Recently, as the proliferation of copy and paste has become more noticable because of search technology terms and related, I find that sites are trying to do a few interesting things.

1. They are burying their policies, both terms of use, privacy policies, and related deeper into the site rather than being accessible on the front page.  Google was a known culprit of buryig their legal policies, and there has been a large amount of discussion about whether their actions were compliant.  Recently, they have amended their approach, and posted a Privacy Policy at the bottom of their homepage http://www.google.com, with the rest of their legal policies still difficult to find.  This has been of recent discussion mostly due to the increased activiity by the European Union Article 29 working group and their requests to remove personally identifiable information retained by search engines after a reasonable amount of time.

 2. The issue that inspired this post was whether a privacy policy that is not incorporated either by reference or entirely in a Terms of Service is actually binding or in the least bit applicable to govern the use of personally identifiable information collected by a website when a user visits the site.  Many sites post a privacy policy separate and apart from their Terms of Service/Use, and may mention the privacy policy in it, or not at all.  Most Terms of Service/Use however also have the following clauses or something similar:

"Entire Agreement

These Terms of Service are the entire and exclusive agreement between [COMPANY] and you regarding the Site, Content, Services,... and these Terms of Service supersede and replace any prior agreements between {COMPANY] and you regarding the Site, Content, Services....."

Now, generally speaking in contract drafting, if a document is not referenced therein and explicitly incorporated as being part of the agreement, it is not a part of the binding contract, and may simply be considered as persuasive documents to demonstrate the intent of the parties.  Not a binding document.  In this instance, does a user or the FTC have the right to sue for theft/misappropriation of personally identifiable information or even deceptive marketing practices and the bevy of laws which are applicable to that, including the CAN-SPAM act and related.  A solicited email may no longer be considered solcited if the Terms of Service/Use are governing and therefore the privacy policy is no longer effectual because the "Entire Agreement" clause has therefore made the privacy policy not worth the bytes it takes.

This is speculative legal musings, because no court has ruled on this at this point, and I wonder why no lawyer has brought this action previously.  I exempt myself because I'm not a litigator, but watch the dockets, it may be coming shortly.