I'm not sure I'm following entirely. I agree that whoever wants to cheat can cheat and deceive their users about the fact that he/she is using personal data in a way that is contrary to privacy laws. That doesn't mean you should not inform users in a proper/legally compliant way, does it?
Most statements of 'privacy policy' ate usually statements of anti-privacy or retention and sharing policy. A true statement of privacy would demonstrate that no information is recorded in a durable manner and that no information is available for third party inspection. Privacy has a concrete meaning.
