The Real Reason Website and App Terms of Service Are So Confusing


What rights are you signing away when you click "agree"? The biggest one is the right to have your data kept private. vreemous/Getty Images
What rights are you signing away when you click "agree"? The biggest one is the right to have your data kept private. vreemous/Getty Images

If you never read the terms of service or privacy policies on websites or apps, you're not alone. Earlier this year, a team of researchers from Michigan State University and the University of Connecticut wanted to see how many internet users actually read the notoriously lengthy policies before clicking "agree."

The 543 students participating in the experiment thought they were beta-testing a new social networking site called NameDrop. In a paper titled "The Biggest Lie on the Internet," the researchers found that 74 percent of participants didn't read the fake website's privacy policy or terms of service, and those who did skimmed the 8,000-word and 4,300-word documents (respectively) in roughly a minute each.

Only 9 of the 543 students noticed that the terms of services include the slightly controversial "child assignment clause," which reads in part:

"[B]y agreeing to these Terms of Service, and in exchange for services, all users of this site agree to immediately assign their first-born child to NameDrop, Inc. If the user does not yet have children, this agreement will be enforceable until 2050. All individuals assigned to NameDrop automatically become the property of NameDrop, Inc. No exceptions."

Popular websites and apps like Facebook, Amazon and Instagram aren't coming after your first born, but they do intentionally draft privacy policies, terms of service and end user license agreements (EULAs) that they know (or hope) no one will ever read.

"There's a clear advantage to them to being unreadable," says Kit Walsh, a staff attorney with the Electronic Frontier Foundation, a digital rights advocacy group. "It would take you two months to read all of the agreements that you click through in a year. The PayPal terms of service is longer than ‘Hamlet' and lot less interesting to read."

The real function of these dense, jargon-filled policies and agreements — which most of us universally ignore — isn't for companies to inform users of our rights, but to establish legal grounds for collecting and sharing our information.

 "A study showed that 52 percent of people believe that if a company has a privacy policy, that means they will not share your information," says Walsh, citing a 2014 Pew survey."That's dangerously untrue. The typical privacy policy doesn't say we will respect your privacy and not share your information. They're written to give the company as much leeway as possible."

When you click "agree" on most social networking sites, that gives the company the right to mine and collect data not only from your clicks and "likes," but from your private messages to other users, Walsh says. Your home automation system collects and shares data with the company about when you're home and when you're not. Medical monitoring systems gather and save extremely personal and sensitive information. But when was the last time you read the fine print on any of these systems?

"We trust our devices with all of the intimate details of our private lives, and the privacy policies are written to let the companies that run those devices do essentially whatever they want and commercialize that private data," says Walsh. "In many cases, the utility offered by an app is just the bait to attract users, and the company's real business is collecting as much data as possible and shipping it out."

"In many cases, the utility offered by an app is just the bait to attract users, and the company's real business is collecting as much data as possible and shipping it out."
Kit Walsh, Attorney, Electronic Frontier Foundation

A British government task force just released a report about how unreadable terms and conditions impacts children online. In the UK, 56 percent of 12 to 15-year-olds have an Instagram account, but when a group of children were asked to read the app's 5,000-word terms of service agreement, none of them could decipher the "postgraduate"-level legalese. So the task force asked a lawyer to translate the document into plain English.

"Although you are responsible for the information you put on Instagram, we may keep, use and share your personal information with companies connected with Instagram," reads the translated policy. "This information includes your name, email address, school, where you live, pictures, phone number, your likes and dislikes, where you go, who your friends are, how often you use Instagram, and any other personal information we find such as your birthday or who you are chatting with, including in private messages (DMs)."

The report noted that when a 13-year-old named Amy read the de-jargoned version, she said, "They must know that no one reads the Terms and Conditions. But if they made it more easy than people would actually read it and think twice about the app." Another boy named Alex put it more bluntly. "I'm deleting Instagram because it's weird."

Does that mean you have to start reading those insane terms of service? Lord, no. The Electronic Frontier Foundation has published a handy cheat sheet of companies that have your back when it comes to government data requests. And a crowd-sourced initiative called Terms of Service Didn't Read reads and rates the privacy policies and terms of service for major websites and apps so you don't have to.