There are currently 15 sites in our survey. More will be added progressively. Please refer to our scoring page for details on how companies are assessed.
- "Data Use" is about what data the site collects and what it can do with it. more...
- "Disclosure" is about when the site can share your personal information with others. more...
- "A & T" is amendment and termination: what rights do you have when the site wants to change its terms or terminate your account? more...
- "Misc." is a catchall for other pro- or anti- user policies and practices. more...
Most of the sites surveyed contain provisions that give them extensive rights to any content that you submit. For example, LinkedIn's User Agreement says:
[Y]ou grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including, but not limited to, any user generated content, ideas, concepts, techniques or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties.
This provision is too broad. It effectively lets LinkedIn do anything it wants with your data. A sensible way of narrowing provisions such as these would be for each site to allow data to be used only for the purpose of providing you with the service for which you signed up. This is the approach taken by Microsoft and Yahoo!, which score well in this category. Google’s provision is similar, but you worryingly authorize your data to be used for all of Google’s many services.
The most surprising result in this category is Facebook. That company is frequently criticized for failing to respect the privacy of its users. But Facebook scores ahead of its competitors LinkedIn, Google+, and Twitter. This is because Facebook’s rights to your data are limited by your privacy settings. If you choose to share a photo album with only your close friends, Facebook is not able to use that album for any other purpose. Facebook’s score in this category (18) would be even higher if we did not have concerns about it tracking both users’ and non-users’ activity on other sites that have installed Facebook plugins.
When your data can be disclosed
All of the companies surveyed contain terms that permit them to share your data with third parties. This is necessary to allow them to respond to requests from law enforcement agencies. But these provisions usually go far beyond the matter of law enforcement and end up being too broad. Take the following provision from Microsoft’s agreement:
[W]e may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.
(A) is understandable and (c) is at least limited to matters of “personal safety”, but (b) would allow Microsoft to disclose your information to protect not only their own “rights or property” but also the rights of another customer. We would like to see these provisions narrowed so that disclosure is permitted only when absolutely necessary. Several of the companies surveyed have made a good effort at narrowing the scope of these provisions. Dropbox tops this category with a provision that is narrower in several ways than the Microsoft provision quoted above.
Transparency regarding disclosure
As outlined in our scoring methodology, we also grade companies according to how transparent they are in responding to government data requests. The best performing companies in this sub-category are Dropbox and Wikipedia.
Amendment & Termination
Most of the companies surveyed give themselves the right to change their terms of service at any time and either without notice or with very limited notice to users. For example, the Netflix agreement says:
Sites score higher in this category if they promise to notify users in advance of any changes (and if the notice is likely to actually reach users; notice by email is our preferred approach). Only one site, Facebook, requires consultation with users prior to any amendment, although the consultation process is flawed.
Most of the companies surveyed can terminate your account at any time and for any reason. We think that if they take their terms of service seriously, they should agree to terminate an account only if you breach the agreement. We were pleased to see that Facebook and eBay go some way in this direction.
The adjustments in this category include:
- Netflix, Spotify and PayPal are penalized for including a mandatory arbitration clause that causes you to forfeit your right to sue in court.
- Craigslist is penalized for including liquidated damages clauses that causes you to owe it between $25 and $25,000 for breaching its terms of service.
- Facebook is penalized for including a number of unrealistic provisions in its terms.
- Some sites are awarded an additional point for having terms of service that are clear and mostly free of legalese.