Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Click Through Cheat Sheet: Turning Terms in Your Favor

You Can Decide Whether or Not to get into a Contractual Relationship and What Information you Share if you “Agree”…

You Can Decide Whether or Not to get into a Contractual Relationship and What Information you Share if you “Agree”…

Less than 1% of users read the entire end user license agreement (EULA) appearing on the click through when they sign up for an online service or make an internet purchase or download. OK, I totally made that up. But I bet I’m being generous with that 1% swag. I re-read the Apple, Vine and Intagram terms and conditions in preparing for this article. Even with 20 years of legal experience focused on high tech documents, each took me about 14 minutes to get through. Tack on the user guidelines and privacy policies linked to in these documents and it’s an easy 20 minutes each.  Let me try and make it easier for you with a cheat sheet.

Understanding Terms and Conditions

Click through EULAs have 9 core components:

1. Who can agree to the terms?

2. What can the provider do with your information?

3. Links to other terms and conditions

4. The ability to modify the terms

5. Little or no liability for the provider

Advertisement. Scroll to continue reading.

6. Lots of liability for you

7. No Warranty

8. No security or continuity for your content

9. If issues arise, you go to their home field

1) Who can agree to the terms?

Does your 12 year-old use Vine or Instagram? They shouldn’t according to the EULA unless you signed them up for it. Both say you must be 13 or older because of COPPA (Children’s Online Privacy Protection Act), a Federal law that says website operators need parental consent before collecting personal information of those under 13.

Other EULAs use the risk shifting strategy of saying you can only agree to the terms of it’s legal for you to do so in the jurisdiction where you live. But that age varies widely from 14 to 21. Do you know how old you have to be in your state to contract? I wouldn’t have had I not looked it up for this article. The importance of this age limit is you can use it to make your kids come to you first before they sign up for social media accounts by saying it’s “illegal” for them to do it without your help.

2) What can the provider can do with your information?

Simple answer, just about anything. With social media, the two things you are providing are content and personal information. The content is your posts, pictures, likes and connections. Your personal information is your name, email, age and other similar info. The EULA will generally say you are licensing the content to the provider for their worldwide and transferable use of that content. So you own it, but they can do anything they want with it subject to their Privacy Policy. You flip over the Privacy Policy and it says the provider can share your content for advertising purposes. The troubling part is what these EULAs don’t say. They don’t say they won’t sell your content.

Your personal information isn’t part of your license grant to the provider. But they still say they can share it with “affiliates” in the Privacy Policy and annonymize it and then sell it to anyone.

3) Links to others terms and conditions

The terms you see may not be all you get. Look out for references to Privacy Policies, Guidelines, and terms of third party providers.

4) The ability to modify the terms

Love this one. It says they can change the terms in the future by posting the change on their website. If you’re really lucky they might email you. Your only recourse is to stop using the service.

5) Little or no liability for the provider

Liability caps are the most important term in the agreement for the provider. They say no matter what has been promised and whatever happens, you can’t come after the provider for more than a small amount of money. Most liability caps for social media sites are for $50 to $100. So they can promise the world, but if that all goes to heck then all you get is $100. And that’s after you paid for a lawyer and presumably won.

6) Lots of liability for you

While the provider’s liability caps out at $100, yours is unlimited. And you are specifically agreeing to indemnify the provider for any legal claims based on your use of the product or service. For example, if you post a copyrighted song to YouTube and the artist sues YouTube, then you have to pay all of YouTube’s legal fees and for any judgment against them.

7) No warranty

Products and services are often provided “As Is” with no express or implied warranties. Implied warranties are created under law by the Uniform Commercial Code, a nifty device that gives consumers protection even without a contract. So when you buy that car part that makes your car go boom, you can claim damaged under an implied warranty of merchantability. There are also implied warranties that products won’t infringe another’s intellectual property and will be fit for the purpose they are intended for.

But a click wrap unravels those implied warranties because a contract is involved and a person can contract away their rights under the Uniform Commercial Code with a simple click.

8) No security or continuity for your content

Social media providers say right up front that the internet is a scary place, breaches happen and your info may be lost or stolen. You get what you pay for so back your stuff up elsewhere. If you think your pictures will still be available for your grandchildren in twenty years on Facebook, I’d re-think your level of trust and expectations.

9) If issues arise, you go to their home field

As if the rest of the terms weren’t one sided enough, you get to go to their turf in case of any dispute. This is called the law and venue clause. You may be in Boston, but when you click the agreement for that San Francisco company, you are agreeing to go to San Fran for any dispute.

Don’t know if I made things better or worse for you, but at least now you know a little more about what you’re getting into. It’s not a level playing field. While you can’t do anything about the terms, you can decide whether or not to get into the contractual relationship in the first place and what information you share if you do click through. You don’t have to share your contacts, provide your location, or detail personal information and goings on. This is the way you enjoy services on your terms.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.