Website Terms of Service and Privacy Policies – More Than Law

Some companies simply copy and paste the terms of service and privacy policies. This can be a costly mistake. The terms of service (“TOS”) and privacy policies (“PP”) should reflect the combination of legal, business, marketing, and ethical concerns of the company. Facebook has received a lot of criticism of its privacy policies over the years, ranging from the tracking beacon to the more recent outcry over granting Facebook application developers access to its user’s telephone number and address information. Even though Facebook’s action were likely permissible within its TOS and PP, the public outcry lead to a reversal of its policy, highlighting the extra-legal importance of the documents. [Edit: Facebook has resumed the policy.]

Legal
Part of the lack of attention to the TOS and PP is that they are, in fact, legal documents… so the website developers’ eyes glaze over reading the legalese (snooze). But because they are legal documents that can bind the company and the website visitor, proper attention should be paid to the documents. In hurriedly copying the documents from elsewhere, a meaningful TOS and PP for an opinion blog, a product website, an adult services website, a B2B cloud service, a server penetration business, etc. may not be implemented. Each type of business has its unique legal issues that should be addressed. All the terms from one set of documents may not be intended, useful, and/or enforceable in different business use cases.

Business
As a binding document, the TOS and PP can positively and negatively affect the direction of the business, including the monetization strategy. Facebook started with its users segmented in different silos, namely their schools. Originally, one needed a .edu email address in order to join and communication was generally limited to other people having emails with the same domain name. More recently, Facebook’s growth strategy is almost the opposite of that original strategy. It now encourages everyone to join and create relationships that did not previously exist. An inflexible TOS and PP may not have permitted that strategic change in direction.

Contrast that business scenario with the PP policy of the former eToys.com website. It read in part:

eToys respects your privacy. We do not sell, rent, loan or transfer any personal information regarding our customers or their kids to any unrelated third parties. Any information you give us about yourself or your kids is held with the utmost care and security and will not be used in ways to which you have not consented.

At a quick glance, that seems a respectable policy. However, the company went bankrupt. As the customer data was one of the valuable remaining assets in the bankruptcy estate, there was a dispute over the sale of the eToy.com customer list. In other words, the documents affected the ability of investors, creditors, and successors to recover value.

The potential reach of the documents as a whole (as well as the language of the above section) is further highlighted by the recent purchase of the free to use OkCupid.com dating website by the paid use Match.com website. If OkCupid had a privacy policy of similar to that of the above quoted eToy privacy policy, there may be questions whether Match.com is an “unrelated third party,” impacting any possible integration plans. In addition to the legal question, there would be a business valuation question for OkCupid and Match if OkCupid had been marketed with a strong privacy expection. OkCupid users may then leave in droves, decreasing the potential value of OKCupid to Match.com.

Marketing
It may seem counterintuitive, but the TOS and PP can support (or detract from) your marketing efforts. Currently, the industry trend is to move to the cloud. However, two key reasons why businesses are hesitant to move to the cloud are downtime and data access/use concerns. A cloud service provider of B2B applications where users enter valuable, sensitive business data has a more compelling message when it can state that the privacy policy explicitly states that business data will only be used for the purpose of the application and will not be processed individually or in the aggregate for marketing purposes.

Ethics
Again, it may seem counterintuitive that the TOS and PP dating can indicate the culture of a company, but podcast and technology guru Leo Laporte deactivated his Facebook account citing poor privacy control for a user account and stating that Facebook had incentive to not provide strong privacy (Note: he has since recreated a Facebook account). Yours truly only maintains test accounts on Facebook for similar reasons. In fact, Facebook’s privacy issues lead to startup Diaspora’s raising of ~ $200,000 based on creating a privacy oriented distributed social network. (Edit: And that little project called Google+)

A more pointed illustration of lack of ethics illustrated via the TOS and PP was shown in some now defunct dating websites. Those websites would send messages to male subscribers of the website that appeared to be from interested women. A few jilted men suspected that the messages weren’t from interested women and complained to the website operators suspecting that it was a ruse to entice them to sustain their subscriptions. The website “customer service” pointed those men to the terms of service, which stated that messages may be sent through the system from “likenesses” (read non-existent women) based on those men’s profiles and interests…. Those “unique” terms may be enforceable, but they are still ethically questionable. You can imagine that reputation of the company.

Conclusion
The above illustrations aren’t to endorse one approach over another but they should highlight that even though the terms of service and privacy policy are “contracts,” they should drafted to reflect the legal, business, marketing, and ethical goals of your company. Are your TOS and PP  Google’s Terms, StartPage’s Policy, Twitter’s Terms, or your own terms?