The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services
Jonathan A. Obar (York University)
Note: This submission was contributed by the author to the Office of the Privacy Commissioner of Canada’s Consultation on Consent under PIPEDA.
Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.
This submission to the OPC’s dialogue on consent and privacy provides an overview of a study I recently co-authored with Dr. Anne Oeldorf-Hirsch (University of Connecticut) entitled “The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services” (working version). Anecdotally, the biggest lie is referred to as “I agree to these terms of service”. The study is currently under academic review. If interested, the study was discussed in an Ars Technica piece entitled “TOS agreements require giving up first born-and users gladly consent: Study participants also agreed to allow data sharing with the NSA and employers”. The contents of this document respond to OPC question (2) briefly discussed below.
The study abstract:
An excerpt from the discussion section (p. 23):
While a small minority of participants did express privacy concerns, the vast majority praised quick-join options for helping them by-pass notice components. It’s not just that privacy and TOS policies are perceived as boring or even pointless, it’s that users are going online and engaging with SNS to complete a list of desired tasks, namely, engaging with friends and family online, and all of the other affordances offered by SNS. As one participant noted, “my friends use this social media in oder (sic) to catch up with their life i (sic) signup for this as quick as possible” while another said “its a hassle to deal with a massive amount of boring pages about privacy and security when the site you are joining is there to do something much more interesting.”
It is clear that getting into a legal discussion about data sharing, the NSA and privacy in general is far from the reason that individuals choose to go online. Solove […] properly analogizes engagement with policies to the process of students receiving homework. […] Users aren’t looking for homework when they go online, quite the contrary, it is likely that many users are looking for an escape from their homework when accessing SNS. Users want to engage with the ends of digital production, without being inhibited by an education or a discussion about the means.
OPC Question “2. What solutions have we not identified that would be helpful in addressing consent challenges and why?”
Pragmatic solutions are made possible when challenges are accurately identified. One of the goals of our study is to demonstrate empirically the extent to which individuals ignore privacy and terms of service policies. Too often scholars and policymakers make assumptions in this area without referring to empirical evidence or nuanced explanations. Our research suggests that most individuals view notice components as unnecessary burden while on the path to online engagement. Users prefer quick-join options where possible so that digital ends can be reached quickly. This suggests the consent challenge is not limited to addressing the length of policies, the number of policies, the complexity of policies or even the accessibility of policies. One point the study highlights is the considerable challenge of having to change people’s attitudes towards notice. What incentives exist that motivate people to protect their digital privacy and reputation? Without clear incentives and a cultural shift that includes a clear narrative as to why notice matters, little will change.
Notice and choice policy is a great place to start, but a terrible place to finish. Without tools to make providing consent possible, engagement levels will remain unchanged. Canadians access, review, manage, correct and submit financial data to the government every year during tax season. This would be a formidable challenge if support systems did not exist to provide assistance. Taxes are required by the government, digital privacy and reputation management are not. If the OPC wants to support further engagement with consent processes, much can be learned from the methods that successfully engage millions of Canadians in the tax system. This could include infomediation services and government support systems. The infomediation question is one that I am currently researching and would be happy to discuss this further as a possible direction for further inquiry.
I have read an understood the consultation procedures. These comments are meant to implicate the OPC and the Federal government.
Thank you for your consideration.
Jonathan A. Obar, PhD
Assistant Professor, York University
- Date modified: