Skip to main content

Here's why you've been getting so many privacy policy and terms of service updates lately

[ad_1]


Right now, many of the big websites, services, and apps you use are rushing to get their new privacy policies and terms of service in order. You’ve probably noticed all the notifications about it popping up on your phone and in your email. Just this week, we’ve seen messages from Etsy, Instagram, GoDaddy, Squarespace, Square, LinkedIn, Strava, SoundCloud, and just about any other app that requires you to sign up for an account. The driving force behind this change is Europe’s new General Data Protection Regulations (GDPR), which has been approved since 2016, but goes into effect on May 25, 2018.



GDPR is a massive overhaul of privacy on the Web laid out over the course of a 261-page document that you can read here if you’re feeling studious. The recent wave of privacy policy and terms of service notifications, however, mostly stem from a part of the regulation regarding consent and taking steps to prevent companies from opting users into terms that are hidden within monstrous legal documents that most people don’t even read before clicking “agree.”



A 2008 study showed that it would take the average person roughly 244 hours per year to read all of the privacy policies for sites they use, which translates to about 40 minutes per day. And that was way back in 2008 when people used the internet for an estimated 1 hour, 12 minutes per day—a number that has grown to roughly 3 hours, 10 minutes. It sure is much easier just to check the box that says, “I agree” and then start using an app or service.


Technically, you have probably already given many services consent to track you and use your information in a variety of ways when you agreed to a site or app’s terms. This happens when an app like Facebook throws a wall of text at you, followed by a checkmark that says something to the order of, “I promise I’ve read all of this legal jargon, I understand what it means, and I can’t wait for you to start profiting from my data.” That last part is an exaggeration, of course, but it’s fundamentally how many online services operate.



“The privacy policies are purposely ambiguous,” says Kirsten Martin, associate professor of business ethics at George Washington University and cyber privacy expert. “They’re written with words like trusted third-party suppliers. They use vague words to ‘improve service for you’ and not explain what’s going on.” Under GDPR regulations, that kind of obfuscation won’t—or at least shouldn’t—fly.


A quote from the official GDPR FAQ sums up the top level reform in terms of privacy policies:



“The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.”



In short, GDPR gives European Union citizens the right to clearly and explicitly opt into having their data collected and used by a company on the web.



Twitter’s recent privacy policy update is a good example of how companies are going about making the change. Below is a screenshot of the privacy notification I got earlier this week with various opt-ins to offer up my information.


It’s clearer than the typical mountain of legalese sites and services expect you to navigate, but there are still layers to dig through. Clicking “more information” on the “personalized ads” tab, for instance, takes you to another page that outlines some real-world examples of how the ad targeting works. At the very bottom, however, it also says that opting out of personalized ads still allows the service to target you with advertising based on “what you tweet, who you follow, what type of phone you use, where you are, and the links you click on Twitter.” It saves you from targeting by third parties who may have your email address or tracked you via Twitter integration on their website, but it can’t absolve you from Twitter’s ads completely.



A benefit of the notification, however, is that everything you can actually opt out of is available in one place that you don’t have to go hunting to find. My account went from totally opted in to completely opted out because of it. “GDPR says it has to be as easy to opt out as it is to opt in,” says Martin. Getting to the settings menu in Twitter to change these settings once you’ve dismissed the initial notification takes four taps into the menus.



Out of curiosity, I did sign up for a new Twitter account (which is why I now have an account called “@babymanrampge”) and didn’t get a prompt to opt into the tracking. By default, I was opted into all of the tracking except the part that tracks my activity across the web, which allows it to look at other sites I visit that have Twitter integration.


The language barrier



The concept of overly complex privacy policy has been the status quo since the early days of the Web, when flying toaster GIFs roamed the net. It didn’t have to be that way, though. “When businesses are forced to make complicated things easy to understand, they do a great job,” says Martin. “They do it every year with annual reports for investors and the FTC. If they didn’t, they would get sued.”



But, just because some sites are offering clearer controls and policies, we shouldn’t necessarily expect that all of the GDPR protections will apply to people in the U.S. and other countries.



Etsy’s update for instance, includes the following text:



“Depending on your location, we may provide you with the ability to access, download, and request deletion of your personal information.” It differentiates user’s specific rights based on the governing regulations of their country of residence.



When senators and representatives asked Mark Zuckerberg about whether Facebook’s GDPR updates would apply globally, his response translated to a resounding, “kinda.”


Since then, Facebook has issued a couple different privacy changes. You can now download your Instagram user data, including your photos and comments. That change is a direct nod to GDPR’s requirement for “data portability,” which allows users to take their content with them to another service or save it for posterity.



Facebook even published its internal guidelines for moderating user content, which is an acknowledgement of the GDPR’s mandate for transparency. That development is particularly interesting because of its interplay with Facebook’s penchant for using AI tools to evaluate content. “You have to have the ability to ask questions about the decisions made about data,” says Martin. “Facebook has a tendency to try and automate things when they go wrong. GDPR gives people the right to a human review of decisions made by AI an algorithms in general.” By posting its content moderation guide, Facebook is offering a pre-emptive explanation of its moderation decisions.



For instance, Facebook’s guidelines shed some specific light on its policies regarding nudity, which have come under fire when breast feeding and post-mastectomy photos have been removed from the service. There’s still some ambiguity in the language, but it’s more straightforward than before.


There could be a second wave of changes



Right now, the onslaught of privacy policy changes we’re seeing stem from Europe’s privacy laws. What U.S. policy will eventually look like is still a big ol’ question mark. For now, as was apparent during the Facebook testimony, U.S. regulations are still relatively lax. Even new efforts to impose some regulatory order are somewhat scattered and sporadic.



The Honest Ads Act, for instance, is a bipartisan bill meant to mitigate the ability of organizations to manipulate users with targeted political ads. Both Facebook and Twitter have voiced support for the bill, but the proposed law only addresses a small piece of the enormous privacy puzzle. It’s possible we could see more sweeping reform here in the States, but it’s likely a long way off if it happens at all.



Still, we’re reaping the fringe benefits of Europe’s efforts, which are about to come to fruition. Martin likens it to California’s efforts to raise the bar regarding vehicle emissions by imposing stricter requirements for things like miles-per-gallon, then getting other states on-board to incentivize car companies to increase their efficiency efforts.



This all culminates in the idea of “privacy by design,” which is one of GDPR’s ultimate goals. It makes privacy a fundamental and requirement from the beginning of the design process so it doesn’t have to get shoehorned in later. These revisions are costly for companies and often confusing for users—even updated privacy policies and terms of use include piles of complex language. If companies want to avoid that hassle as they expand, they can start their lifecycle with privacy in mind. “I wouldn’t be surprised to see European companies pop up to offer North American consumers viable alternatives to Facebook or Instagram,” says Martin. “Opting for models that don’t track their users could become a real competitive advantage.”




[ad_2]

Written By Stan Horaczek

Comments

Post a Comment

Popular posts from this blog

Ice technicians are the secret stars of the Winter Olympics

[ad_1] The emphasis of this year's two-week-long Winter Olympic Games has been placed squarely on the Olympians themselves. After all, the stated purpose of the international competition is to bring together the world’s greatest athletes in a nail-biting competition across fifteen different winter sports. But before the curlers, skiers, and skaters even arrived in Pyeongchang, South Korea, the Olympians of the ice technician world were already a few weeks deep in a competition of their own. Mark Callan of the World Curling Federation and Markus Aschauer of the International Bobsleigh and Skeleton Federation both say they’re hoping to make the best ice the Winter Olympics have ever seen. To transform the barren concrete jungle of existing tracks and arenas into an ice- and snow-covered wonderland is an enormous undertaking. And it takes a keen understanding of the physics and chemistry that keeps frozen precipitation pristine. Curling Callan has been making and maintaining ice for m
Post a Comment
Read more

In the wake of NYC terrorist attack, Trump says he's ordered increased 'Extreme Vetting'

[ad_1] President Donald Trump has requested for a heightened vetting program following Tuesday's terrorist attack in New York. @realDonaldTrump: I have just ordered Homeland Security to step up our already Extreme Vetting Program. Being politically correct is fine, but not for this! Earlier, he tweeted that the attack in lower Manhattan was committed by a "sick and deranged person." @realDonaldTrump: In NYC, looks like another attack by a very sick and deranged person. Law enforcement is following this closely. NOT IN THE U.S.A.! His remarks came after a motorist drove onto a busy bicycle path near the World Trade Center memorial and struck several people on Tuesday, leaving at least eight people dead and a dozen injured. NBC News repor
Post a Comment
Read more

How to save everything you post to social media

[ad_1] If you get the urge to revisit that cute photo you posted some time last year, you'll have to scroll through your timeline for what feels like hours to track it back down. Instead, when you share a post on social media, also save it to your phone for safe-keeping. This will not only save your social media hits for posterity, but also make them easier to find if you ever need to rediscover them. In this guide, we focus on saving photos and videos, because text posts are slightly more complicated—the only way to really preserve text from Facebook and Twitter is to download your entire archive (we'll explain how to do this below), and Instagram and Snapchat don't let you save or export your instant messages at all. When it comes to photos and videos, there's a shortcut to make sure they stay on your phone: Originally film them through a dedicated app, which will save them to a gallery. Only then should you open up a social media app to share them. However, there'
Post a Comment
Read more