What would happen if you saw someone in the streets selling your daughter's pictures?
Some reactions to this question were recorded in Norway. Between bewilderment and nervous laughter bystanders saw in real life what is going on in their digital world: apps sell and misuse their users data.
The video is part of the Norwegian Consumer Council campaign #appfail. This campaign intends to educate citizens on the effects of different mobile applications in matters of data privacy and personal information protection.
Source: Norwegian Consumer Council
Terms and Conditions of the different apps are inaccessible to a general audience. To make a statement about this, the Norwegian Consumer Council staff and friends read aloud for 37 hours all the pages of the the Terms and Conditions of all apps that an average user would have installed on their phones. They amount to 250.000 worlds! That is, you could easily read James Joyce's Ulysses or even Harry Potter and the Order of the Fenix.
Data from: http://electricliterature.com/infographic-word-counts-of-famous-books/
Bringing the different Terms and Conditions to surface is a paramount task. What the #appFail campaign staff found is amazing, let's look at some examples:
Tinder leave their users in a somewhat unjust void. They claim to have a perpetual license over the all users' uploaded content including photos and chats and to do with them whatever they see fit. Users lose all their rights forever!. Tinder can change their own terms at any time without even notifying users. They even can cancel and suspend users' accounts without justification.
The Norwegian Consumer Council concludes that Tinder's terms go against data protection laws in Norway and Europe.
RunKeeper, one of the most used fitness app also claims very wide licenses on user's content and data. According to the Norwegian Consumer Council's research they do not notify users when there are changes in their Terms and Conditions and they don't have a clear policy on users data deletions when users cancel their accounts. Finally, the discovered that, even when the app is not in use, it keeps sending location data to RunKeeper's servers and third parties, they don't even mention who this third parties are nor why should they have access to the every user location at any time.
Another example is Happn, an application to meet people that you cross paths with in real life. Happn has clearer and friendlier terms that other applications, they even make statements like:
“happn commits never to share your details with any other member or with any third party. Your e-mail address and your real identity are strictly confidential and will never be disclosed by happn.“
The only problem is that it is a lie. After a technical analysis by research firm SINTEC, they discovered that Happn sends information gathered from Facebook like age, gender and workplace information to UpSight, an analytics firm.
Some of the tactics used by apps in their Terms and Conditions to get away with users' data include:
Using highly technical terms and vague wording.
Ambiguous and non accessible terms for users to overlook them.
Not informing users about third party vendors who also has access to their data.
It is unfair for App developers to be able to access and distribute users' data and content without their consent. It is the responsibility of local governments to find efficient ways to enforce data protection laws. We don't want to end up in a place where we don't own our own pictures and digital creations and we have to buy them back, or even worse, to rent them by subscription.