A U.K. parliamentary committee has attacked the terms and conditions used by social media services, declaring that they are too complex for users to understand. It said the unsuitability of the T&Cs had been demonstrated by episodes such as Facebook’s emotion-manipulation study, in which [company]Facebook[/company] deliberately made some of its users sad as an experiment.
A report by the Science and Technology Committee, issued on Friday, called on the British government and data protection regulator to develop terms that can actually help users understand how their data is being used. It’s great to see more of a political push for this — there are already grassroots initiatives to help people understand what the services they use do with their data, such as Terms Of Service, Didn’t Read, but they’re not widely known about.
The committee also asked the government to work with business and academia to make sure that apps only request the user data that they need to provide the advertised service, and to better explain to users why they need the permissions they request.
The report read:
We have not been convinced that the users of social media platforms are fully aware of how their data might be used and what redress they may, or may not have if they disagree with how an organisation exploits that data. This is exacerbated by our finding that terms and conditions contracts are simply too long and complex for any reasonable person to make any real sense of.
Reading such documents has been likened to engaging with “Shakespeare”. Drafted by lawyers, to be used in American court rooms, the contents of terms and conditions have been designed to protect organisations in the event of legal action. As a mechanism for showing that users have provided informed consent, so that organisations can process incredibly personal data, terms and conditions contracts are simply not fit for purpose.
In a statement, committee chair Andrew Miller MP referred to the Facebook emotion-manipulation study as an example of why informed consent was needed.
“Socially responsible companies wouldn’t want to bamboozle their users, of course, so we are sure most social media developers will be happy to sign up to the new guidelines on clear communication and informed consent that we are asking the Government to draw up,” Miller said, in possibly the most ironically-phrased official statement I’ve ever read from a British politician.
The report also called for an international “kitemark” that could demonstrate to people that the services they’re using make responsible use of their data.
This is all very timely, as proposed EU legislation would also push for standardized information policies for companies that process people’s personal data, so as to make it easier for their users to understand what they’re signing up to. If passed, the rules would also force companies to get active and informed opt-in from users before they start processing those users’ data.
The committee didn’t just focus on commercial social networks and apps – it also highlighted the U.K. government’s own abysmal track record with programs such as the disastrous care.data pilot. Miller said:
Whilst we expect the Government to encouraging others to meet high standards, we also want to see it lead by example. The Government cannot dictate to others, when its own services, like care.data piloted by the NHS, have been found to be less than adequate. The Government must audit all public sector online services and ensure that they provide easy to understand information about their usage of personal data.