If you’re like most people, you don’t bother to read the user contracts and privacy policies that accompany all those “free” services you enjoy online — Facebook, Twitter, Instagram and the rest.
You should, but that’s not what today’s column is about.
Rather, let’s look at how Big Tech seems to go out of its way to prevent you from understanding what you’re agreeing to when you sign up for service.
Put another way, let’s examine how these companies often make it as hard as possible to know what personal data are being collected and how they’re being used, how extensively your online activities are being monitored, and what your legal rights may be (or may not be) in case of trouble.
“Businesses know their terms are unreadable by, and incomprehensible to, consumers,” said Lauren Willis, a law professor at Loyola Marymount University.
Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University, told me it takes a “substantial” amount of time for anyone to traverse tech companies’ user agreements, let alone fully understand them.
“Certainly the lengths of these contracts deter many people from wading through them,” he said.
A recent study from Reboot Online Marketing, a London-based digital PR firm, tabulated how much time it would take the average person to read the terms of service and privacy policies of leading social media and e-commerce companies.
Reboot did this by feeding the contracts into an online tool called Words to Time. It estimates how long most people need to get through a certain number of words, using a conservative reading speed of 130 words per minute (the average for most adults is closer to 200 words per minute).
As a baseline, this column runs about 1,000 words. According to Words to Time, the average person will finish reading it in less than eight minutes.
Reboot’s study found that most people will need between an hour and an hour and a half to get through the user contracts and privacy policies of some of the biggest names in the tech world.
“Some contracts have over 15,000 words!” said Florencia Marotta-Wurgler, a law professor at New York University. She added that many such documents contain language that’s “more complex than articles in peer-reviewed scientific journals.”
The worst of the worst is the e-commerce platform Shopify. According to Reboot, the typical user will have to spend 77 minutes poring over the company’s contract, a.k.a. its terms of service.
The most time-consuming privacy policy, meanwhile, belongs to online payment processor PayPal. You’ll need to set aside 53 minutes to fully understand what the company does with your personal information, according to Reboot.
Reading PayPal’s privacy policy and its user contract will require 92 minutes. Shopify’s two documents will take 89 minutes to digest.
A Shopify spokesperson declined to comment on the record. No one at PayPal got back to me.
Other big-name sites aren’t much better. Reboot says Amazon’s contract and privacy policy require a total of 83 minutes to peruse, followed by WhatsApp (81 minutes), Twitter (81 minutes), Twitch (79.5 minutes) and Facebook (66 minutes).
To be sure, most companies need to convey complex legal concepts in their contracts. Lawyers — never a friend to clear, concise language — have a hand in drafting the documents.
“The need to be very comprehensive and cover their behinds with an air-tight agreement is instrumental,” observed Steve Tadelis, an economics professor at UC Berkeley.
I asked him whether some companies deliberately make their consumer contracts difficult to read and understand to deter people from looking too closely.
“Rarely if ever,” he replied. “Some bad actors may try to use these tactics. But for the most part, I think it’s done to avoid frivolous litigation and reduce business uncertainty.”
Others were less charitable.
“Do companies deliberately do this so that most consumers won’t read them?” asked Audrey Guskey, an associate professor of marketing at Duquesne University. “You bet they do.”
She cited a 2019 study by Pew Research Center showing that just 9% of U.S. adults said they always read a company’s privacy policy before agreeing to the terms and conditions.
Thirteen percent of adults said they often read privacy policies, 38% said they do so sometimes and 36% said they never read privacy policies.
Which is to say, most Americans seldom if ever read a company’s privacy policy before before clicking the “I agree” box.
“When a company’s terms of service agreement and privacy policies are so complex they sound like an academic journal article, and take almost as long to read as a dissertation, consumers tend to forgo reading the policies and blindly agree to the terms,” Guskey told me.
As someone who has read hundreds of consumer contracts over the years, my sense is that most businesses aren’t being malicious in serving up hard-to-read documents.
But they aren’t striving to make their disclosures easily understood; nor are they focused on ensuring that key points are conveyed in a transparent fashion.
This is unfair. And it’s wrong. And it requires fixing.
Loyola’s Willis proposed having state legislatures mandate that all consumer contracts and privacy policies “be comprehensible to most consumers.”
That’s how they do it across the Atlantic. The European Union requires that all privacy policies be written “in clear and plain language.”
There’s also precedence for this in America. Monthly credit card statements grew so incomprehensible and unwieldly in their presentation of fees, Congress passed a law in 2009 requiring that bills be written so people can understand them.
Goldman at Santa Clara University observed that businesses may have to include boilerplate language in contracts. “In some cases, the legal concepts are so complicated, they’ll be hard to understand no matter how they’re stated,” he said.
Point taken. But that shouldn’t let companies off the hook.
If specific, difficult verbiage is required for legal purposes, businesses should also provide straightforward translations of what’s being conveyed — and what it means for consumers.
“Most people do not have the time, patience or understanding of policies to spend an hour reading through terms of service agreement and privacy policies,” said Guskey at Duquesne University.
You started reading this column about eight minutes ago, give or take. Hopefully you didn’t have to work too hard, and hopefully you learned a thing or two.
Pay attention, Silicon Valley. This is how it’s done.
window.fbAsyncInit = function() { FB.init({
appId : '134435029966155',
xfbml : true, version : 'v2.9' }); };
(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "http://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));