Colum Kenny: We need to reboot contract law for the web
Colum Kenny, professor emeritus of communications at Dublin City University (DCU) and a qualified barrister, writes on the legal challenges posed by online privacy.
Political advertising on Facebook is one of the issues that Hildegarde Naughton, James Lawless and Eamon Ryan, the three Irish members of the International Grand Committee on Disinformation and Fake News, planned to raise with Facebook chief executive Mark Zuckerberg on his flying visits to Dublin yesterday. They also planned to ask him about the steps being taken by his company to safeguard young people and vulnerable adults who use its products.
With European elections in May, unmasking and fighting online manipulation of data clearly has political as well as commercial implications.
The three TDs, who are also members of the Oireachtas Committee on Communications, might be better served talking to the Irish judiciary if they want to see some real changes in the way Facebook and its peers behave.
The laws protecting your data are regularly undermined by terms and conditions that click away your rights. They allow your data to be sold for advertising or other purposes without full transparency.
Regulators alone are no match for the multibillion-dollar web of online companies when it comes to the use of your data. There is an inequality of bargaining power.
Contract law
It is time for judges to take a more robust approach in the application of contract law. They should set a high burden of proof for online companies claiming that you really consented to your data being used or shared, whether in contract cases or in breach-of-privacy and abuse-of-personal-data actions.
They should not find that your consent is implied just because terms are “made available” by a company such as Facebook but are not proportionate or lucid.
Millions of people every day click little boxes online signalling “I accept” or “okay” to terms and conditions offered by social-media platforms and other sites that are frequently labyrinthine. Some sites simply proclaim: “By using the site you agree to our privacy settings.” These clickwrap “consents” are in law (if not in life) as weighty as signing on paper.
The explicit “cookie policy” of even very reputable companies can run to thousands of words, not including many related webpages to which one is linked from that policy page. Even then, clicking to opt out of ads, one is told on one site (for example): “You will still receive other types of online advertising from participating companies and any type of advertising from non-participating companies, and the web sites you visit may still collect information for other purposes.” What “other purposes”?
Clicking the “privacy” link at the end of a standard Google page, you find a Google text of 4,500 words and 100 hyperlinks. One of these connects to a long list of just some of the providers “who work with website operators to collect and use information”. You may “turn on or off” individually more than 100 such companies – but are warned: “Using this tool only applies to online behavioural advertising and will not affect other services that use the same technology.” Who understands where that leaves our personal data?
Just before Christmas, the UK information commissioner decided that you cannot be held to have accepted a company’s use of cookies where the only alternative is paying to opt out. But even then your actual remedy may not be local and affordable, with distant courts sometimes having sole jurisdiction under present law.
Nudging
Many unwitting citizens also do not realise that “nudging” is used in business and politics to direct us unconsciously towards decisions. Even simple wording that vaguely suggests you may be disadvantaged by opting out, or lists rude alternatives such as “not interested” instead of “no thanks” may nudge you to click “accept”.
The European Union’s General Data Protection Regulation does not go far enough. There is a need to reboot contract law for the web, and this goes beyond the area of contracting over privacy. For example, is someone who is drunk or drugged late at night truly consenting to an online bet, one that may result in severe losses for a whole family?
People were always urged to read the small print when signing a contract, or not to sign if “under the influence”. But now the cards are stacked too heavily in favour of commercial entities. These use dark means and complex terms to nudge us into open-ended consent to the use of our data that one might not otherwise give freely.
- Colum Kenny is a professor emeritus of communications at Dublin City University and a qualified barrister. This article first appeared in The Irish Times.