As the debate over data security is getting broader and broader taking in many other related aspects that weren’t paid much attention before. Another issue that rose from this whole data violation scenario was whether companies follow their Terms and Conditions and whether users understand them or not.
Lately, PayPal has been a lot in discussions on social media where PayPal customers complained that the online payment provider blocked their accounts because they were not 18 years old when they first signed up.
As per PayPal’s ancient “Terms and Conditions”, a person should be 18 years or older to have a PayPal account. A user, Eleanor Margolis made a PayPal account when she was 16. She has been using the account for 12 years and now she is 28 y/o. In January, PayPal blocked her account because she was underage when she made the account. Now this raises a lot of questions like why did PayPal let her make the account when she was 16? and why did it bother to block her account after a decade?
“They didn’t have any checks in place to make sure I was over 18,” says Margolis. “Instead, they contact me 12 years later. It’s completely absurd.”
PayPal has refused to comment on any specific cases but only stated that it did so “to ensure our customers have full legal capacity to accept our user agreement.”
Though, the company is a little late to do this, it isn’t doing anything illegal as the users agreed to the Terms and Conditions before applying.
Websites, for a long time now, have been asking users to agree to several pages long “Terms and Conditions” that no user ever reads and if reads then don’t understand as it is written in a very difficult manner.
Terms and Conditions that were rarely noticed before are now being paid attention due to recent data mishandling events by tech giants Facebook and Uber. Data regulators believe that the policies are written in a way that is very difficult for the users to comprehend.
During the two day testimony of Facebook’s CEO Mark Zuckerberg before the Congress, Zuckerberg provided a printed copy of his social network’s users’ agreement to the Senators. Senator Lindsey Graham after reading a line from the very first page said:
“I’m a lawyer, and I have no idea what that means”.
Later, Zuckerberg was asked by the South Carolina Republican whether the consumers understood the agreement before signing up, to which Zuckerberg replied, “I don’t think the average person likely reads that whole document.”
GDPR will come into action from May 28 and that means Facebook’s 1.9 billion users will have their data secured under the regulation. However, the social media giant is trying its best to reduce that number by making only the European users to agree with the terms and conditions by the company’s headquarter in Ireland. Till now, the 1.5 billion users outside Europe also came under the same agreement however, from next month; Facebook will move them out of the list, hence moving those 1.5 billion users out of EU’s reach.
GDPR will definitely make it difficult for companies to get away with data violations as it will come with a fine as high as 4 percent of a company’s global revenue.
Co-director of the cyber security practice at law firm Hogan Lovells, Eduardo Ustaran says that the GDPR will definitely prevent companies from serving lengthy agreements to consumers that are unable to be understood by them. He suggests that companies should reconsider their rules, streamline them and write in plain English understandable to common people.
Ustaran says that if a consumer, who is the one to sign the agreement, won’t understand the language, then his/her consent that the company wants in order for business practices would simply be invalid.
“Your whole basis for using people’s personal data would disappear,” Ustaran said.
Julian Saunders, founder of Port.im, a British software maker that helps businesses adapt to GDPR says that companies are now trying their best to comply with the law and make changes in their ‘Terms and Conditions’.
“Areas that used to get hidden in the small print of terms and conditions should now be exposed,” said Saunders.
Though the websites are changing their users’ agreement, it is still unknown that why they want users’ information and what is the guarantee it will not be exposed to vulnerabilities.
Martin Garner, an analyst at technology consultancy CCS Insight, suggests that consumers should be provided with options that they can select from regarding which information they want the company to collect, despite of just being given no choice than to click the “I agree” button.
“Users typically only have the choice of accepting the terms and conditions in their entirety or not using the service at all,” Garner says. Companies must “pay much closer attention to explaining to users how their data will be stored and used and getting them to consent to that explicitly.”