Keeping Up With User Policies (Part II of II)

From the Oct. 2009 Issue

[Part II of a II Part Series - Read Part I]

If you’re like most consumers, you simply click through the license agreement when you use a program and never bother to read the terms of use on websites you use for work. If you don’t think it matters, how would you feel about taking that same approach to other contracts, such as mortgages and car loans?

In my last column (, I discussed the potential legal issues that modern technology users face, even though most don’t even recognize them. In our professional and personal lives, we sign contracts every day that we don’t even read, under the assumption that,

A) The agreement hasn’t changed since the last time we used the technology; and,
B) That the company whose program or service we are using would not risk their business relationship by implementing policies that would anger its users.

These contracts are the user agreements and terms of use policies that we agree to, without reading, every time we use a hosted program, website, online email or traditional programs with automatic update features. This is naïve. And if these websites or programs are used for work involving sensitive client data (what client data isn’t?), then you need to evaluate whether or not you are performing your due diligence.

Is it enough to assume that your vendor would never do you wrong? In most cases, especially with established technology vendors, they probably would not. But when is probably an answer to whether you are performing due diligence with regard to your client data? So the answer is no, but what can be done about it?

The biggest challenge when using websites or hosted programs is that the user agreements can change at almost any time, and with little or no notice. And as I stated last month, nobody has the time to read these agreements prior to each use, especially considering the legal jargon used. I am a major advocate of hosted programs. They are more convenient for end-users as well as technology vendors. Likewise, Web 2.0 websites provide great resources for professional use and for online recreation. But how can we be informed users and consumers of these technologies without opening ourselves and potentially our employers up to potential liability?

A possible solution is a clearinghouse that would alert users to changes in the terms of service, privacy policies and other agreements for technologies they use. This would not be a government entity, but rather an organization funded voluntarily by the technology sector. I’ll address the funding issue in a bit, but first I need to define the how and what of the organization.

If a person or business is concerned about potential changes in the agreement terms they have with technology companies, especially hosted programs and websites, they could sign up online to be notified of changes to particular sites or programs they use, which they would note on selection lists. All that would be required is an email address, to which alerts would be sent. The user would determine how frequently they wanted to be alerted.

The clearinghouse would also include ratings of the significance of these changes, say from Level 1 being the least notable changes to a terms of use or privacy agreement (minor edits, clarification, etc.) to Level 5, which would represent the most significant changes that could impact many users. This would allow users to also determine the level at which they wanted to be alerted (as in, “How big a change to the user agreement do you want to be notified about?”). When a consumer would receive an alert, the email would provide links to view the previous and new versions of their agreement, and let them decide whether it was of concern.

For users to receive an alert that an agreement had changed, it would first need two things: The terms of use/policy as it was when the user first started using the technology or website, and the newly changed version.

There are two directions the clearinghouse can now take: one, as a neutral organization that provides no legal opinion on the agreements or changes to them; or two, providing content-based legal opinion as to what effect the new language in the agreements might have. This second option would be far too contentious and costly. I prefer the first, which not only is much simpler in concept, but also in infrastructure. The organization would have a database of user agreements, privacy policies and the like, referenceable by technology vendor, program, website, date and other factors.

At the bottom end of the technology spectrum, staff could use simple document comparison tools such as the ones in Word to identify where changes occurred and whether the changes were numerically limited, moderate or major, coinciding with the significance levels the user selected for alert notifications. This judgment would not relate to potential legal significance, but to the extent that the wording of an agreement had changed.

This would be a daunting task, especially if trying to perform these functions manually, when you consider that there are several thousand technology vendors in the United States alone, and countless websites offering various services. But keep in mind, especially with websites, that the only concern would be with commercial sites, and then only those with large user bases. Also, with only a little more technology infrastructure, the clearinghouse would be able to automate most of these processes. Additionally, the new agreements would be submitted by the technology vendors and websites themselves. (I explain why below.)

Even as a nonprofit watchdog-type group, such a clearinghouse would need money to operate, primarily for full-time staff and infrastructure. As I noted earlier, the clearinghouse would be funded by the technology industry (hosted solution providers and commercial websites, most notably). This would not be through a tax or mandate, but voluntary. And these companies would also voluntarily submit planned changes to user agreements and privacy policies (under protection of non-disclosure) in advance of implementing those changes. They would retain the ability to make immediate changes as necessary when faced with pressing legal concerns such as needing to close a previously unknown loophole.

The sale of technology and the use of technology for sales are billion dollar markets, but they are very different in their models. My first inclination was for technology vendors to contribute a fixed amount per transaction, say five or ten cents for each sale, service agreement, contract or other transaction of more than $10 (not a percentage, though). With millions of transactions each year, a small surcharge such as this could easily provide ample resources for the organization. While I think this would be a good system for direct developers/sellers of technology and programs (such as Microsoft, Apple, hosted program providers, etc.), it would not fit with the revenue models of websites and solutions that are cost-free to users (like Yahoo! Mail, Google Docs, Facebook, Twitter, etc.). Nor would it be a fit for online retailers or the websites of traditional retailers. But I still think that a low-cost, per-transaction model would have the least impact on pricing, although these entities might alternatively be able to pay an annual fee.

Why would technology companies voluntarily fund a group whose purpose is to police the industry? For starters, the clearinghouse would have no “policing” powers. Its sole purpose would be to provide notice to users of changes to agreements. In return for voluntarily helping to fund the organization, tech companies would be able to use logos or website images noting their membership in the “Technology Agreement Clearinghouse,” or perhaps a catchier name. It would be akin to the Better Business Bureau or other industry groups and would serve as an assurance to consumers that the company is open about its policies and is concerned about their rights as users of its technology.

While the clearinghouse idea presents many challenges, if it is viable at all, there is a need for a solution. Although most users seem content with the status quo, we continue to put ourselves, our employers and potentially even client data at risk every time we use technologies that have user agreements and privacy policies that can change at any time. The clearinghouse concept at least addresses the problem and acknowledges that most people don’t want to read these agreements, instead offering them a quick method of finding what has actually changed, if they want to.

The more we rely on the convenience of hosted solutions, cloud-based computing and other technologies, the more we need to know what we are agreeing to.

Think this couldn’t work? Have a better idea? Send me an email at or discuss it on our blog at

Part II of a II Part Series - Read Part I