Why am I saying this?
Because I've been thinking about privacy policies and how they are referred to in apps created with App Studio.
If your app connects over the internet you definitely (supposedly?*) need one for it to be certified in the store.
App policies for Windows Phone 2.8.1
App certification requirements for the Windows Store
4.1.1 Your app must have a privacy statement if it is network-capable
App capability declarations that make your app network-capable include: internetClient, internetClientServer and privateNetworkClientServer.
* I say "supposedly" because this isn't checked or enforced.
Is this a widespread issue?
With App Studio apps (where I started this explorations) it's even worse.
For a few apps you'll be directed to http://appstudio.windows.com/en-us/home/appprivacyterms
The Application must comply with the applicable laws of each jurisdiction into which you choose to make the Application available, including (i) export control laws; (ii) data protection, privacy, and other laws and regulations relating to collection and use of user information by your Application; (iii) telecommunications laws; and (iv) content ratings regulations.
Also though, don't you think Microsoft could and should be doing more to help developers? Most of whom are individuals who don't have the resources or knowledge to do a sufficient job in this area on their own.
It would also be nice to see the store enforcing its own policies - or at least helping flag to developers where they need to provide something, Especially when this can be done in an automated way.
I'm not a lawyer - this isn't legal advice. (It's advice to seek legal advice.)
You may (probably) need actual, bona fide legal advice for your app (business).
Seek it from someone suitably qualified. Not just some random blog! ;)
Are you a Windows Phone, Nokia-X (Android) or Asha developer? If so, you could be getting rewards for the apps you build and the success they achieve by joining the DVLUP program.