You are here

What to know before clicking ‘I agree’ on terms of service agreement or privacy policy

By USA Today (TNS) - Feb 05,2020 - Last updated at Feb 05,2020

AFP photo

We’ve all done it. We’re updating the operating system on our mobile phone or installing an app, and we lazily skim through the privacy policy or we don’t bother to read it at all before blindly clicking “I agree”.

Never mind that we are handing out our sensitive personal information to anyone who asks. A Deloitte survey of 2,000 US consumers in 2017 found that 91 per cent of people consent to terms of service without reading them. For younger people, ages 18-34, that rate was even higher: 97 per cent did so.

ProPrivacy.com says the figure is even higher. The digital privacy group recently asked Internet users to take a survey as part of a market research study for a $1 reward. The survey asked participants to agree to the terms and conditions, then tracked how many users clicked through to read them.

Those who clicked through were met with a lengthy user agreement. Buried in that agreement were mischievous clauses such as one that gives your mom permission to review your internet browsing history and another that hands over naming rights to your firstborn child.

Out of 100 people, 19 clicked through to the terms and conditions page, but only one person read it thoroughly enough to realise they’d be agreeing to grant drones access to the airspace over their home.

This isn’t the first time researchers have used trickery to drive the point home that few people read all the terms of service, privacy policies and other agreements that regularly pop up on their screens.

In 2016, two communication professors — Jonathan Obar of York University in Toronto and Anne Oeldorf-Hirsch of the University of Connecticut — asked unsuspecting college students to join nonexistent social network NameDrop and agree to the terms of service. Those who did unwittingly gave NameDrop their firstborn children and agreed to have anything they shared on the service passed on to the National Security Agency.

Some companies reward customers who scour the small print. Last year, Georgia high school teacher Donelan Andrews won $10,000 for poring through the terms of the travel insurance policy she purchased for a trip to England. The Florida insurer, Squaremouth, offered the prize to the first person who e-mailed the company.

Other companies ding consumers to draw attention to the risks. In 2017, 22,000 people signing up for free public Wi-Fi agreed to perform 1,000 hours of community service — cleaning toilets, scraping gum off the sidewalk and “relieving sewer blockages” — to highlight “the lack of consumer awareness of what they are signing up to when they access free WiFi”. The company, Purple, offered a prize for anyone who read the terms and conditions and found the clause. One person claimed it.

 

What you don’t 

know can hurt you

 

The problem? We needlessly put ourselves at risk by signing away all kinds of rights over what personal data an app or website collects, how they use it, with whom they share it and how long they keep it, says ProPrivacy.com, which decided to draw attention to the problem on Tuesday when the world observes Data Privacy Day.

Shady individuals and outfits and snooping corporations constantly extract and exploit our personal information for financial gain, spying on us with the kind of sophisticated monitoring tools that would make James Bond drool.

It’s not just ad targeting. Some of that information can end up in the hands of health insurers, life insurance companies, even employers, all of which make critical decisions about our lives.

Yet, we mostly just shrug our shoulders when asked. At first, more than two-thirds of the ProPrivacy.com survey participants claimed they read the agreement and 33 claimed to have read it top to bottom. When the jig was up, they offered up the same old excuses: It took too much time to read through it all. They trusted the organisation had their best interests at heart. Or they simply didn’t care.

That “que será será” attitude is understandable. There are few laws or regulations protecting online privacy, so shielding our personal information from prying eyes can seem like an exercise in futility. But we can all take steps to thwart 24/7 corporate surveillance. That starts with reading the small print.

 

What are you signing?

 

The terms of service is a legal document that protects the company and explains to consumers what the rules are when using the service, says Ray Walsh, data privacy advocate at ProPrivacy.com. A privacy policy, on the other hand, is a legal document that explains to users how their data will be collected and used by the company and any third parties or affiliates. Remember, when you click “I agree” on these documents, your approval is legally binding.

Much of what’s included in these documents is boilerplate or relatively innocuous. But there are some areas to pay attention to, such as granting a company the right to sell your personal information to third parties, trace your movements using GPS and other tracking capabilities, harvest your device identifiers or track your device’s IP address and other digital identifiers, Walsh says. Beware of companies that demand a “perpetual licence” to your “likeness” or to your personal data.

“These kinds of invasive stipulations can be extremely harmful, and consumers must ensure that they never agree to them or other privacy agreements that denote not how the user will gain privacy but rather how they will have it stripped from them,” Walsh says.

 

Search for keywords

 

Who has the time to wade through page after page of dense legal jargon to spot the worrisome bits?

Alex Hern, a journalist with The Guardian, spent one week in 2015 reading the terms and conditions the rest of us don’t. The result: It took him eight hours to skim 146,000 words in 33 documents. A study by two law professors in 2019 found that 99 per cent of the 500 most popular US websites had terms of service written as complexly as academic journals, making them inaccessible to most people.

If your eyes are glazing over, there are some shortcuts. Search for keywords or phrases in the document that will tell you what information the app or website collects, how long it keeps it and with whom it shares it. Watch out for sections that say you must “accept,” “agree” or “authorise” something, Walsh says.

“Third parties” is a key phrase, as are “advertising partners” and “affiliates”. “Retain” or “retention” can indicate how long the company keeps your personal information. “Opt out” may indicate how to turn off the sale or collection of your personal information.

“The do’s and don’ts can alter radically from one service to another, and it is essential for consumers to understand how they can use each individual service they sign up for,” Walsh says.

 

Don’t have time? 

Here’s a shortcut

 

The motto of the ToS;DR user rights initiative (short for “Terms of Service; Didn’t Read”, inspired by Internet acronym TL;DR “Too Long; Didn’t Read”): “I have read and agree to the terms” is “the biggest lie on the web”.

The project offers a free browser extension that labels and rates these agreements from very good (Class A) to very bad (Class E) on the websites you visit. When installed in your browser, it scans terms of service to unearth the worrisome stuff.

up
6 users have voted.

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Newsletter

Get top stories and blog posts emailed to you each day.