Clicking "I Agree" when registering for a new digital account/service or when a digital service's policies have been updated may have major legal consequences. The television show South Park made an interesting observation about what may happen when a company changes its terms and conditions in an episode last year titled the Human Centipad. While this episode demonstrated the potential pitfalls of what may happen when you agree to terms and conditions you may not understand, an online British retailer once inserted a clause into its digital agreements that gave it the right to reclaim its customers' immortal souls.
Recently,
I attended a showing of a new documentary titled Terms
and Conditions May Apply (TACMA). The film emphasizes the importance of
reading and understanding the terms and conditions of digital platforms. In particular, the documentary explores in-depth the privacy
policies and data collection practices of some of the most popular web based
services that are utilized by businesses, governments, and schools.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
When
TACMA premiered in January of this year at the Sundance Film Festival, the film alleged that Google's
earliest privacy policies were not listed in its publicly available privacy policy
archive. One of Google's earliest privacy policies from December
of 2000 stated, "A
cookie can tell us, [t]his is the same computer that visited Google two days
ago, but it cannot tell us, [t]his person is Joe Smith or even, [t]his person
lives in the United States." This
privacy policy indicates that during its early years Google had a policy in place that respected and protected its users' personal privacy.
However,
by December of 2001, the language
"it [a cookie] cannot tell us, this person is Joe Smith or even, [t]his
person lives in the United States," had been removed from Google's privacy
policy. Eliminating these protections from its privacy policy appears to have
been the turning point when Google stopped making user privacy a top
priority. Updating a privacy policy that removes user anonymity protections may jeopardize
personal privacy and security.
According
to CNET,
TACMA "provides special scrutiny of Google, and argues that the company
bowed to advertiser pressure by removing language from its privacy policy
promising users anonymity unless they willingly gave it up." Regarding Google's privacy policy history, Hoback
stated, "[t]hey [Google] really did care in the beginning quite a lot
about privacy. But when your profit margins come in direct opposition to your
principles, sometimes those principles suffer."
Interestingly, Google declined to be interviewed for TACMA. May Google's refusal to directly answer TACMA's questions serve as an admission that Hoback's film provides an accurate portrayal of Google's privacy policies? For those who question the film's accuracy, The Wall Street Journal recently stated "the breadth of Google's information gathering about Internet users rivals that of any single entity, government, or corporation....Google's privacy policy puts few restrictions on how much it can collect or use."
TACMA publicizes the importance of reading and understanding the terms and conditions of digital platforms. However, is greater awareness about these issues the only solution or are stronger laws and more robust enforcement actions required to protect users from companies that put profits ahead of privacy?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
