Who Reads Terms of Service, Privacy Policies or Click Agreements?

Over the last couple of years, in presentations around the U.S. about social media, I’ve asked audience members whether they take the time to read website terms of service (TOS), privacy policies or click wrap agreements. Very few have raised their hands.

At a recent SIM (Society of Information Management) Advanced Practice Council conference, one of the CIOs summed up the reasons: “Why bother, since we all know what the TOS, privacy policies and click wrap say?”

Consider this: If your business offers Web services — that’s almost all businesses now — shouldn’t the TOS, privacy policies, and click agreements be written in accord with the way you conduct your business? If your company with an annual revenue of US$10 million licenses software, then copying Microsoft’s TOS, which are carefully written for Microsoft’s $62 billion business, could be problematic.

For instance, Microsoft protects its software with digital rights management (DRM). If your company doesn’t provide DRM, your TOS could lead to confusion. Courts around the world generally enforce TOS and click wrap agreements as a matter of course.

Since parties have the option to accept or reject them, courts usually don’t see TOS or click wrap agreements as adhesion-type agreements (where one side to the agreement has an unfair bargaining position). Privacy Policies are driven by laws of various countries and states, as discussed below.

Terms of Service

Almost all social media sites have TOS. While it seems logical for every social media site to have similar TOS, they do not. Not every site calls the legal terms “TOS.” Following is a sampling of labels:

• Service Agreement – Bing (Microsoft)
• Statement of Rights and Responsibilities – Facebook
• Terms of Service – Google, Twitter, Yelp and YouTube
• Terms of Use – Foursquare, Wikipedia and MySpace
• User Agreement – LinkedIn

Also, the locations of the TOS are not always easily found. Although most TOS are at the bottom of the home page, Google’s TOS is harder to locate. It’s on the “About” page. Google does not put its TOS on the bottom of the search results.

If you were wondering if Google really belongs in the social media category, keep in mind that in addition to its role as a search engine, Google has Buzz, Latitude and Voice — all social media platforms.

Further, sites do different things with information. In Google’s TOS, for example, the company notes that it saves all searches in the U.S. for 18 months. Other search engines save search histories as well, since that’s the model through which search engines makes money.

Of course, Social Media TOS include disclaimers of liability for every possible claim. Google specifically disclaims all possible damages, while Bing limits damages to the amount equal to the service fee for one month. Whether these damage limitations are enforceable is anybody’s guess, since there’s little litigation testing these provisions.

Virtually all TOS include an indemnification requiring the user to indemnify the website owner for any claims brought against the website owner for the actions of the use. Interestingly, Google currently does not include any indemnification.

Click Agreements

As I mentioned above, I doubt that many people actually read the click agreement before they order products or services. To most, it’s just a speed bump on the way to purchasing goods or services while using websites and participating in social media. However, courts generally enforce the terms of click agreements, since the user has to manifestly agree, or not get the goods or services.

Because I teach a law school class in this area, my students and I may be the only people on Earth to regularly review click agreements. I believe the real purpose of the click agreement is to prove to a court that the user specifically agreed to acquire the goods or services.

For example, the TOS for Microsoft includes 21 separate sections that apply to users of the Microsoft websites, including provisions that deal with spam, use of Windows Live ID, service accounts, user content, privacy — and specifically not software licenses. The terms for a specific software license are only included in the related click agreement, which has 11 separate sections that apply to the specific software that is downloaded, not to the general use of the Microsoft website.

A well-known lawsuit challenging click agreement applicability was decided in 2000 in the case of Specht v. Netscape and AOL. Specht (and others) believed that without user approval, Netscape was spying on users’ Internet activities, including every site they visited.

Netscape responded that the click agreement required arbitration. The federal court of appeals ultimately ruled that the click agreement was not enforceable, since people could download the new version of the Netscape browser without ever seeing a click agreement.

Therefore, since not all users were bound to the arbitration provision of the click agreement, the courts refused to enforce the arbitration provision against any one person.

The lesson learned from the Specht case was that every single user who downloaded needed to agree. The result is that today, virtually every website requires a specific click agreement to get goods or services. If users want to know what they are agreeing to, they will have to read each agreement.

Privacy Policies

In the U.S., Internet privacy policies are regulated by the Federal Trade Commission (FTC). Interestingly, websites in the U.S. are not required to have a privacy policy at all, but if a website does include one, then the FTC requires that it comply with its promises.

For instance, if the privacy policy says that the website will not utilize personally identifiable information (PII) for any reason, then the FTC will issue a fine if PII collected by the website is used. On the other hand, if the website is silent about PII or has no privacy policy at all, then the FTC will not interfere with the use of PII.

There’s been much ado about Facebook’s Privacy Policy for quite some time. At the time I write this, here’s what Facebook says it will do with information from users:

“Site activity information. We keep track of some of the actions you take on Facebook, such as adding connections (including joining a group or adding a friend), creating a photo album, sending a gift, poking another user, indicating you ‘like’ a post, attending an event, or connecting with an application. In some cases you are also taking an action when you provide information or content to us. For example, if you share a video, in addition to storing the actual content you uploaded, we might log the fact that you shared it.”

Apparently, few Facebook users selectively limit what Facebook can do relating to their PII, so they effectively agree that Facebook can use all information that users create while visiting and participating in Facebook. So notwithstanding the bad press that Facebook has gotten, Facebook users still apparently agree to share their Facebook activities.

Outside the U.S., privacy is a very different matter. In the EU, Canada and Japan, for instance, there are very strict privacy laws that limit what can be done with PII. Since 1995, residents of the EU have the right to access any computer that has PII about them, review that material and change it.

As an aside, even emails are private to EU employees — not EU employers. Of course, this makes for complex legal problems with international email and social media communications, and the courts have a great deal of difficulty sorting this out. So a word to wise is to be vigilant about privacy policies to protect PII.

In Conclusion

Social media has increased traffic on the Internet, and it is important that users take the time to understand what they are legally committing to when they enter a website, post PII, and agree to click agreements.

Any users who do not like the TOS, privacy policies or click agreement terms they encounter should not use the sites that have adopted them.