As Privacy Policies Get Harder to Understand, Many Allow Companies to Copy Your Content (themarkup.org) 26
An anonymous reader shared this investigative report from The Markup:
Over the past quarter-century, privacy policies — the lengthy, dense legal language you quickly scroll through before mindlessly hitting "agree" — have grown both longer and denser. A study released last year found that not only did the average length of a privacy policy quadruple between 1996 and 2021, they also became considerably more difficult to understand. "Analyzing the content of privacy policies, we identify several concerning trends, including the increasing use of location data, increasing use of implicitly collected data, lack of meaningful choice, lack of effective notification of privacy policy changes, increasing data sharing with unnamed third parties, and lack of specific information about security and privacy measures," wrote De Montfort University Associate Professor Isabel Wagner, who used machine learning to analyze some 50,000 website privacy policies for the study...
To get a sense of what all of this means, I talked to Jesse Woo — a data engineer at The Markup who previously helped write institutional data use policies as a privacy lawyer. Woo explained that, while he can see why the language in Zoom's terms of service touched a nerve, the sentiment — that users allow the company to copy and use their content — is actually pretty standard in these sorts of user agreements. The problem is that Zoom's policy was written in a way where each of the rights being handed over to the company are specifically enumerated, which can feel like a lot. But that's also kind of just what happens when you use products or services in 2023 — sorry, welcome to the future!
As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: "We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights." That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to "support or improve the provision of the Services."
The article ends with a link to a helpful new guide showing "how to read any privacy policy and quickly identify the important/creepy/enraging parts."
To get a sense of what all of this means, I talked to Jesse Woo — a data engineer at The Markup who previously helped write institutional data use policies as a privacy lawyer. Woo explained that, while he can see why the language in Zoom's terms of service touched a nerve, the sentiment — that users allow the company to copy and use their content — is actually pretty standard in these sorts of user agreements. The problem is that Zoom's policy was written in a way where each of the rights being handed over to the company are specifically enumerated, which can feel like a lot. But that's also kind of just what happens when you use products or services in 2023 — sorry, welcome to the future!
As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: "We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights." That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to "support or improve the provision of the Services."
The article ends with a link to a helpful new guide showing "how to read any privacy policy and quickly identify the important/creepy/enraging parts."
Legal problem (Score:3, Interesting)
This is entirely a legal problem, not a privacy problem.
Not long ago a contract was legally defined as needing a "meeting of the minds", which meant both parties must understand the terms before either party was considered able to accept the contract.
But no longer.
Both of those requirements have been removed from the definition of a contract.
Today neither understanding the contract, nor accepting the contract, are requirements to be bound by a contract.
Now all that is required is called "objective consent", which is "what a reasonable person in the position of the other party would conclude"
So long as the company in the position of power can convince the judge what a reasonable person (who is never "you") should understand the contract to mean (not say), it is now possible to redefine any claims in the contract after the fact.
Since contract terms never become case law or set president, a singular contract can be redefined dozens or hundreds of different ways each with unique meanings based on individual court cases... assuming there are that many people who can afford to go to court in the first place.
This is not a game us plebs are supposed to play, and far too much money has been sunk into ensuring that.
Re:Legal problem (Score:4, Insightful)
In practice, I suspect that the terms will be interpreted by a court in the way that the entity with the most lawyers wants them to be interpreted.
It's actually a commerce problem (Score:2)
If people are unwilling to sign up for new services because of the likely misuse of their data, it impedes the functionlng of the economy, which is the great confidence game that maintains our standard of living. This is where we are now.
Re:Legal problem (Score:4, Insightful)
Re: (Score:2)
https://apnews.com/article/sar... [apnews.com]
The lawsuit just doesn't seem to make sense to me because OpenAI didn't intrude on any systems and never actually interacted with any of the writers in any way. The writers gave platforms like youtube and itunes access to their content. And then the platforms gave access to OpenAI.
Simply put, there is nothing unlawful about data theft. And the real villains here are the monoli
Re: (Score:3)
Here's my assumption (Score:5, Insightful)
First of all, companies that print lengthy, dense, boring, unintelligible legalese in tiny fonts are nothing new. It's been happening since way before software click-through TOSes were even a thing.
Here's my take on this:
If a company goes out of its way to confuse you, they're trying to shaft you. If they're trying to shaft you, what makes you think their TOS or contractual terms are worth anything and/or they'll abide by them?
Or said another way: if Google pinky-swears they won't share my data with data brokers if I click on the "Decline" button, who's going to verify that they won't? Outside of a lawsuit, nobody but them has the ability to double-check if they're true to their word, which means you have to trust Google. And the very presence of the intentionally-confusing legalese is proof that you can't.
So my approach is this: treat all those big tech companies as basically taking you for a dandelion, lying to you right and left and trying to reassure you and deflect lawsuits with their privacy policies but not actually restraining from doing anything they want to do.
Treat big tech as adversarial, hostile and untrustworthy. Assume they're lawless and do what you gotta to do defend yourself in a lawless world, because big tech has the resources to evade any laws.
So go right ahead and click through the TL;DR bullshit because it has zero practical value anyway, and guerilla-prevent big data from getting your data in the first place as much as possible: block their trackers, pollute their wells by feeding them as much incorrect information as possible, install privacy-conscious software that fucks with them as much as possible...
But whatever you do, don't believe for one second their privacy policies are anything other than pacifiers for gullible consumers. They're worthless. I've stopped reading them decades ago.
The fact we got here IS the issue (Score:2)
Think about what you just said. I'm not trying to insult you here, but you just evinced complete contempt for the law, large swathes of our industry and by extension of our economy and an active desire to supply those people with garbage data so that the well is poisoned for them, presumably forever. I don't even disagree with you _at all_. It's the right choice in this lawless world, as you note.
The problem for _them_, meaning TPTB, is that people like you and me are not the only people who are thinking
Re:The fact we got here IS the issue (Score:5, Insightful)
The problem for _them_, meaning TPTB, is that people like you and me are not the only people who are thinking this way
Have you ever considered that people wouldn't massively assume the powers that be are corrupt, take orders from whoever pays them the most and generally work for themselves rather than for the good of their constituents if it wasn't so blindingly obvious?
If you want people to place any trust in their elected officials, said elected officials need to behave impeccably and prove they deserve the trust of the people who voted for them - and at this point, they need to do that for a mighty long time too before people drop the cynicism.
But as things stand today, everybody knows instinctively that laws are written for ultrarich people by ultrarich people and adopted by politicians who are just actors in the great theater of democracy. Nobody is under any illusion that the sumbitches they voted in by default, for lack of true choice, will do anything in their interest.
That's why people give up on the relentless assaults of Big Data on their privacy. It never stops and they know nobody will help them, and they're tired. So they give up and accept it. Or - like me - they adopt passive-aggressive but ultimately meaningless mini acts of resistance.
Re: (Score:2)
Re: (Score:2)
It's not saying that it's new. It's saying that they are getting longer and denser.
As for companies trying to confuse, the reality is a lot of them aren't. They paid some lawyer to copy write a disclaimer. It is starting to become apparent that many companies themselves don't actually know what's in these disclaimers. They pay lawyers to srse-cover all manner of scenarios, and when someone does read the ToS and the media outrage ensues they back-pedal as quickly as possible.
Re: (Score:2)
My take is, if you read it, the TOS will tell you they are indeed shafting you every which way.
But that's hardly a new thing. The industry is long built on the assumption we'll never collectively care enough to get decent laws to stop it.
Re: (Score:3)
Big Tech knows all of this and they don't care. They know it doesn't matter. They'll still have billions of users worldwide no matter what they put in their terms and conditions. Nobody reads them anyway, and that's the point. There's nothing you can do about it, aside from not using their services. And since all such services do almost the same thing, you would be stuck without any modern tech services if you really want to be prickly about it. It's not like you'd be able to find some Google competitor tha
no subterfuge really (Score:1)
AAAnnnd....
The Terms of Service of EVERY service are only variations on a theme. Yes, they are large, and growing, and filled with legalese.. BUUT... there is nearly no hiding what they ALL say:
Any and All data touching our network, system, software, is our property and we claim rights of inspection and copyright over EVERYTHING that even comes near our service.
The Google TOS does not beat around the bush. They OWN any
Re:no subterfuge really (Score:5, Informative)
Any and All data touching our network, system, software, is our property and we claim rights of inspection and copyright over EVERYTHING that even comes near our service.
WRONG. Most services will claim permission to use user content, but leave copyright where it is - with the user who created that content. You create = you own the copyright. For company to claim that, copyright would have to be shared between user & company (copyright law has no provision for that), or copyright transferred from user to company (which would be very problematic from legal p.o.v. in many use cases). Take for example confidential documents sent via email. If (for example) Google inspects that for antivirus, training internal systems etc - little you can do other than encrypt your stuff before sending. But if Google were to claim copyright over random documents you send via email... well, see how that goes in case it ever hits a court of law. Regardless of what Gmail's terms of service claim.
Exceptions might be things that were entirely created on company's systems. Or not expected to be user owned. For example when you're working on company product, using company's systems, while being paid to do so (employer-employee/contractor). Or in-game assets for some online multiplayer games, that were created using in-game tools. But in that case user already knows that content has a best-before date & wouldn't easily translate to outside-of-game uses (not legally, anyway).
But that is exception not the rule. Where it gets shady: content from users who've closed their account. In some cases that may involve removal of files such that they become inaccessible to other users. But company probably keeps it archived. In some cases the usage-permission may end when user account is closed. Or not (see ToS). In some cases ToS may say permission ends, but company ignores & continues to use that content regardless. Or (likely illegal) scrapes content from competitors or random websites.
AI and prompt that simplifies Policies and TOS? (Score:1, Interesting)
Is there a ChatGPT prompt that will simplify and bullet-point a TOS or privacy policy? Plus point out things that should concern the end user.
Re: AI and prompt that simplifies Policies and TOS (Score:2)
I don't know why your post was modded down. I think it's a valid question.
Legends of Tomorrow (Score:2)
in one episode Season 4 the demon Neron had a plan to "Make Earth Hell Again" and made an app and hidden deep in the install terms was:
most are cut and paste (Score:2)
Most of those privacy policies are identical. The smaller the company or owner of the website, the smaller the budget to hire a consultant, or the interest in adapting the privacy policy to own circumstances. Many website tools provide ready-made terms and conditions and are adopted without the slightest adjustment. Even the placeholders for the company name remain often untouched. Incidentally, the longer a privacy page is, the more complete it appears to the webmaster, who then adopts and copies it blindl
Monitor != copy/store (Score:2)
As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: "We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights." That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to "support or improve the provision of the Services."
I call BS. "Monitor" implies passively reading content, not permanently copying it or storing transformations of it (i.e. the case of AI training).