USA Today featured an excellent piece on underscoring the absurdity of our current acceptance of dense legal Terms of Service and Privacy Policies. @Jguynn succinctly summarize the status quo, “I have read and agree to the terms” is “the biggest lie on the web.”.
The story effectively reduces the idea of informed consent to the ridiculous with a few powerful examples which clearly demonstrate that reading what we have agreed to is the exception, not the rule.
In 2017, 22,000 people signing up for free public Wi-Fi agreed to perform 1,000 hours of community service – cleaning toilets, scraping gum off the sidewalk and “relieving sewer blockages” – to highlight “the lack of consumer awareness of what they are signing up to when they access free wifi.” The company, Purple, offered a prize for anyone who read the terms and conditions and found the clause. One person claimed it.
While it is easy to ignore the small print, users are blithely agreeing every day to allow companies to sell our personal information to 3rd parties: our location using GPS and other tracking capabilities, our device identifiers and other digital identifiers. We do this while handing over our email address, our mobile number, our photographs and other powerful bits of Personally Identifiable information; sometimes including a perpetual license and even copyrights to any content we share. Even when we do not grant a perpetual license, opting out of these agreements can be difficult and confusing and erasing our digital footprints will prove almost impossible.
As always, the experts offer some best practices and several companies offer technical “fixes” which make it easier for us to FEEL like we are taking control but these offer only limited assistance to the few of us willing to spend the time to make considered choices. The truth is larger and more fundamental: Allowing companies to hide behind their ToS and calling that consent is a horrific user experience.
What we need is new public policy which allows users to agree conditionally and requires companies to receive an Opt In for every use of user data. What we need is for all PII to be stored by the users’ Identity Guardian as encrypted attributes and for each use of this data to be authorized by a discrete user authentication.
What we need is UNS.