It’s happened. All of your worst fears have been confirmed. They have your data, and they’re not afraid to use it. Technically, you should have known better, or at least that’s what they’re telling you. You did agree to this, after all – didn’t you read their terms and conditions? Those terms and conditions are the main vehicle for communicating what a mobile app or social media platform can do with your data, but they shouldn’t be. Take a look at Path.
If you’re a Path user, you got an email last week specifically letting you know that they’ve updated their user agreement and privacy policy. They’re very invested in you knowing about it, because after “AddressGate”, their PR disaster over privacy concerns a few months ago, they’re a little bit sensitive about the whole subject.
Before we get to what Path’s new policy is, let’s take a second and honestly evaluate how many times in a day, week or month we accept the terms of service for a new website, application or purchase. Now how many of those times did you read through it? Even when there was money or personal data involved? Don’t worry, neither did I.
There’s the age-old adage about always reading a contract thoroughly before you sign it, but that saying has likely been around since the days when you weren’t presented with fifty such contracts just to get your new phone set up with the apps you want to use. The sheer volume of user agreements, terms of use and privacy policies in today’s data-driven, technical age makes it incredibly inconvenient and highly unlikely for anyone to read every single term and condition.
How does that relate to this latest effort from Path, and more importantly, to businesses looking to avoid a similar outcome? It boils down to communication and trust, two things that should be part of any business strategy, whether you’re making an app or selling houses.
The biggest thing that went wrong for Path, back when this first became a problem, was that users didn’t know what Path was doing with their data, mainly because Path never told them. When a blogger was working in Path’s API and realized how his data was being stored, his blog post on the subject quickly became home-page news on all of the major digital news outlets. Since the news came as a surprise to Path users, they lost trust in Path’s service. How could this have been avoided? Clear communication.
So that’s what Path did this time around.
They sent every one of their users a clearly written, concise email in plain English telling them about the updates to their terms of service. If you want a breakdown of the exact changes, there are several blog posts out about the subject. To summarize, the updates are things that any reasonable user of social networks or mobile applications has gotten used to long ago. Path collects the information you share with them, they want to monetize their business eventually, and they’ll likely use your data to help them do so. None of this is shocking, or at least it shouldn’t be to any users of Facebook.
The most important highlight in these changes is that Path is going out of their way to ensure you trust them again, to the point where they’ll delete all of your data if you ask them to. That’s all that’s relevant to users in this update, really. The rest of it is letting us know that Path is just like every other online application and social network, and is trying to monetize their service using the most valuable thing it gathers: your data.
Let’s get back to the point here: trust, and how communication can make or break it. Path’s problems started because they never communicated what their app was doing. If you look back to the original blog post that broke the story, the comments all say they would have been mollified by a pop-up asking their permission. The real problem was that Path went behind their backs to save more data than people reasonably assumed an application had access to. Had they clearly communicated the major differences with their application, asked for and obtained permission, this would have been a non-issue.
So here’s my proposal.
We all get really clear on a few shared assumptions most of us have about social media platforms and mobile applications. The rights to anything we share on social media, applications or similar platforms will likely belong to the company running that platform, at least jointly. Data is valuable, we have a right to know what data a company has about us, and these companies will inevitably use that data to monetize in some way. These are things we can all implicitly assume are covered somewhere in those terms and conditions, with potentially minor differences between applications.
Then, when a company asks you to accept their terms, they highlight the three biggest ways in which their terms of service might surprise you, in the same way Path did in their email to users: in English, not legalese. If you do have a problem with it, they provide links to further details about why this is a necessary evil, and how it ultimately benefits you, the user. Confidential to the company: if what you’re doing doesn’t benefit the consumer, why are you doing it and why would anyone agree to it?
While telling users exactly why your company wants their data and how you’ll use it could sound intimidating, it’s also going to happen whether you like it or not. Path’s data storage practices were figured out by one blogger who was working within their API. It now only takes one person to kick off a PR nightmare for your company, so transparency isn’t a choice. Neither is clear communication. Companies that do this well will build more trust with their users and avoid creating a widespread social media backlash, as happened to Path.
Clear communication and transparency are the ways forward for all business communications, not just terms and conditions. How are you adapting?
To examine how Path went from the super-villain of the tech world to communication leaders, make sure to look back at the blog post and TechCrunch article that broke the story. Gizmodo provided a good analysis of why “AddressGate” caused such a stir in the technology community, and Michael Arrington of TechCrunch provided a solid recommendation that Path hash all of their user data, which is what Path eventually did.
Now, having already addressed the technical concerns of the past, take a look at the full email Path sent out here, and specifically the following three points.
Some key updates to these terms include:
- Clarifications of the information we collect from you and how we use it
- Your rights to access, modify or have your data removed from our servers
- Confirmation of your rights to the content you create and submit to the service
And that’s likely as close to reading any terms and conditions that any of us will get this month, but it’s enough. We’re clear on what’s happening, and that’s the best thing Path could have done to make sure their users don’t abandon ship.
Skip to sharing
I think this is a good add on to this article..
Path is grabbing names, numbers, and emails from users’ phones
http://venturebeat.com/2012/02/07/developers-ask-why-path-is-grabbing-names-numbers-and-emails-from-users-phones/
This is only the tip of the iceberg. For every privacy conflict or compromise you know about there are dozens if not more that happen every day. But not compromise even, willingly (or blissfully ignorantly) giving over your personal data. How much do you trust google? It must be a lot because they hold a heck of a lot of your personal data like emails. Facebook isn’t dissimilar. And they’re all using it to serve you ads and make a boatload of money. This response to Path was like shooting the messenger. They had a shitty privacy policy, and they got busted. This is going to get worse and people will continue to sign over the privacy. The currency to these free services is your data. That is how facebook makes money. Either you pay full value or you give away little bits of privacy as you go. Everyone will always opt to give it away because its classic human nature procrastination. “This isn’t a big deal to me right now”. In the future when we’re able to carry around our encrypted personal data (and currency) on micro data servers in our pockets free from the google/facebook “cloud”, we will look back and say “why would i ever have told facebook all my secrets”. Until then, I got nothing to hide.