|
META TOPICPARENT | name="FirstPaper" |
| |
Intro | |
< < | Social media platforms have become a mainstay of everyday life for the vast majority of society. Youtube and Facebook remain the dominant social media platforms, while other platforms such as Instagram and Twitter hold significant consumer bases as well. Despite the widespread usage of these applications, users seem to have very little awareness of the terms of service agreements while they use the application. Terms of service agreements are essentially contracts between the user and the service provider that dictate the conditions under which the user can use the service. Modern terms of service agreements have become increasingly thorough and expansive, creating a huge burden for the user to actually read through and understand. This leads to the issue of many users often “signing” their consent to the terms, without any knowledge of the terms to which they are agreeing to. The bigger issue, however, is that these terms have become much too expansive and give social media companies too much power and control over the privacy and data collection of its users. This paper will seek to explore the common themes that social media companies include in their terms of service agreements and the concerns associated with those provisions. While not representative of all social media companies, the paper will primarily focus on Facebook and Instagram. Through examining these companies’ privacy policy and terms of service, this paper will seek to make the argument that these provisions are unthinkably broad and vague, giving excessive and problematic control over how much data they can collect and the lack of restrictions on how they can use it. These terms of service agreements are an egregious offense to consumer privacy. | > > | Modern privacy policies have become increasingly thorough and expansive, creating a huge burden for the user to actually read through and understand. Many users often “sign” their consent to the terms, without any knowledge of the terms to which they are agreeing to. These terms have become much too expansive and give social media companies excessive power and control over the data collection and usage of its users. Examining Facebook and Instagram’s privacy policies, this paper seeks to outline the major data collection and usage concerns and proposes potential regulatory solutions to provide consumers with greater assurance of personal privacy. | | | |
< < | Privacy Policy | > > | Facebook and Instagram's Privacy Policy: The Problem | | | |
< < | The privacy policy is a common section among all the social media platforms and many internet platforms generally. Privacy policies address how a company treats and handles the data it collects on its users. Facebook’s privacy policy states that it will collect data on content and communications, networks and connections, app usage and activity, transactions, and activity from other users directed or related to you. Instagram, owned by the same parent company, has a very similar policy. This policy gives Facebook and Instagram wide latitude to collect an obscene amount of data that is related to the user in any way. This data is then used to sell to companies because it has advertising or marketing value. It may also be used to “improve our Products,” or in other words is used to train their AI models to better curate content for your feed and facilitate user engagement. Additionally, the sheer quantity of data that is collected on the user in almost every metric imaginable is frightening. The privacy policy provision seems to cover every aspect of your activity and makes it available for analysis by the company. | > > | Facebook’s privacy policy states that it will collect data on content and communications, networks and connections, app usage and activity, transactions, and activity from other users directed or related to you. Instagram, owned by the same parent company, has a very similar policy. On paper, this policy gives Facebook and Instagram wide latitude to collect an obscene amount of data that is related to the user in any way. The policy also gives Facebook and Instagram incredible discretion on how to use the data, such as selling it to third-party advertisers or to train its own artificial learning models. | | | |
> > | The current regime of privacy policies allows platforms to set absurdly expansive and vague terms without pushback. Most internet platforms employ a “take-it-or-leave-it” model, forcing users to comply if they want to use the service.This asymmetric power dynamic limits user agency and leaves no capacity for the user to debate the terms. While private companies should generally be free to decide their own terms of service, there should be limitations and regulations that further restrain the ability of internet platforms to use our data and protect consumers’ privacy interests while using those platforms. | | | |
< < | Browsewrap and Clickwrap: A Related Problem
An increasingly common trend is for websites or companies to induce consent to their terms of service through browsewrap or clickwrap methodology. Browsewrap attempts to bind the user to a terms of service agreement by virtue of the user browsing the website. Clickwrap is similar, but requires the user to physically agree to the terms, often by clicking a checkbox or clicking an “I agree”-type button. While browsewrap agreements are often unenforceable, clickwrap agreements are generally enforceable. These types of agreement methods are excellent for creating a frictionless experience and increasing engagement on a website, but are horrendous for informing the user such that they can make an informed decision before agreeing. Furthermore, the “take-it-or-leave-it” model of requiring users to agree to the terms to access the website limits user agency and leaves no capacity for the user to debate the terms. | > > | Shifting the Power Dynamic
The first step toward protecting consumers is shifting the power dynamic. In Fall 2021, Apple introduced App Tracking Transparency (ATT), which asked users if they wanted to allow apps on their phones to target the user for ads. This gave consumers greater agency in how their data was used. But this should be the norm, and regulation should demand that consumers have the authority to decide which app can use their data for marketing purposes. Implementing a rule or standard that requires consumers to explicitly give permission upon initial usage of the application, similar to Apple’s ATT, would be an effective solution because it forces the user to confront the application’s data usage and collection features while also providing the user with a convenient way to opt out (simply selecting “No” when prompted to give permission for data tracking). While Apple’s ATT only gives limited protection (the consumer’s sole usage of Facebook still permits Meta to engage in a great amount of data collection from the user’s activity), the industry-wide proposed rule should address the overall data collection and usage scheme, such that the user is forced to acknowledge the different ways the application collects data and is granted the opportunity to deny permission of such data collection. | | | |
< < | Final Thoughts and a Potential Solution
A potential solution is to introduce regulatory standards for internet companies and platforms that provide broad protection, such that users can just assume certain aspects of their data are protected and leave the enforcement to regulatory bodies. It would be too difficult to impose the burden on consumers to thoroughly understand the rights they are giving up when they use these apps. Tos;dr is an alternative method for helping consumers understand what they’re giving up, but it hasn’t seen too much usage. Social media companies have simplified their terms, but it remains vague and users hardly read it regardless. Browsewrap and clickwrap don’t fix any of the problems because consumers are still unaware of the terms they are agreeing to. The most effective solution is to introduce regulatory standards for social media and internet platforms that ensures users are protected at all times, regardless of the terms that they are unknowingly agreeing to. | > > | Fair Credit Reporting Act as a Model
The next step is to implement greater regulations on data usage. Similar to how the Fair Credit Reporting Act (FCRA) restricted the usage of data, the FTC should implement regulation that limits the usage of data that internet platforms collect. The FCRA allows unconstrained collection of data to develop a credit score, but that score and data usage is only usable in the context of credit or employment purposes. The same should apply in this context, where the data collected may be unrestricted, but the usage is constrained to situations and scenarios in which the users actively agree to (presupposing that users are allowed to choose). | | | |
> > | Furthermore, internet platforms and social media companies should be compelled to be more transparent with their data usage. Like how the FCRA allows consumers to see the data that is held about them and dispute inconsistencies, users should be able to request companies to reveal the data that is being collected through the usage of their app. If they recognize that data is being used for marketing where they didn’t allow it, then consumers, like in the credit context, should be able to challenge the company’s usage. | | | |
< < |
We spent weeks on this subject in the fall companion to this offering; you might find it helpful to listen to my ClassAudio from October and November. | | | |
< < | The best way to improve this essay is to cut sharply the description of the problem. We are all familiar with it so it can be described tersely. You need the space because just saying "regulation" is obviously not sufficient. What sort of regulation, implemented how? We are generally concerned in this course with the public and constitutional aspects of networked society. But the principle we follow here—that law, technology and politics are the three indispensable legs on the stool we stand on whatever issue were are analyzing—applied last term as well. So we might find in well-explored possible technological solutions for information accountability alternative framing for the legal issues as well.
| |
\ No newline at end of file |
|