Check the box to indicate that you have read and agree to the terms of service. This type of notice appears at the bottom of sign-up pages for nearly every website, application, or game many of us use on a daily basis. The question is, does anyone actually do it? We all check the box, but how many people even skim the terms of service or understand what they really mean?
Brock University Adjunct Professor of Sociology Natasha Tusikov has been awarded a grant from the office of the Privacy Commissioner of Canada with the aim of discovering just what big internet companies do with information gathered online and what it means for the online privacy of Canadians. What information do they gather, what do they do with it, and how legal is it? That is not always clear.
Tusikov’s research will cover mostly the big US internet firms: Microsoft, Google, Yahoo, eBay and PayPal, along with the major payment companies, such as Visa and MasterCard.
Internet firms, “act as global regulators, controlling different types of content and activity,” says Tusikov. eBay, for example, attempts to control the sale of counterfeit goods in agreement with major retailers. Internet service providers attempt to stop their customers from downloading copies of movies, music and software in agreement with the producers of those products. The problem with most of these agreements, though, is they are non-legally binding.
“This is a pretty new and interesting area of regulation,” said Tusikov. “Non-legally binding means existing outside of law, existing outside of judicial orders, so essentially these are handshake agreements between big companies… the reasons that some of these rights holders, like Nike and the US government, wanted to go in this direction is because they felt legislation wasn’t working.”
In 2012, the US government tried to implement SOPA, or the Stop Online Piracy Act, a wildly unpopular move that lead to protests online and off. The aim of the bill was to stop the online trafficking of counterfeit and copyright-infringing goods and materials, and the protection of intellectual property. Opposition said the bill would actually severely compromise the freedom of the internet and the bill was never enacted. Instead, companies are making their own rules.
What do the rules set by big companies in the United States have to do with Canadians?
“The average person,” says Tusikov, “probably thinks that a lot of the rules set online are set by legislatures, or are set by the Government of Canada in an open, public, democratic debate. If we don’t like these laws or bills as they are written then we can protest, we can suggest amendments.” That, Tusikov says, is not actually the case.
“The problem here is that we’re having rules that are set quietly by big companies and …they’re rolled out over these platforms globally, so Canadians are being governed by rules that are set by big companies in the United States.”
“What my research is looking at is, what are the privacy implications of this? Is eBay consistently following canadian privacy laws? Is Facebook? PayPal? ” The answer, Tusikov says, is no. When a conflict arises between Canadian and American privacy laws, many companies have argued that Canadian laws don’t apply.
Many Canadians, says Tusikov, might think that because they are in Canada and accessing an application or website from Canada that their information is stored here as well. That may actually not be the case.
“Information might be stored in many different places around the world,” says Tusikov, places where governments or agencies may be perfectly within their rights to take all of your data, whereas under Canadian law that might be illegal. The Cloud does not actually exist. In reality, the Cloud is a series of server farms that exist all over the world. “Your information could be stored on a server farm that exists territorially in Canada, say outside of Toronto, but then it moves, and moves, and as it moves different laws apply to that data,” she says. Using a Canadian website might not make much of a difference “Who sets these rules and who enforces these rules online and with what effects on our privacy?” This is where Tusikov’s research comes in. She aims to find out what all of this means to Canadians.
“To their credit, companies have taken people’s complaints [about terms of service agreements] more seriously,” she says. “In the past, these agreements were entirely legalese, extremely complicated and difficult to understand. Lots of companies have rewritten them so they’re much simpler…companies have taken steps to try to help people understand their rights.”
Tusikov says the best way to protect yourself is to read the terms of service thoroughly and read them every time they’re updated and question why certain application or services might want certain pieces of your information.
“Before you just blindly click ‘I agree,’ you should think, ‘do I really want this application if it says it needs all of that information from me?”