Towards better online Terms & Conditions
The CommonTerms project aims to reduce the need for consenting to online terms without good reasons. This could make the internet a much better place for all, and contribute to digital sustainability.
The "biggest lie on the internet", of course, is "Yes I have read and agree to the terms". Reading is not reasonable, so everybody lies. How can users be expected to make wise choices when they do not know the terms and usually not even see the price for online services? How can providers be expected to offer fair terms if nobody even notices?
The project was initiated in 2010 by Metamatrix AB and funded by the Internet Foundation in Sweden (Internetfonden) for several years. See for example our reports Previewing online terms and conditions (pdf, 2MB) or Fighting the Biggest Lie on the Internet (pdf, 2MB).
Due to other assignments, Metamatrix has not updated the full project website since 2015. But - unfortunately - the issue is still very relevant, even after GDPR addressed some aspects. We have tried to stay up to date with developments and made sporadic contributions in other ways. For example, we discuss the results in a 2019 publication by think tank Fores called "Plattformssamhället" (chapter 5, in Swedish).
This rest of this page describes some of the conclusions from the project, so far.
How to overcome the fine print obstacle
Pär Lannerö, 2015
Today: meaningless consent
Meaningful consent is rare on today’s internet. Usually, users are neither informed nor in possession of good reasons for trust. Yet we repeatedly consent to unfavorable terms, especially in the privacy domain. We feel like we have no real alternative, and no real influence over online terms of service. We’re usually in a hurry and prefer to avoid consenting to anything, if possible. But when there’s no way forward but through consent, we keep our fingers crossed, tick the box and hope for the best. This is the “biggest lie” on the internet (“yes I have read and agree to the terms”).
There’s no way we can read and understand all of the fine print (Terms & Conditions, Cookie declarations, Privacy policies…) and there’s no way contracts will disappear.
The CommonTerms project has been exploring ways to stop the ”biggest lie” problem since 2010. We have studied what other similar initiatives have done, and produced prototype “solutions” to the problems associated with the biggest lie. We conclude that
- Contracting, even using fine print, is essentially something good.
- But the biggest lie is a real problem with several negative implications.
- It is not the most urgent problem around for most people, which can help explain why the situation has not been dealt with in a serious manner.
- It is rather complex and touches on many disciplines, including law, commerce, psychology, technology, security, design…
- We still believe the problem can be significantly reduced, and that several types of improvements can and should be combined to this end.
Five ways to challenge the obstacle
In the following we summarize a central conclusion from our work so far: Five different categories of efforts that can and should be used to reduce the need to lie when consenting to agreements online. Together, these efforts can turn the fine print from obstacle to a vehicle for mutual protection and support.
The first (bottom) 3 categories reduce the need to read contracts at the time of consent (virtually cutting out slices of fine print). The next makes reading more rewarding, and the last (top) one makes reading easier.
Mandatory user protection
Terms of service and consent dialogues can be reduced in size when law or other mandatory regulation provides users with basic levels of protection, or in other ways define a common ground. If such regulation has legal preference over anything that can be put in a contract, there’s no need to deal with the issues in the contract.
Since the internet crosses many national borders, and it can be very hard to tell what jurisdiction applies to activities in a specific system, international conventions are attractive here. But mandatory protection could also be provided at national or regional (eg. EU) level. It can apply to all kinds of interactions, or to specific industries/business sectors.
Mandatory legal protection of users (as well as providers) can reduce the amount of fine print and the risk associated with accepting contracts.
The Dynamic Coalition on Platform Responsibility (DCPR) which is currently being discussed in the context of the UN:s Internet Governance Forum, is an example of user protection with a global scope. The DCPR aims to produce a common baseline agreement for user protection in social media platforms. Another example is COPPA, which gives some basic protection for minors on US websites.
DCPR, by the way, does not only concern itself with the substance matter of online contracts, but also defines a common due process.
When you cannot create mandatory protective systems, there may still be a lot of benefit in standardization of entire contracts or parts of contracts. With standardized contracts or contract modules, you can read and understand once and then easily accept or reject when you see it again and again. In the open source software world, standardized licenses (GPL, Mozilla, BSD…) work like this, and have been used for decades. For copyright, Creative Commons licenses enable a time shift in a similar way: Users learn the licenses once, then reuse this knowledge many times.
Different ways to remove the need to read at the time of consent.
It is easy to imagine a techincal infrastructure that can remember your consents, for later re-use. A personal cloud service could store a copy of every fine print clause you accept or decline, and every part of every new contract you encounter could be automatically compared with your previous decisions regarding similar clauses. You could configure your software to automatically accept things you already accepted, and to display only clauses that you have not already seen, or to display only clauses that you or your friends usually do not accept. This would greatly reduce the need to read at consent time. A database of common terms/clauses would be a very useful component in such an infrastructure. A handful of projects, including CommonTerms, have done work in this area.
An alternative to storing decisions for re-use as you go is to maintain a preference model. With P3P (platform for privacy preferences) users could pre-configure their web browser to accept or deny certain types of cookies. This was another kind of time shift from the time of consent to an earlier occasion. However, a large percentage of users never bother to configure their preferences, so I’m more attracted to the successive accumulation of preferences by logging actual decisions you make in real life settings.
And just as you can time shift reading, understanding and decision making backwards, sometimes you can time shift forward from the current time of consent. Just-in-time consent can happen when a particular action is about to be taken in a system that you have been using for a long time. Any clauses pertaining to the particular action could be omitted from the contract you usually have to consent to when registering for the service.
Another option is to offer trial use of a system or service without the need to read and accept extensive fine print. Instead, the user could be offered a sandbox/novice status, possibly with some restrictions. This might not be popular with sites who want to boost their number of “members”, but it would also lower the threshold for people to check out a new service.
Consent based on trust is usually less burdensome than informed consent, and still often results in a better protection of your interests.
Extending your arm so that your doctor can take a blood sample, is a good example of meaningful consent based on trust. Relying on experts or experienced friends’ recommendations usually make decisions rather balanced. This is especially attractive if you’re a novice in the domain. Even automated expert systems can be useful.
Sometimes, for example when selecting a restaurant in a new city, we rely on the “wisdom of the crowd”. But take care. The crowd can be wrong or even manipulated.
You pay extra for brands, but the investment the brand owner has put into it also creates a reason for trust. And reputation is one of the best tools we have to stop deception and fraud.
If you have good reasons to trust the other party, consent can be meaningful even if it is not informed.
Transparency, investigative journalism, and civil rights organizations are other sources of trust, because they incentivize providers of goods and services to deliver quality.
By actively supporting trust creation using tools such as certifications, accreditation, transparency and auditing, we can reduce the number of times that netizens need to hesitate at consenting.
Users’ willingness to read (or in other ways gain knowledge of) terms & conditions should increase if there’s any chance reading will actually make a difference. If users can actually influence the trade-offs being made in a contract, this should make reading more meaningful. Giving users more choice than take-it-or-leave-it could do miracles here.
If it makes a difference, users will be more motivated to become informed.
Another way to add meaning to reading the T&Cs is gamification. The online gaming company Zynga explored this in Privacyville, where users could collect a few points for later use inside the game by actively exploring different sections of the Terms. I do not think this option is open for every context, though.
Make reading easier
Last, but not least, we definitely need to make it easier to read, navigate and understand the fine print that remains after the above cropping.
Some of the terms you will still need to be aware of, but the effort required for this can be significantly reduced.
We can accomplish this using plain language instead of legalese, and with clever use of tools in the UX and accessibility toolboxes. Education can reduce the literacy gap between contract and readers, but it will take time.
The CommonTerms project has proposed to standardize the presentation of terms. We do not think that icons can be used, except for a very limited set of very important and very common clauses. But standardization of categories, ordering, formatting and terminology can be used to make reading easier.