A new report published last week by the UK Children’s Commissioner, titled ‘Growing Up Digital’ (PDF), noted that while more than half of all children in the country aged 12-15 had an Instagram account, none of them interviewed by the Commissioner could understand the service’s terms and conditions document. That’s unsurprising, since it spans 5,000 words in language that requires a postgraduate degree to fully comprehend.
The results are worrying for so many reasons, especially when you think about how the next generation will grow up surrounded by all kinds of online communities, apps and services that require them to share private information.
The report also includes simplified Terms & Conditions for Instagram (PDF) that were penned by a privacy law expert, and the vast difference between the two versions shows just how unfriendly these contracts can be to users who are trying to decide if they should use a particular service or not.
It’s not just Instagram, of course: We’re steadily advancing towards an age where all the gadgets in our homes, as well as our cars, are listening in on every word we say – primarily to do our bidding, but also to learn more about us. And all that data has to go somewhere.
Plus, the appeal of online services like Instagram is expanding to a much wider audience. That includes children, as well as people in developing countries who are presently experiencing the Web for the first time on mobile devices are eager to use them.
The business model of simply and directly charging your customer money for access to your product is becoming increasingly rare. It’s now a lot more common to see a service being offered at no monetary charge; the cost of entry is permission to view, mine and sell your data.
That’s problematic when the world at large isn’t fostering a culture of learning about and discussing the meaning and implications of the terms we agree to. Hitting ‘I Agree’ on Terms & Conditions pages has become a low hurdle that we can’t wait to jump to access an app. That goes for all of us, internet novices and veterans alike.
It’s also important to remember that even though apps don’t live forever on your devices, your data stays with them. Say you ditch Instagram and move on to Snapchat: What happens to your old account and the data it contains? Is it deleted fully or does it remain in an archive, and can employees and government agencies access it? Unless you’re clued in on the Terms of Service (ToS), you won’t know for sure.
If we have to use services that follow certain terms, we need to be able to understand them fully.
By the same token, apps’ ToS can change. When that happens, how do users get a handle on what’s changed and whether they should be more cautious using the app, or ditch it and move on? Reading more legal documents can’t be the solution.
The idea of simplifying these terms isn’t new at all. Terms of Service; Didn’t Read is a community-driven project that’s been around since 2011, translating popular apps’ ToS into simplified language so anyone can get a better understanding of what they’re signing up for. It’s a noble effort, but ideally, it’s something that companies should take responsibility for and offer independently.
Companies use legalese to adequately protect themselves, but at the same time, few of them can ever claim that all their users truly understand what’s happening to the data they share privately and on their platforms, and on what terms they’re engaging with them.
If we have to use services that follow certain terms, we need to be able to understand them fully. That power can’t be made exclusively available to those who have a law degree. The more we bring our lives online, the more important this becomes.
The EU’s General Data Protection Regulation, which will come into force next year, mandates that:
Where services are offered directly to a child, you must ensure that your privacy notice is written in a clear, plain way that a child will understand.
That’s certainly a step in the right direction, but it’d be great to see this expanded worldwide and applied to all products and services that require users to hand over or share information.
It’s not just about companies selling your data and profiting from it, but also about allowing governments and law enforcement agencies access to private information. Not to mention the chance that malicious actors can get a hold of it.
Of course, all this begets the question: How many people actually care about privacy, security and lengthy terms & conditions documents?
The fact is that we should all care – no matter how hard companies make it. What we can do is demand simpler language in these documents and increased transparency to clarify exactly how our data is being used, so we can make more informed decisions about what we share. If not for us, at least for our children.