How To Change Your Terms Of Service Without Looking Like A Jerk
Are you tired of reading privacy-freakout stories every time a popular Web service changes its terms of service? Great—many of us in the tech press are tired of writing them too.
But if we’re going to get a break from this genre, these companies need to learn how to talk with their users in something closer to normal English.
Instagram is only the most recent victim of this self-inflicted wound: In mid-December, the photo-sharing service had to retreat from new, lengthy terms of service after users seized on some passages as alleged proof that it would sell their photos (even though the old terms gave the company about as much latitude).
That fiasco should have surprised nobody, least of all Instagram’s new owners. Facebook had its own humbling experience with the “here’s our new privacy policy, click to accept” school of customer relationship management back in 2009.
Companies aiming to provide a service that doesn’t fit neatly into a traditional business model have to do better. They can’t expect everybody to chill out and digest their “ToS” legalese like a lawyer; at least some users will read it in the worst possible light, without a reality-check at an independent auditor like ToS;DR, then alert all of their friends.
And there are better examples startups can follow.
One is to annotate ToS changes with plain-English explanations.
At Tumblr’s terms-of-service page, for example, a series of short explanations help clear up the linguistic clutter. One 225-word paragraph–by which I mean a 225-word sentence–prohibiting “Automated Use” is accurately described as “Don’t do bad things to Tumblr or other users. Some particularly egregious examples of automated ‘bad things’ are listed in this section.”
(You know what other service could have learned from this? Instagram, which hosts its own blog on Tumblr.)
Better still, provide a normal-vocabulary distillation of every major plank in your policy.
The 3D printer manufacturer MakerBot does this well in the terms of service for its Thingiverse library of downloadable designs. For example, the usual all-caps “Limitation on Liability” section gets much simpler in this condensed version: “Stuff happens, things go wrong. Where a state allows, in no case will we be responsible for more than $50.”
But you can’t pare down things too much. The photo-sharing site 500px’s terms feature similar summaries of each section, but those concise sentences glide over diverse possible promotional uses of your photos authorized by the full text.
Letting users directly compare changes in old and new policies works too. Facebook adopted that approach in the summer of 2009 and has since made a point of posting “redline” documents that highlight text added or removed. Tumblr does that as well—although sending non-programmers off to browse a GitHub repository may be a little intimidating.
Finally, it doesn’t hurt to set down the thoughts that animate your custody of a user’s data. Facebook has a 10-point list of guiding principles, while Foursquare posted a “Privacy 101” document setting out the intellectual framework of the revised privacy policy that will go into effect later this month.
(Foursquare, however, undercut this sales pitch by only telling users in an e-mail; its blog and Twitter account have yet to mention the change.)
No one of these things may prevent a needless privacy panic—for one thing, it’s hard to engineer your way out of the disconnect between users who want strict boundaries to uses of their data and founders and investors who don’t want to circumscribe the company’s possibilities. But not doing any of them pretty much invites a PR meltdown.