BASIC: How to evaluate an online service for privacy
Manufactured consent has made consumer-led data administration very difficult, but definitely not impossible.
There is a knowledge gap for consumer advocacy in retail and marketing of personal information. Consent has become a license to trade or sell personal information to companies. If you have to sign up for an account, the user license agreement is sure to follow. It is a contract. So you should be knowledgeable of your commitments.
So how can a consumer know how to test a service for integral, lawful privacy?
You can learn how.
1. Seek out the Privacy Notice
If an e-commerce business website does not have a privacy statement, that’s a huge red flag. If a personal business website does not have a privacy statement, you can usually submit an e-mail about data collection practices. Most businesses would think more about privacy if you simply ask them for the answers.
Most privacy notices to online consumers can be found at the bottom of the website.
2. Read the Privacy Statement and the Terms of Service
It is very important that you necessarily overcome any unreasonable objection to reading contracts concerning how your information is being sold, recorded or moved based on your consent to an online consent.
If you can read the arguments for and against reading Terms of Service statements to get paralysis of analysis, you can just read the Terms of Service and Privacy Notice. There are ways to scan a privacy statement so you can evaluate it more quickly.
3. Search and research the statements to gain understanding of the Terms of Service and Privacy Notices
Hopefully you will read your privacy notice carefully from end-to-end. However, we know many people just don’t do that. This is why there are services like, Terms of Service Didn’t Read, (tosdr.org). This service evolved to help regular users by evaluating commonly used online services Terms of Service contracts and giving it a rating for consumers. It's a short-cut, but it's no replacement for reading your contract.
There are other ways to quicken your statement research.
- Use “Find” text hot keys on your computer page to navigate the document.
- Make a list of search tags or words to flag text for privacy. A few search tags to start would be: Privacy, Information, Vendors, 3rd Parties, Consent, Personal Information, Collect or Collection.
4. Find the privacy office contact associated with the document
This is very very important. If there is no privacy office or administrative contact on the privacy statement accessible to you, do not consent or submit sign the agreement. The privacy office contact is usually found at the base or in the body of the Privacy Notice document.
5. Contact the corporate privacy office
Experiencing firsthand accessibility of a privacy office by consumers is very revealing. It speaks volumes about the integrity of the company. In your initial contact correspondence, ask the consumer privacy contact if revoking consent forefeit’s your right to use their online service before you submit to the agreement.
If no one corresponds to answer your privacy question, you should not adopt on their platform or do business with them. Absentee privacy representation is a red flag indicating that information privacy is a discarded virtue. It's the same feeling you might get calling a business with a disconnected phone.
6. Review new versions of your privacy statement
Companies will release product updates. Chances are if you have been with a service over a year there will have been some changes at the company to the service agreements and the Privacy Notice. That usually includes a modification to their privacy statement. This may include terms to improve your privacy or erase existing policy that protected your interests based on a project model update.
7. Invoke or revoke your consent over unfairly leveraged Terms of Service
If you have a current “information contract” with an online service, or any contracted service, you always have the right to revoke or notify the company they no longer have your consent to move or sell your information as a product. This might terminate your access to their platform. You should be prepared for that outcome.
You can invoke or revoke your consent by contacting the privacy officer at the company. If you choose to do this, you should produce your notice in writing. Since these are legal affairs, it may be wise to contact a lawyer to review your ask for lawful accuracy in context of your Terms of Service. You shouldn't ask for anything unfair or far reaching. It should stick to your consent terms.
LegalZoom is a great common law resource; which is inexpensive and accessible to individual users online. You can find a lawyer to evaluate your letter to revoke/invoke consent in context of the Terms of Service or Privacy Notice. You may need to pay a nominal service fee, but it will be worth it due to the disruption your request will cause. Companies may be unprepared to accommodate your request initially. Consumers typically never place any co-author terms on their consent. You could change all of that.
The Obstacle Course
If you have never dealt with corporate privacy officers, they are typically polite, professional and sincere with users. However, every company culture approaches issues of information privacy administration differently. Everyone can understand how loaded privacy issues are. You can expect reasonably professional conduct to accommodate your legal requests over your consent.
Unfortunately, professionals are also sometimes paid high salaries to be apologetic over clearly unethical or even illegal company behaviors. I’m asking you to suspend disbelief or outrage to accept this as a possible outcome to be prepared for.
This can come across as:
- blaming you for the information plot twists in their contract.
- asking you to misrepresent yourself in context of their own company policy to subvert their legal obligation to you.
- ignoring or stonewalling your requests to stop or cease use of your personal information.
- lying.
- games of legal chicken upon escalation.
- petty threats and intimidation ploys.
While this may not be normal for you, it may be normal hardball practice condoned by the company’s law firm because of how they do business. As difficult as this is to confront, you should not internalize this or blame yourself. It is precisely why it is so important to examine a company’s platform carefully before you adopt the service.
Research the ability to delete your account. You can always assert your consent terms to any internal ethics ombudsman body at the company in case you hit this wall. This can be an ethics board representative, a CISO or even a privacy lawyer associated with an industry or professional accountability group.
If you get this far and still get no recognition for your consent rights, you may want to try your case in the Court of Public Opinion. Contact your local 7-On-Your-Side, a daily newspaper or your local radio talk show producers who cover consumer affairs and share your story. The likelihood is high if you have taken all previous diligent steps to invoke or revoke your consent, negative press tends to turn corporate heads towards correcting your personal matter of contract.
If you can’t get any reasonable accommodation for your contracts following this effort, contact your lawyer again. It may be time to submit a consumer complaint to your State Attorney’s General and the Federal Trade Commission. They can help you find out if there are other legal complaints similar to yours in process. They will help you prepare a complaint as well. This may also serve as a submission to the Better Business Bureau and to industry ethics and accountability leadership in the online business field of choice.
While circumstances should never escalate this far, you can prepare yourself for the worst if a company cannot uphold it's end of the bargain.
If you would like help examining a Terms of Service statement or creating the body of your Terms of Consent letter, you can contact me for pointers and help, as well.