Upon researching the recent article about terms of service, it was clear that privacy policies were another beast altogether and demanded some time of their own.
With the introduction of technology and data transmission, the need to protect the rights of individuals started to gain some recognition in Europe in the late 1960s. Sweden was first, West Germany second, France third. Later on, the United States recognized the need, and Canada trailed behind. Reality is that while many countries passed laws in an effort to satisfy citizens’ concerns, these laws were seldom enforced. Welcome to our complaint-based society in which some apparent challenges exist. One challenge was that very early on in the introduction of technology, it became evident that people are quite willing to put personal information in the hands of any organization whose wares we covet. While we are willing to place this information in their hands, we also hold them accountable for the protection and use of that information. The problem was and is that everyone interprets that accountability differently.
The awareness of this behavior means that companies have to develop privacy policies to ensure that people understand that while yes, certain data will be collected, there is the need to at least appear to be transparent.
The argument will always exist as to where to point the finger. Should individuals be held accountable for maintaining their own privacy, or should corporate organizations be held responsible? In a complaint-based society, we do like to be able to blame others and so we must agree to certain privacy policies before we are given the privilege of using technology tools and services. Corporate organizations have been put in the position whereby they have to protect their usually profit-maximizing initiatives from complaints lodged against them in the course of doing business. Of course, there are also bad guys out there who want our personal information for unscrupulous reasons. But for the record, these people don’t usually care about laws and policies.
My point is that as users of technology tools and services, we have to take some of the responsibility for our personal information. If the risk is too high, avoid the risk. That said, let’s look at some of the privacy policies and what it is that we agree to. This is assuming, of course, that we all read and understand the privacy policies before agreeing to them. We all do that, right?
Microsoft
Microsoft includes a “what’s new” link that I really appreciated. They break down what’s new with each update of the policy. Of course, right now all of the policies have been updated in response to the enablement of the GDPR in May. The only problem I have with the “what’s new” breakdown is that they don’t link the points to where they are located in the actual policy. We are basically left to our own devices to find more detail about the updates.
Microsoft is pretty detailed about the data they collect and let me tell you, it’s a lot! Basically, among other data, Microsoft collects data from your search queries, voice data, images, contacts, social data (relationships and interactions), financial transaction data, demographics, subscriptions and licenses, devices and usage, and interests. Remember, what I am supplying here is not a comprehensive list!
Unlike their terms of service, I did not find this document difficult to read and understand, although I did not like what it said.
Netflix
The Netflix terms of service was a very easy document to read and understand. Naturally, I expected the same from their privacy policy and I wasn’t disappointed. It is well-written and there are even examples that make their logic easier to understand.
Something I really appreciated is that at the very start of the document they provide an email address for their data protection officer for any questions or clarifications. They are clear on information they collect that is provided by the user, information that is automatically collected, and information that is provided from other sources.
There was only one piece of information that made me raise my eyebrows. Under the information that is provided from other sources, they state, “service providers that help us determine a location based on your IP address.” My first instinct was to wonder why Netflix needs to know my location. However, we can thank the U.S. Federal Communications Commission and the Canadian Radio-television and Telecommunications Commission for this one. Netflix cannot show certain content in certain locations. Ever wonder why that awesome series you were watching while on vacation can’t be found on Netflix when you return home? It’s Big Brother, folks! Anyway, Netflix is required to govern this, so they do need to know our location.
Oh, Facebook! Picture me shaking my head. If you did read the terms of service article, you will remember that the Facebook terms of service is confusing, poorly worded, and contains links too numerous to mention. Let me start by saying I am not sure what constitutes Facebook’s privacy policy. Is it this privacy principles document? Or is it actually the data policy? Perhaps it is this workplace privacy policy? I’m going to go with the data policy since it contains the information I was actually looking for but we have to also talk about the workplace privacy policy.
You have to know that if you use Facebook as part of your organization, your organization collects all your user information, passwords, and all content and communication. On top of it, your organization agrees to share this information with Facebook. And how do they use this information? They use it to enhance the safety and security of the system, of course! If you want to stop using this service, you are instructed to contact your organization, but it will take about 90 days.
As far as being a personal user of Facebook, they pretty much collect and store everything unless they are prohibited by law in your country. Note that the data Facebook collects does include financial payment information and authentication information. Just a reminder of the recent admission by Facebook that they scan private messages. But don’t worry. Facebook states that they use this information “for social good.” So I’m sure it will be fine.
One other item of interest before I move on. Facebook states that if ownership or control of all or part of their products or assets changes, they may transfer your information to the new owner.
I did like the way that the Google terms of service policy was put together. It was easy to read and didn’t state anything that caused me anxiety. Their privacy policy is also quite nicely put together. They even include examples, explanatory videos, and definitions. In fact, if you don’t feel like reading the privacy policy, and let’s face it, who besides me does, you can just watch a short video. While it is a well put together document, there are still important things contained within it that you need to be aware of.
Google does state that even if you don’t sign in to a Google account, they can still identify you via unique identifiers. That should not be a surprise to any of us at this point in time. They do basically collect all information and use it to show you personalized advertising.
One other point to be aware of is that you do agree that Google can move your data to various servers around the world. This was a very real concern at one point in time due to the different laws and regulations between countries. You will have to determine for yourself if this is something that concerns you.
Salesforce.com
Note that I am referencing the Salesforce.com “full privacy statement.” I do so because my first search turned up a link to a privacy document that only contained a summary. The summary isn’t bad. It contains the relevant information that most of us would be interested in knowing. However, by reading the full privacy statement, I did learn something new and interesting.
Have you noticed on your Internet browser an option called “do not track”? I have, and by selecting it I assumed that I was not being tracked. Wrong! It turns out that “do not track” or “DNT” has not yet been adopted by regulators. So, it’s basically an option for these providers and it appears that many choose to ignore the DNT option. Kudos to Salesforce.com for identifying this and stating that they do not respond to browser DNT signals. I don’t like it, but I do appreciate their transparency.
Other than that, like the others, they collect all data and use it for targeted advertising. None of us are likely surprised by that knowledge.
So, should we bother reading privacy policies?
The information contained within privacy policies is extremely enlightening. I truly believe that at some level, we all understand that there is a rather large amount of our personal data that is captured and kept by many companies, on many servers, in many countries. But in this case, ignorance is not bliss. Each and every one of us needs to understand our own tolerance level and to treat our personal data accordingly. From an enterprise perspective, we need to understand our strategic tolerance and to have open and honest transparency with our employees and customers. As they say, it’s all fun and games until someone loses an eye. Reading privacy policies is a not-so-subtle reminder that we hold personal responsibility when it comes to what we share and with whom.
Featured image: Freerange Stock
