How to overcome the fine print obstacle
Conclusions after five years with
CommonTerms, improved after the meaningful consent workshop
Pär Lannerö, 2015-04-14
Today: meaningless consent
Meaningful consent is rare on today’s
internet. Usually, users are neither informed nor in possession of good reasons
for trust. Yet we repeatedly consent to unfavorable terms, especially in the
privacy domain. We feel like we have no real alternative, and no real influence
over online terms of service. We’re usually in a hurry and prefer to avoid consenting
to anything, if possible. But when there’s no way forward but through consent,
we keep our fingers crossed, tick the box and hope for the best. This is the “biggest
lie” on the internet (“yes I have read and agree to the terms”).
no way we can read and understand all of the fine print (Terms &
Conditions, Cookie declarations, Privacy policies…) and there’s no way
contracts will disappear.
The CommonTerms project has been exploring
ways to stop the ”biggest lie” problem since 2010. We have studied what other
similar initiatives have done, and produced prototype “solutions” to the
problems associated with the biggest lie. We conclude that
- Contracting, even using fine print, is essentially
- But the biggest lie is a real problem with several
- It is not the most urgent problem around for
most people, which can help explain why the situation has not been dealt with in
a serious manner.
- It is rather complex and touches on many
disciplines, including law, commerce, psychology, technology, security, design…
- We still believe the problem can be
significantly reduced, and that several types of improvements can and should be
combined to this end.
Five ways to challenge the obstacle
In the following we summarize a central conclusion from our work so far:
Five different categories of efforts that can and should be used to reduce the need to lie when
consenting to agreements online. Together, these efforts can turn the fine print from
obstacle to a vehicle for mutual protection and support.
The first (bottom) 3 categories reduce the
need to read contracts at the time of consent (virtually cutting out slices of
fine print). The next makes reading more rewarding, and the last (top) one
makes reading easier.
Mandatory user protection
Terms of service and consent dialogues can
be reduced in size when law or other mandatory regulation provides users with
basic levels of protection, or in other ways define a common ground. If such
regulation has legal preference over anything that can be put in a contract,
there’s no need to deal with the issues in the contract.
Since the internet crosses many national
borders, and it can be very hard to tell what jurisdiction applies to
activities in a specific system, international conventions are attractive here.
But mandatory protection could also be provided at national or regional (eg.
EU) level. It can apply to all kinds of interactions, or to specific industries/business
Mandatory legal protection of users (as well as providers) can reduce the amount of fine print and the risk associated with accepting contracts.
The Dynamic Coalition on Platform
Responsibility (DCPR) which is currently being discussed in the context of the UN:s
Internet Governance Forum, is an example of user protection with a global scope.
The DCPR aims to produce a common baseline agreement for user
protection in social media platforms. Another example is
COPPA, which gives some basic protection for minors on US websites.
DCPR, by the way, does not only concern
itself with the substance matter of online contracts, but also defines a common
cannot create mandatory protective systems, there may still be a lot of benefit
in standardization of entire contracts or parts of contracts. With
standardized contracts or contract modules, you can read and understand once
and then easily accept or reject when you see it again and again. In the open
source software world, standardized licenses (GPL, Mozilla, BSD…) work like
this, and have been used for decades. For copyright, Creative Commons licenses
enable a time shift in a similar way: Users learn the licenses once, then reuse
this knowledge many times.
Different ways to remove the need to read at the time of consent.
It is easy
to imagine a techincal infrastructure that can remember your consents, for
later re-use. A personal cloud service could store a copy of every fine
print clause you accept or decline, and every part of every new contract
you encounter could be automatically compared with your previous decisions
regarding similar clauses. You could configure your software to automatically
accept things you already accepted, and to display only clauses that you
have not already seen, or to display only clauses that you or your friends usually
do not accept. This would greatly reduce the need to read at consent time. A
database of common terms/clauses would be a very useful component in such an
infrastructure. A handful of projects, including CommonTerms, have done work in
alternative to storing decisions for re-use as you go is to maintain a
preference model. With P3P (platform for privacy preferences) users could pre-configure
their web browser to accept or deny certain types of cookies. This was another
kind of time shift from the time of consent to an earlier occasion. However, a
large percentage of users never bother to configure their preferences, so I’m
more attracted to the successive accumulation of preferences by logging actual
decisions you make in real life settings.
And just as
you can time shift reading, understanding and decision making backwards, sometimes
you can time shift forward from the current time of consent. Just-in-time
consent can happen when a particular action is about to be taken in a
system that you have been using for a long time. Any clauses pertaining to the
particular action could be omitted from the contract you usually have to
consent to when registering for the service.
option is to offer trial use of a system or service without the need to read and
accept extensive fine print. Instead, the user could be offered a sandbox/novice
status, possibly with some restrictions. This might not be popular with sites who
want to boost their number of “members”, but it would also lower the threshold
for people to check out a new service.
Consent based on trust is usually less burdensome
than informed consent, and still often results in a better protection of your
Extending your arm so that your doctor can
take a blood sample, is a good example of meaningful consent based on trust.
Relying on experts or experienced friends’ recommendations usually make
decisions rather balanced. This is especially attractive if you’re a novice in
the domain. Even automated expert systems can be useful.
Sometimes, for example when selecting a
restaurant in a new city, we rely on the “wisdom of the crowd”. But take care.
The crowd can be wrong or even manipulated.
You pay extra for brands, but the
investment the brand owner has put into it also creates a reason for trust. And
reputation is one of the best tools we have to stop deception and fraud.
If you have good reasons to trust the other party, consent can be meaningful even if it is not informed.
Transparency, investigative journalism, and
civil rights organizations are other sources of trust, because they incentivize
providers of goods and services to deliver quality.
By actively supporting trust creation using
tools such as certifications, accreditation, transparency and auditing, we can reduce
the number of times that netizens need to hesitate at consenting.
Users’ willingness to read (or in other
ways gain knowledge of) terms & conditions should increase if there’s any
chance reading will actually make a difference. If users can actually influence
the trade-offs being made in a contract, this should make reading more
meaningful. Giving users more choice than take-it-or-leave-it could do miracles
If it makes a difference, users will be more motivated to become informed.
Another way to add meaning to reading the
T&Cs is gamification. The online gaming company Zynga explored this in
Privacyville, where users could collect a few points for later use inside the
game by actively exploring different sections of the Terms. I do not think this
option is open for every context, though.
Make reading easier
Last, but not least, we definitely need to
make it easier to read, navigate and understand the fine print that remains
after the above cropping.
Some of the terms you will still need to be aware of, but the effort required for this can be significantly reduced.
We can accomplish this using plain language
instead of legalese, and with clever use of tools in the UX and accessibility
toolboxes. Education can reduce the literacy gap between contract and readers,
but it will take time.
The CommonTerms project has proposed to
standardize the presentation of terms. We do not think that icons can be used,
except for a very limited set of very important and very common clauses. But standardization
of categories, ordering, formatting and terminology can be used to make reading
Some of the above categories have been explored by others
, for example members of the OpenNotice
group. Currently (April 2015) the Meaningful Consent project
is a primary contributor in the area. Much inspiration for the above conclusions come from their workshop.