The New York Times analysed 150 Privacy Policies of popular services. The average policy took 18 minutes to finish and required a college-level reading ability.
Despite efforts like the General Data Protection Regulation (GDPR) to make policies more accessible, there seems to be an intractable tradeoff between a policy’s readability and length. Even policies that are shorter and easier to read can be impenetrable, given the amount of background knowledge required to understand how things like cookies and IP addresses play a role in data collection.
As data collection practices become more sophisticated (and invasive), it’s unlikely that privacy policies will become any easier to comprehend.