About

TLDR: Terms of Service – Privacy, Data Collection and Conditional Access

Marcia K Wilbur

Do you know what you are agreeing to when you “accept” a terms of service?

When you click to “Accept” a terms of service (TOS), it’s essential to understand what you’re agreeing to. Many conditional access agreements include information about the privacy policy, data collection, privacy, how your data will be used and who the data is shared with. Some TOS agreements can indeed be lengthy and overreaching. It’s crucial to review these carefully and look out for clauses that restrict your rights, such as restricting your ability to sue, censoring negative reviews or some overly broad data collection practices. This presentation covers privacy, a few example terms of service, data collection and discusses the amount of time it would take (estimated) to read. Understanding TOS agreements empowers you. Additionally, there is a pending bill (USA) to simplify terms of service. This will also be discussed.

Marcia K. Wilbur is a GNU Linux AIOT developer, author and advocate with a focus on security and privacy. While pursuing a degree in computer science, she participated in DVD-Discuss at Harvard’s Berkman Center for Internet and Society collaborating on case topics and an amicus brief related to DeCSS. In 2002-2003 serving as an intern, she was an advisory committee member for the Free Software Foundation Digital Speech Project, moving to writing the DMCA FAQs for the EFF blog in 2003. Recently, she spoke at Yale Law school about Copyright, Surveillance, Privacy and rights.

Data Collection:

Most websites collect user data, even if it’s just basic information like IP addresses, browser types, and pages visited. If you’re collecting any user data, you should have a Privacy Policy in place. This legal agreement outlines what information you collect, how you’ll use it, and who it might be shared with. For example, Californian law requires a standalone Privacy Policy that covers these aspects1.

EU Data Protection Directive:

In the UK and Europe, the EU Data Protection Directive sets out seven principles for data collection:

Notice: Users should be informed when their data is collected.

Purpose: Data should only be used for the stated purpose.

Consent: User data shouldn’t be shared without consent.

Security: Collected data must be kept secure.

Disclosure: Users should know who collects their data.

Access: Users can access and correct their data.

Accountability: Data collectors must follow these principles1.