In the era of mobile Internet, Apps have become an essential tool for people. When downloading and using it for the first time, clicking "I have read and agree to the User Agreement and Privacy Policy" is a general operation. These protocols are tens of thousands or even tens of thousands of words long, comparable in length to a paper, and surveys show that nearly 80% of users rarely or never read them. What are the "pits" hidden in the complex protocol text?
User agreement and privacy policy interface of an app (photo by Wang Jinghuai)
Tens of thousands of words
How many people will read the App User Agreement?
A few days ago, the reporter downloaded 5 social, games, short videos, shopping and other apps with more than 100 million downloads in the mobile application market and found that each app will stipulate the content of the user agreement and privacy policy according to its own characteristics. However, some of the basic content is the same.
In terms of user agreement, the App will generally introduce the basic situation and use of the product, such as how to register and cancel the account, how to deal with the loss of passwords; emphasize the user code of conduct, such as requiring users not to make up, spread rumors, false information; emphasize the company's rights, such as the intellectual property rights of related content owned by the company; in addition, it will also declare disclaimer clauses, leave contact information, etc.
In view of the personal information security that has attracted much attention in recent years, the user agreement will generally list a separate chapter on "personal information protection", and some also specifically list the relevant provisions of "protection of minors". At the same time, the privacy policy also provides detailed provisions on the collection, management, storage, and protection of personal information.
The total number of words in the user agreements and privacy policies of these five apps exceeds 130,000 words, and the average content required users to "read and agree" to each app is about 27,000 words, which is longer than an undergraduate thesis and close to the length of a master's thesis. The protocols for some niche apps are relatively simple, with user protocols in the thousands of words in length.
With such a huge amount of reading, how many users will go to see it? The results of a joint research team conducted by Yuan Kang, deputy dean of the Institute of Network Governance at Wuhan University, surveyed and interviewed 1,036 people last year, showing that 77.8% of users "rarely or never" read the privacy agreement when installing the app, and 69.69% of users ignore the update prompt of the app privacy agreement.
"User agreements and privacy policies are full of cumbersome information, and professionals are calling headaches, not to mention ordinary consumers." Yuan Kang believes that "few people read" reflects that the relevant agreements are still "useless" and do not reach the original intention of protecting users' right to know.
Some netizens complain about user agreements and privacy policies (photo by Wang Jinghuai)
What "pits" are hidden in the user agreement?
In recent years, app user agreements and privacy policies have been gradually improved in governance. However, some apps are still "digging holes", and consumers are easy to fall into the trap if they are not careful.
The first "pit": if you do not agree, you cannot use it. The Personal Information Protection Law stipulates that personal information processors may not refuse to provide products or services on the grounds that individuals do not agree to process their personal information or withdraw their consent; unless the processing of personal information is necessary to provide products or services.
"Some apps don't need to ask for personal information excessively when displaying products and videos, and it is inappropriate for those who can't use it if they don't agree." Zuo Xiaodong, vice president of the China Academy of Information Security, also reminded that "whether it is necessary or not should not be unilaterally stipulated by the App, and it is necessary to prevent the side ball from being rubbed." ”
The second "pit": darkness Chen Cang. In March this year, the "oTMS to where" App did not prompt users to read the privacy policy and other collection and use rules through obvious means such as pop-up windows when it was first run, or solicited user consent by default to non-explicit means such as choosing to agree to the privacy policy, and was suspected of privacy non-compliance, and was notified by the National Computer Virus Emergency Treatment Center.
The third "pit": first chop and then play. Since the beginning of this year, many apps such as "Yunlian Health" and "Trace Travel" have begun to collect personal information before obtaining the consent of users, and have been notified one by one. "Although the relevant departments continue to strengthen supervision of similar behaviors, the app's illegal collection of personal information still has a certain degree of concealment." Yuan Kang said.
The fourth "pit": one consent, the second consent. Some apps revise their privacy agreements as needed, but users can't know if the content has been updated in a timely manner. For example, a beauty app states in the user agreement that the company has the right to formulate and modify this agreement and/or various rules from time to time as needed, and publish it on the app platform without further notice to the user. By using the Platform Services, consumers are deemed to have accepted the revised Agreements and Rules.
Fifth "pit": personal information is transferred to a third party. The user agreement of a shopping app states that for consumers' videos, photos, texts, etc., "(the platform) has a permanent, indefinite and geographically restricted, completely free use right" and "has the right to license it to any third party" and "does not need to obtain your consent when actually exercising". Yuan Kang believes that app obtained the authorization to share user data with third parties in the initial agreement, which is equivalent to allowing users to give up their right to review the circulation and transfer of personal information in the future.
Can user agreements be inventoried?
Zuo Xiaodong and many other experts believe that some App user agreements and privacy policies are suspected of fishing in muddy waters through obscure text, and call for a concise and clear list of what consumers need to know through the list system, reducing the reading threshold.
In the future, we will further standardize the App User Agreement and Privacy Policy. Chen Xuhui and Yuan Kang, director of the Internet Information and User Behavior Research Center of the Business School of Tianjin University of Finance and Economics, called for the general content of user agreements to be complex, and it is necessary to start from the user's convenient reading needs, and highlight the important parts associated with users in front of the agreement, similar to the annual reports and abstracts of academic papers of listed companies, so as to facilitate users to understand the core content of the privacy agreement.
"The relevant agreements should also further clarify the scope of core elements such as 'required information' and 'third parties', which cannot be vaguely summarized as 'possible disclosure to third parties'. When sharing user information, sensitive personal information should also be anonymized. Yuan Kang said.
Compacting the responsibility of the mobile application market. Chen Xuhui believes that the regulatory authorities can seize the "key minority" of the mobile phone application market, clarify the corresponding legal responsibilities of their illegal apps on the shelves, and promote them to do a good job in controlling the app from the source of the shelves.
In addition, it is necessary to enhance consumers' awareness of the protection of personal information and strengthen law enforcement. Zuo Xiaodong believes that teenagers, college students and other groups are familiar with the App, have a strong sense of personal information protection, can become the main force to promote the improvement of user agreements and privacy policies, lawyers and other professional forces should actively join, form a virtuous circle of violations must be reported, reports must be investigated, and gradually promote the implementation of the content of the agreement.