If you are a regular online shopper, you probably scoured Cyber Monday deals with eagle eyes. But did you also carefully go through the privacy policies you were consenting to before clicking “I Agree” on those business-to-consumer websites and apps?
People tend to ignore the fine print in online Terms of Service (ToS) contracts, according to York University Professor Jonathan Obar. In a recent study he co-authored, participants aged 50 and up expressed caution and concern for their privacy yet ignored the fine print, the communications and media studies researcher points out.
The data-broker clause specifically said data use could lead to “the development of data products designed to assess eligibility. This could impact eligibility in the following areas: employment, financial service (bank loans, insurance, etc.), university entrance, international travel, the criminal justice system, etc. Under no circumstances will NameDrop be liable for any eventual decision made as a result of NameDrop data sharing.”
The terms also included an extreme clause requiring a kidney/arm/leg, etc. in exchange for service (83.4 per cent accepted).
“Some of the participants said you ‘should’ read policies, suggesting that many want to protect privacy but perhaps not enough is being done to support meaningful consent processes,” says Obar, noting clickwrap designs are a primary reason people ignore policies. (Clickwrap agreements are where users are allowed to agree to terms by clicking a button.)
Long and complicated policies are also a problem, notes Obar, who created The Clickwrap and The Biggest Lie on the Internet, an informative video about clickwrap agreements.
“Results also suggest two examples of the privacy paradox: for clickwrap use and for policy reading time,” says Obar, explaining how even though participants conveyed an interest in privacy protections, they found policies long and complicated, and impeding their desire to join services quickly.
According to Obar and his co-author Anne Oeldorf-Hirsch, associate professor in communication at University of Connecticut, digital service providers should address problematic designs like clickwraps and revise long, complicated policies.
Obar recently launched a website to engage policymakers, platform providers and the general public in meaningful online consent research, noting “hopefully this will help support the changes necessary for the realization of online privacy deliverables.”