Some companies simply copy and paste the terms of service and privacy policies. This can be a costly mistake. The terms of service (“TOS”) and privacy policies (“PP”) should reflect the combination of legal, business, marketing, and ethical concerns of the company. Facebook has received a lot of criticism of its privacy policies over the years, ranging from the tracking beacon to the more recent outcry over granting Facebook application developers access to its user’s telephone number and address information. Even though Facebook’s action were likely permissible within its TOS and PP, the public outcry lead to a reversal of its policy, highlighting the extra-legal importance of the documents. [Edit: Facebook has resumed the policy.]
Part of the lack of attention to the TOS and PP is that they are, in fact, legal documents… so the website developers’ eyes glaze over reading the legalese (snooze). But because they are legal documents that can bind the company and the website visitor, proper attention should be paid to the documents. In hurriedly copying the documents from elsewhere, a meaningful TOS and PP for an opinion blog, a product website, an adult services website, a B2B cloud service, a server penetration business, etc. may not be implemented. Each type of business has its unique legal issues that should be addressed. All the terms from one set of documents may not be intended, useful, and/or enforceable in different business use cases.
As a binding document, the TOS and PP can positively and negatively affect the direction of the business, including the monetization strategy. Facebook started with its users segmented in different silos, namely their schools. Originally, one needed a .edu email address in order to join and communication was generally limited to other people having emails with the same domain name. More recently, Facebook’s growth strategy is almost the opposite of that original strategy. It now encourages everyone to join and create relationships that did not previously exist. An inflexible TOS and PP may not have permitted that strategic change in direction.
Contrast that business scenario with the PP policy of the former eToys.com website. It read in part:
eToys respects your privacy. We do not sell, rent, loan or transfer any personal information regarding our customers or their kids to any unrelated third parties. Any information you give us about yourself or your kids is held with the utmost care and security and will not be used in ways to which you have not consented.
At a quick glance, that seems a respectable policy. However, the company went bankrupt. As the customer data was one of the valuable remaining assets in the bankruptcy estate, there was a dispute over the sale of the eToy.com customer list. In other words, the documents affected the ability of investors, creditors, and successors to recover value.
Again, it may seem counterintuitive that the TOS and PP dating can indicate the culture of a company, but podcast and technology guru Leo Laporte deactivated his Facebook account citing poor privacy control for a user account and stating that Facebook had incentive to not provide strong privacy (Note: he has since recreated a Facebook account). Yours truly only maintains test accounts on Facebook for similar reasons. In fact, Facebook’s privacy issues lead to startup Diaspora’s raising of ~ $200,000 based on creating a privacy oriented distributed social network. (Edit: And that little project called Google+)
A more pointed illustration of lack of ethics illustrated via the TOS and PP was shown in some now defunct dating websites. Those websites would send messages to male subscribers of the website that appeared to be from interested women. A few jilted men suspected that the messages weren’t from interested women and complained to the website operators suspecting that it was a ruse to entice them to sustain their subscriptions. The website “customer service” pointed those men to the terms of service, which stated that messages may be sent through the system from “likenesses” (read non-existent women) based on those men’s profiles and interests…. Those “unique” terms may be enforceable, but they are still ethically questionable. You can imagine that reputation of the company.