. • As otherwise described to you at the point of collection or pursuant to your consent.

Early on the page they claim not to collect any geolocation data. Then later on the page they talk about how they collect geolocation data. Nice, eh?

Screenshot clipped from the table near the top of the policy where they claim not to collect geolocation data
Here, they say they don’t collect geolocation data
o Location-identifying Technologies GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location, understanding the geographic distribution of our users, and delivering or restricting relevant content based on your location.
Here, they say they do

The paragraph below has an extra word that doesn’t make any sense, a “(i)” marker which implies that there’s going to be a list of multiple items but then there’s only one, and a closing quotation mark with no corresponding opening mark before it.

9. Communication Preferences You may choose to receive promotional communications (including emails and text messages), newsletters, and similar communications from us. You may opt out of receiving certain promotional communications from us at any time by (i) for promotional emails, by clicking on the opt-out or “unsubscribe” link included in the commercial e-mails you receive”. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. Opt-out requests for e-mail may take up to 10 business days to be effective. Your opt-out request will not apply to messages that you request or that are not commercial in nature.

In the paragraph below, Slate attempts to claim that they cannot be held responsible if they allow their systems to be breached. Because they say so, that’s why. Good luck with that when the class-action lawyers come after you after the breach. “Oh, we said in our privacy policy that we’re not responsible, so you can’t sue us!” lulz

11. Data Security We maintain reasonable security procedures to help protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of the information you provide to us. Please note that no data transmission or storage can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your information.

Once again in the text below, they can’t make up their fucking minds about how they’re going to end paragraphs and bullet items.

The right to know: ● the categories of personal information we’ve collected and the categories of sources from which we got the information; ● the business purposes for sharing personal information; and ● the categories of third parties with whom we’ve shared personal information; ● whether a company is processing your personal information and to obtain the personal data in a readable format The right to access the specific pieces of personal information we’ve collected The right to delete your information provided by or obtained about you The right to opt-out of the processing of your personal information for profiling, automated decision-making,the sale or sharing of your information and targeted advertising, in furtherance of a decision made by us concerning you that that produce legal or similarly significant effects or results in the provision or denial by the company of the following: financial and lending services, housing, insurance or health care services, education enrollment, employment opportunities, criminal justice or access to basic necessities, such as food and water The right to correct information and inaccuracies in your personal information, taking into account the nature of the data and the purposes for processing the data; The right to limit use and disclosure of sensitive information. The right to equal treatment, so you will not face retaliation or discrimination for exercising these rights.

The section below once again has the “we don’t actually know how to format bulleted lists properly” problem, but it has a much bigger problem. If, as it says here, they don’t do anything with data having anything to do with financial and lending services etc., then why do they say above that the user has the right to opt out of such processing? How can the user have the right to opt out of something that Slate doesn’t do?

We do not sell or profile personal data to make decisions about consumers that result in the provision or denial by the company of the following: ● financial and lending services; ● housing, insurance, or health care services; ● education enrollment; ● employment opportunities; ● criminal justice; or ● access to basic necessities, such as food and water

In the paragraph below we see a repeat of the extra whitespace problem, the unclickable email address problem, and the “and” instead of “or” problem, and they’ve added a new problem as well: they say “click here” about something that is not actually a clickable link. It looks like they intended to make the words “click here” a link but instead just pasted the URL in as unclickable text after those words. Again: how was this not caught during proofreading?

If you are located in the United States, including in California, Connecticut, Maryland, Nebraska, New Hampshire, Oregon, Tennessee, Texas, Utah and Virginia and would like to opt-out of the sale or sharing of your personal information, click here https://slate.com/do-not-sell, call us at 646-389-7548 or email us at privacy@slate.com.

Last but not least, why does the paragraph below, which appears in a section purporting to be about the rights of users in ten different U.S. states, refer specifically to the Texas Attorney General? 🤦

2. Right to Appeal If we decline a verifiable consumer request, we will provide you with notice of that decision, including a justification for the declination and instructions on how to appeal the decision. If we deny an appeal, we will provide you with information regarding how to submit a complaint regarding the matter to the Texas Attorney General.

This privacy policy is a joke, and Slate should be embarrassed and ashamed for publishing it.

Print Friendly, PDF & Email
Share

Leave a Reply

Your email address will not be published. Required fields are marked *

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)