You know you’re supposed to, but if you’re like most people, you probably have never read the user agreement, privacy policy or service terms when signing up for an online service, including a social network. And why would you? As we reported last week, the documents are dense (Facebook‘s took, on average, 2.5 hours to read, according to researchers), and people have remarkably low comprehension levels when asked questions immediately following their perusal.
Still, there’s a lot of stuff in those dense documents you should know about, so we asked experts what red flags you should be looking for if you only have time to skim the service terms before clicking accept.
“While many companies and nongovernmental organizations are attempting to innovate with alternative forms of notice, like visceral notice, or taking an approach rooted in icons, the privacy policy remains a lengthy document that is difficult to navigate,” said Christina M. Gagnier, a partner with Gagnier Margossian LLP in San Francisco. “It is essentially a communications tool for lawyer-to-lawyer communication if an issue arises, not a ‘communication tool’ to allow users to easily be aware of their rights.”
Don’t think of it as reading the document: Instead, interview the document. Look for the answers to the specific questions listed below, which almost all of our experts mentioned as being important in one way or another. Scour the document for the answer, then figure out if you can live with the terms.
What information will be collected?
For a site such as Facebook, which many people starting using long before the smartphone explosion, this may require a second interview. As Facebook and other social networks continue to amp up their mobile offerings, you’ll want to know if they’re collecting geolocation data, as well as what kind of analytics they’re using, according to Gagnier.
Nina B. Ries of Ries Law Group in Los Angeles says end users should also take note if it seems like a site is collecting too much information.
“If an application does not require location information for its operation, there is no good reason for the company to record this information,” she said. “An attempt by a company to gather data that is unnecessary or unrelated to its operation is a red flag.”
What security measures will protect your information?
Jonathan A. Paul of the Tech Law Group P.C. in San Diego thinks its just as important to know that data you do share will be securely stored. He looks for language in user agreements that say something along the lines of “All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions and any personally identifiable information will be encrypted using SSL technology” and makes sure URLs on the site where he is sharing data begin with https://, as opposed to http://.
“If the site is not taking simple steps to encrypt personally identifiable information submitted through its forms in its front-end interface with the customer, there is a good chance that the business has information security gaps on the back-end where your PII is stored,” Paul said.
Will your information be shared with others? If so, with whom and for what purposes?
Companies such as Twitter have a treasure trove of data about user behavior and locations, and that data can be used for both good and bad by third parties. Ries said it is important to make sure that you understand what rights a company is reserving to sell your data.
“We are all concerned about how a company will itself use our information, and we assume – sometimes correctly – that the company will use the data it collects to improve upon its services, its offerings or its marketing efforts,” she said. “However, we should be equally mindful of whether and when the company may share that information with others, including its partners and third parties. This may give rise to a sale of information to other companies who may then begin bombarding you with unwanted emails, phone calls and other media.”
Can you edit or remove the data?
This doesn’t just apply to the company you make the agreement with, but the companies it shares your data with. You may have no trouble removing unwanted data from the site you have the agreement with, according to Dennis Dayman, Chief Privacy & Security Officer of Eloqua, but will you have the same ease when you go to contact a company that bought your data?
He also says users should spend more time reviewing policies where they have to opt-out instead of opt-in for data sharing.
“If a site is going to share your information with unidentified third parties or sites that you can’t connect to and remove your data from in the future, then you should also be weary,” Dayman said. “Too many companies make you opt-out of their sharing of your personal data. The problem is that they often will turn around and monetize this data by selling your personal information to third-party affiliates and nonaffiliates.”
How can you contact the company?
And, a follow-up question, “Can you revoke permission at any time?” You want to know how easy it will be for you to contact someone at the company if you do have a problem, and, along those lines, you want to know how easily you can get out of the agreement. That also includes knowing what happens to personal information on the site after you leave.
Some users find out too late that leaving a social network means leaving all of their photos on the site, or deleting photos one-by-one.
You’re not simply looking for general help or tech support contact info, but specific, up-to-date contact information for legal counsel.
Do they follow their own privacy policy?
You’re making a legal agreement. You want to know the other party is going to uphold their end.
“You may want to consider doing a quick Google search for privacy breaches by the company. One major pitfall of any company’s privacy policy is a failure by the company to meet its own policies,” Ries said. “Such a breach may result in a class action against the company and unwanted media attention, either of which should turn up in a quick Internet search.”
Image courtesy of Shutterstock.
