MTN’s misleading uncapped data bundle fine print

MTN’s uncapped data bundles are not what consumers think they are. They are complicated packages with rules that limit them dramatically.

EWN published a surprising story titled “The terms of MTN’s uncapped data explained”, in which MTN’s Chief Customer Experience Officer, Eddie Moyce, explains MTN’s activation requirement for its time based uncapped data bundle. Here is the radio segment:

The surprise is that this uncapped data offer doesn’t work the way you may expect. Consumers should pay careful attention to the fine print avoid being caught out, potentially at a substantial cost. Essentially, even though you have paid for the bundle, you still need to activate it by dialling a short-code which you receive by a SMS. If you don’t activate the bundle, you will use data at normal data rates and could wind up with a larger bill than you expected.

Two aspects of this story are problematic:

1. Why offer this sort of “uncapped” bundle that the customer still needs to activate in order to use it, even after paying for it?

This is really misleading. Most data bundles activate automatically when you have paid for them and the changes propagate across the network, don’t they?

The mechanism suggests that MTN intentionally created this activation mechanism knowing that many customers won’t actually realise they need to do it and will wind up paying far more. I checked the terms and conditions that apply to this package (I think – the MTN site is not exactly designed to find information easily) and it says the following:

  1. Activation of the MTN 1 Day Uncapped Internet Bundles

5.1 Customers may purchase an MTN 1 Day Uncapped Internet Bundle by dialing *141*2#.

5.2 Customers must activate the MTN 1 Day Uncapped Internet Bundle after purchase, by dialing *141*5#. The MTN 1 Day Uncapped Internet Bundle does not automatically activate .

5.3 Customers may only activate the MTN 1 Day Uncapped Internet Bundle if they have sufficient airtime in their airtime account or using their usage limit (for My MTNChoice customers). This excludes MTN Loyalty 1–4–1 Loyalty Points and any promotional airtime.

Data bundle details

These data bundles are typically “valid for a period of 24 (twenty four) hours”, although only “after [they are] activated”. I also wonder how many people are aware of when the data bundle kicks in? How many people assume (and reasonably so) that the package kicks in automatically and they start using the data right away?

The seemingly reasonable SMS from MTN with activation instructions is challenging. Many people ignore SMS messages they receive for various reasons and may not notice the significance of an activation message until long after their bill has hit triple digits.

This activation mechanism looks a lot like the dodgy tactics mobile content providers used to use before they were banned: automatically subscribing consumers to expensive content (think R5 or R7 per day until cancelled) subscription services without clear double opt-in mechanisms and pricing information. You wouldn’t expect major network operators to use misleading tactics such as these.

2. Why impose a “fair use value” cap of 150MB on an “uncapped” data bundle? That is tiny.

Then, to add to this, the notion that a bundle with a “fair use value” cap of 150MB is somehow an “uncapped” data bundle is ridiculous. That is a tiny amount of data when you consider that, as Eddie Moyce put it, people tend to buy these packages for specific reasons. One of those reasons would be that the customer needs to use a lot more data than his or her usual bundle allows (at least, cost effectively) in a short time period.

Here is an extract from the terms and conditions dealing with the “Fair Use Policy”:

9.1.4 Customers with an active MTN 1 Day Uncapped Internet Bundle shall be able to generate uncapped data usage, however, a fair use value/threshold as detailed in the table in clause 4 above will apply for the duration of the Validity Period.

9.1.5 Should the Customer exhaust the fair use value, as detailed in the table in clause 4 above, before the end of the Validity Period, the Customer’s data speeds will be reduced to 128kbps for the remainder of the Validity Period and the Fair Use Policy shall detailed in this clause 9 shall apply.

9.1.6 MTN further reserves the right to implement other measures and controls to ensure that the integrity of its systems is maintained, including but not limited to measures such as DPI (Deep Packet Inspection). DPI:

9.1.6.1 allows MTN to monitor aspects including, but not limited to, non-compliance with its Fair Use Policy and restricted protocols, prevent attacks from computer viruses/worms and identify SPAM. Such usage may be blocked or re-routed;

9.1.6.2 also allows MTN to throttle certain usage, such as peer to peer traffic;

9.1.6.3 shall also allow MTN to prioritize/filter certain activities, such as VoIP traffic, over other activities which are burdensome on the MTN network (such as video streaming);

9.1.6.4 in essence, this allows MTN to alleviate network congestion and improve service to all MTN customers.

9.1.7 This Fair Use Policy may be amended by MTN, whether by clarifying, modifying, adding to or deleting certain terms and conditions. This is subject to the Modification of Terms and Conditions, including notice being provided to you, as detailed in clause 16 below.

Not only does the available data speed slow to 128kbps when you hit that measly 150MB but MTN also imposes a series of restrictions on how you can use the data and when. The end result is that your “uncapped” data bundle is more like a “you can’t do much with this ISDN-like connection but thanks for paying anyway” bundle.

But wait, there’s more:

  • MTN hides all these restrictions and qualifications in terms and conditions which few consumers will ever read, and
  • these restrictions are couched in fairly dense language and presented in pale text on a white background that no-one over 45 can read without squinting says a lot too.

MTN terms

One more thing – no business use for you

Oh, by the way, this package isn’t available for “commercial use” so don’t think you are allowed to use this package to give your small business a little boost either:

9.2 The MTN 1 Day Uncapped Internet Bundles are intended for consumer use only. This means that the MTN 1 Day Uncapped Internet Bundles may not be used for commercial use (which includes, but is not limited to the intention of promoting, enabling, subscribing to, selling (directly or indirectly) the goods, services or image of any person pursuing a commercial, industrial, craft, religious, charitable or political activity or exercising a regulated profession).

9.3 The MTN 1 Day Uncapped Internet Bundles exclude use of the following services:

9.3.1 Least Call Routing (LCR);

9.3.2 Routing devices; and/or

9.3.3 Commercial use.

9.4 Use of the above services shall be deemed abuse and/or fraudulent use of the MTN 1 Day Uncapped Internet Bundles and shall entitle MTN to immediately suspend and/or deactivate the Customer’s access to the MTN 1 Day Uncapped Internet Bundles.

So if you are a small business owner and you happened to buy this bundle and use it as part of your business (you could have sent a data message to a client telling them about your services, for example), you would be committing a fraud in addition to breaching the terms and conditions of the bundle. Talk about hostile to small business!

K.I.S.S MTN!

When I think about what is available outside South Africa, MTN’s approach to mobile services and pricing just doesn’t make sense to me. My current mobile service includes 5 000 minutes of calls, 5 000 SMS messages, 10GB of data a month and 500 minutes of calls to my family in SA (landlines in SA) for the equivalent of about R200 per month. It wasn’t always like this but regulatory changes and increased competition improved the situation for Israelis.

Instead of obfuscating an overly complex service, why not offer a simpler option that just let’s people pay their R40 for either a fixed amount of data or a realistic “fair use value” cap? Drop this silly activation mechanism and the ridiculous fine print. In other words, give people what they think they are getting or, if that is more than you want to offer, offer them something you are comfortable with and that makes sense to consumers.

Image credit: Pixabay

Why you may want to reconsider that co.za domain name

If you are thinking about registering a co.za domain name, you may want to consider your possible liability to ZA Central Registry NPC (formerly called Uniforum), the organisation which administers the co.za namespace. It could be substantial.

If you are thinking about registering a co.za domain name, you may want to consider your possible liability to ZA Central Registry NPC (formerly called Uniforum), the organisation which administers the co.za namespace. It could be substantial.

The starting point are the warranties you give when you apply to ZACR to register a co.za domain:

Applicant hereby irrevocably represents, warrants and agrees that:

  1. its statements in the Application are accurate and complete;
  2. it has the right without restriction to use and register the Domain Name;
  3. it has a bona fide intention to use the Domain Name on a regular basis on the Internet;
  4. the use or registration of the Domain Name by Applicant does not or will not interfere with, nor infringe the right of any third party in any jurisdiction with respect to trade mark, service mark, trade name, company name, close corporation name, copyright or any other intellectual property right;
  5. it is not seeking to use the Domain Name for any unlawful purpose whatsoever, including, without limitation, unfair competition, defamation, passing off or for the purpose of confusing or misleading any person;
  6. at the time of the initial submission of the Application, and at all material times thereafter, it shall have an operational name service from at least two operational Internet servers for the Domain Name. Each server is and will continue to be fully connected to the Internet and be capable of receiving queries relating to the Domain Name and responding thereto;
  7. it has selected the Domain Name without any input, influence or assistance from UniForum.

Of these warranties, points 4 and 6 could be problematic:

Warranty 4

In order to comply with this warranty, you should ideally conduct an exhaustive search of all jurisdictions in order to confirm that your proposed domain name “does not or will not interfere with, nor infringe the right of any third party in any jurisdiction”, whether that right be rooted in “trade mark, service mark, trade name, company name, close corporation name, copyright or any other intellectual property right”. That is very, very broad.

You can’t possibly know every brand, company or trading name which you could possibly be stepping on when you register your domain. Trade marks tend to be somewhat geographically and thematically limited but copyright is pretty universal and “any intellectual property right” is a really broad catchall.

Every time you register a domain name, you take the chance that it may correspond with a brand, company or trading name and someone may contend that your domain name infringes his or her rights. If that happens, you are in breach of your warranty and it doesn’t matter whether you intentionally infringed anyone’s rights. The inquiry is a factual one.

Warranty 6

This warranty can be tricky because you not only require two operational name servers to register the domain (name servers map the domain name to IP addresses associated with actual servers) but you have to warrant that “[e]ach server will continue to be fully connected to the Internet and be capable of receiving queries relating to the Domain name and responding thereto”.

This is simply not in your control. You may register with an ISP, use its name servers to register your domain and your ISP’s servers could go offline temporarily or the ISP could go out of business without you being aware of it. Even if you are aware of this, you may have parked the domain for future use and you may forget to migrate it to another ISP in your rush to move all your other data off.

What could go wrong?

All this may not seem particularly problematic until you read a little further:

Pursuant to the above warranties, Applicant hereby agrees that it shall defend, indemnify and hold harmless UniForum, its directors, officers, members, employees and agents, for any loss, damage, expense or liability resulting from any claim, action or demand arising out of or related to a breach of the aforementioned warranties or the use or registration of the Domain Name, including reasonable attorneys fees on an attorney and own client basis. Such claims shall include, without limitation, those based upon trade mark infringement, copyright infringement, dilution, unfair competition, passing off, defamation or injury to reputation. UniForum agrees to give Applicant written notice of any such claim, action or demand within reasonable time of becoming aware thereof. Applicant agrees that UniForum shall be defended by attorneys of UniForum’s choice at Applicant’s expense, and that Applicant shall advance the costs incurred in such litigation, to UniForum on demand from time to time.

This indemnity is very broad. For starters it requires you to not only cover ZACR for any costs it incurs if you breach the warranty, you are also required to “defend” ZACR from “any claim, action or demand arising out of or related to a breach of the aforesaid warranties or the use or registration of the Domain Name”. It goes on to cover “reasonable attorneys fees on an attorney and own client basis” which is not reasonable at all. The “attorney and own client” scale of legal costs is used as a punitive costs scale in court proceedings. The attorneys who would defend ZACR from the envisaged claims will be “attorneys of [ZACR’s] choice at [your] expense, and … [you] shall advance the costs incurred in such litigation, to [ZACR] on demand from time to time.” It is a lot of text but the upshot is that you will be required to pay for ZACR’s lawyers, upfront, if there is a claim flowing from –

  • breach of your warranties (which I listed above);
  • “the use or registration of the Domain Name”;
  • “without limitation, those based upon trade mark infringement, copyright infringement, dilution, unfair competition, passing off, defamation or injury to reputation”.

A relatively cheap example is a company sending ZACR a deregister a domain name and transfer it across because the company believes your domain name infringes one or more of its rights. ZACR briefs its lawyers to consider the claim and charges, say, R1 500 (very conservative, probably more) an hour to review the demand, formulate a response, discuss the response with ZACR and send it along to the company. That exercise could cost, as a guess, R4 500 if the lawyers are working very efficiently. That cost could be passed along to you to pay. There could, of course, be further costs ZACR could pay to its lawyers for follow up communications, meetings and other action down the line. This is before you take into account possible losses the company may claim from ZACR and be awarded down the line.

<

p>Suddenly the domain you pay R50 to R60 could be much more expensive. What you should ask yourself is whether you can afford to take a chance (or have a truly unique domain name)?

Digital marketing law interview on @BallzRadio

Paul was interviewed about aspects of digital marketing law on Ballz Radio today. The interview was part of the business segment and Paul chatted to the team about some consumer protection issues, transparency, terms and conditions and privacy concerns.

Fortunately, Ballz Radio publishes the audio and video of the interviews. You can listen to the audio using the SoundCloud player below:

Digital agencies that skimp on legal are negligently exposing themselves and their clients to substantial claims

Catch the highlights:

I’ve noticed an alarming trend with many digital agencies and the account managers responsible for advising their clients on their digital marketing initiatives: they view legal frameworks as something akin to the undercoat on a wall. It seems to be a good idea although it’s better to keep it thin, hidden away and forgotten about.

One of the concerns seems to be that legal content distracts from the fun and social elements of the campaign and too much emphasis on it would only upset the fans. It’s a grudge purchase and because no-one is really going to cause any real trouble the smart ORM people can’t manage, legal terms are added because, well, that’s just how it’s done. At least, this seems to be the thought process that too many marketers put into legal frameworks for their campaigns.

Nothing kills the mood of a social campaign quite like a lawyer insisting on a dizzying array of legal terms and conditions to address an unclear set of risks and using language no-one except the lawyer seems to understand, let alone appreciate the significance of. We lawyers have not been very good at conveying the importance of what we do, particularly where there are few practical examples of their value. We are in a risk management business and a lot of the work lawyers do is in anticipation of likely risks and aimed at reducing both the likelihood of those risks occurring and, if they do, the resulting fall-out.

By the time a transaction becomes the subject matter of a dispute (usually when “lawyers’ letters” are called for) or disputes go to court, lawyers are generally in damage control mode. Something has gone wrong and either there weren’t adequate protections in place to anticipate or even resolve the dispute before it went pear-shaped or there just wasn’t anything in place and the client took a leap off a cliff expecting to be caught by fluffy clouds and adoring customers, not hitting the rocks below.

Unfortunately the risks to these agencies and their clients can be very real.

What could go wrong?

You’re working for a digital agency and you’re asked to set up a Facebook Page to support a client’s campaign. You recommend “house rules” for the Facebook page and, in doing so, you implicitly advise your client (yes, this is basically what you are doing) to use the house rules on the basis that they will afford the client adequate protection from likely legal risks. In other words, when you (whether you be an account manager, copywriter or someone else) prepare those house rules and give them to your client to use on their Facebook Page, you’re telling them that these legal terms and conditions are intended to protect the client. Unless they have their own lawyers to check those house rules, they are likely to rely on your advice, assuming you’ve had those house rules checked out and approved by a competent lawyer.

If those house rules then turn out to be inadequate and the client finds itself faced with a claim of some sort that could have been avoided with adequate terms and conditions, then you really should have some sort of liability cover in place because you may need to rely on it to protect your business from a negligence claim. Well, that’s assuming your agency’s liability cover protects it from negligence claims based on bad legal advice. If the agency has professional indemnity insurance cover, it may be limited to negligence in the context of the agency’s business, namely digital marketing and communications, strategy, community management and so on. Liability for legal professional negligence is a somewhat different set of risks and the liability cover you thought was in place may not be available.

What happens next is a complex, costly and drawn out series of legal battles largely because you assumed that house rules are largely a formality and need not go much beyond a set of rules asking fans not to be rude, to play nicely together and respect the client’s brand. Odds are, those house rules didn’t cover copyright concerns, properly contextualise product or services-related information on the Page, privacy and how fans’ personal information is used (Facebook requires brands to have their own privacy policies to govern collection and processing of fans’ personal information) and a number of other considerations. This means the house rules lacked a real framework governing to what extent fans can rely on information you present them with through the campaign, whether they can use content on the site and to what extent, how you can use their personal information … you get the picture. Maybe everything will turn out just fine, perhaps not. Can you afford to take the risk?

Why are terms and conditions so important?

Terms and conditions are contracts between customers and providers. They are premised on the legal requirement that a contract can only really be binding on parties who have reached agreement that they be bound by the contract and on the contract’s terms. This is somewhat of a generalisation because the law has evolved to created exceptions on the periphery of this ideal scenario but the concept of a “meeting of the minds” is central to our contractual law.

That said, this doesn’t explain the reason why terms and conditions are contracts. The reason they are contracts is that the one party seeks to impose obligations on the other party and can only do so where the other party agrees to assume those obligations. In this case, the client wishes to establish a framework for fans to participate in, say, the Facebook Page and that framework comprises certain rights and obligations. In order for fans to be brought into a contract with the client, terms and conditions describing the parameters of this contract with a fair degree of detail are necessary. Without them, you have a lot of vagueness and uncertainty as to who can do what and with what. That is a recipe for a dispute due to mis-managed expectations, among other things.

A legal doctrine called the doctrine of “quasi-mutual assent” is what allows website and similar terms and conditions to bind parties to contracts even though they haven’t necessarily engaged in a more conventional and interactive contract negotiation process (that is, where one party is faced with standard terms and conditions and told to accept them or not take advantage of the related service).

Even with this doctrine, the terms and conditions must be detailed enough to establish an adequate framework governing the foreseeable aspects of a fan’s interaction with the Facebook Page, micro-site or some other aspect of the campaign. If the terms and conditions are vague or don’t cover important issues which they should cover, our courts have ruled that not dealing with important provisions can be pretty much the same as saying they don’t apply or should not be considered. If you, as the agency representative, have been instructed to ensure that fans are aware that, for example, product prices published on Facebook are not necessarily current purposes, are subject to verification and may be changed without notice and you don’t actually provide for this in the “house rules”, you may find that fans may be entitled to rely on and even insist on those published prices. That means you failed to comply with your client’s instructions and exposed the client to the loss being required to honour those prices resulted in. This is a relatively benign example but the potential prejudice could be more severe.

Add to this the possibility of class action lawsuits by angry consumers who feel they have been misled by inaccurate information in a marketing campaign which is not properly contextualised by adequate terms and conditions (let alone the reputational harm when the client is portrayed as a liar due to the inaccurate information), you may appreciate just how valuable these terms and conditions can be.

Here is a suggestion

Resist the temptation to cobble together house rules or other terms and conditions based on what you may have seen elsewhere online or may feel are adequate given the nature of the campaign and chat to your agency’s lawyer about the possible risks (likely risks, even if you are open to some degree of risk) and work with your lawyer to create a legal framework that adequately caters for those risks and remains consistent with your campaign’s look and feel. It is achievable and could help avoid a very messy and costly dispute.

Google Drive and the data ownership panic

Google Drive launched a couple days ago and some new publications are already writing about possible data ownership issues. It’s a common concern whenever a new service launches or website terms and conditions change. Darren Smith pointed me to an article by C|Net titled “Who owns your files on Google Drive?” which had a somewhat confused focus and an unnecessarily alarming conclusion represented by this tagline:

Dropbox and Microsoft’s SkyDrive allow you to retain your copyright and IP rights to the work you upload to the service, but Google Drive takes everything you own.

I took a look at Dropbox’s, Microsoft’s and Google’s terms and conditions to test this conclusion.

Dropbox’s terms and conditions

The C|Net post focused on this clause in the Dropbox terms which are only part of the story when it comes to Dropbox’s terms:

By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.

This clause clearly states that Dropbox doesn’t claim ownership of your data but the more important set of provisions are those dealing with the license Dropbox takes from its users when it comes to accessing and making use of the data you upload to Dropbox. Bear in mind that all of these services will have a license of some sort. A license is a set of permissions you, as the user, give to the provider and that enables the provider to receive, manipulate and otherwise handle your data. It’s an essential component and nothing to be alarmed by in itself (at least not if you are comfortable with the basic idea of a provider having access to your data as part of your use of the particular service).

Dropbox’s license provisions are pretty vague. Here are the key clauses:

We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to. How we collect and use your information generally is also explained in our Privacy Policy.

Sharing Your Stuff

The Services provide features that allow you to share your stuff with others or to make it public. There are many things that users may do with that stuff (for example, copy it, modify it, re-share it). Please consider carefully what you choose to share or make public. Dropbox has no responsibility for that activity.

The basic idea is clear, though. Dropbox requires your permission to run its service and you agree to give it whatever permissions it requires to do that. The problem with this simplistic approach is that it is too simplistic and vague. As a user you don’t really know what the license’s parameters are beyond whatever is not required to operate the service.

Microsoft Services Agreement

These terms and conditions are not limited to SkyDrive but apply to a range of Microsoft services:

It’s a contract that governs your use of any Windows Live, Bing, MSN, Microsoft Office Live, or Office.com services or software, or other Microsoft services or software that directly display or link to this agreement (the “service”). By using or accessing the service, you confirm that you agree to these terms. If you don’t agree, don’t use the service. Thanks.

This is significant because, unlike with Dropbox where your license relates to a fairly specific service, the license you grant to Microsoft encompasses a variety of services which are increasingly interconnected. This is very similar to Google’s terms (below). These terms and conditions are more specific than Dropbox’s licensing provisions and also contain a statement that Microsoft doesn’t claim ownership of users’ data:

5. Your content

Except for material that we license to you, we don’t claim ownership of the content you provide on the service. Your content remains your content. We also don’t control, verify, or endorse the content that you and others make available on the service.

You control who may access your content. If you share content in public areas of the service or in shared areas available to others you’ve chosen, then you agree that anyone you’ve shared content with may use that content. When you give others access to your content on the service, you grant them free, nonexclusive permission to use, reproduce, distribute, display, transmit, and communicate to the public the content solely in connection with the service and other products and services made available by Microsoft. If you don’t want others to have those rights, don’t use the service to share your content.

You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.

Please respect the rights of artists, inventors, and creators. Content may be protected by copyright. People appearing in content may have a right to control the use of their image. If you share content on the service in a way that infringes others’ copyrights, other intellectual property rights, or privacy rights, you’re breaching this contract. You represent and warrant that you have all the rights necessary for you to grant the rights in this section and the use of the content doesn’t violate any law. We won’t pay you for your content. We may refuse to publish your content for any or no reason. We may remove your content from the service at any time if you breach this contract or if we cancel or suspend the service.

You’re responsible for backing up the data that you store on the service. If your service is suspended or canceled, we may permanently delete your data from our servers. We have no obligation to return data to you after the service is suspended or canceled. If data is stored with an expiration date, we may also delete the data as of that date. Data that is deleted may be irretrievable.

A couple things emerge from these terms and conditions. Firstly, when you share your data with other people, you give them a limited license to use your data “solely in connection with the service and other products and services made by Microsoft”. Similarly, the license users grant to Microsoft in respect of their data is limited to permissions required “solely to the extent necessary to provide the service”.

Google’s terms and conditions

Google Drive is governed by Google’s Terms and the license provisions are fairly similar to Dropbox’s and SkyDrive’s, at least when it comes to the basic approach. As with the other two services, Google doesn’t claim ownership of your data. Here are the license provisions:

Your Content in our Services

Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

You can find more information about how Google uses and stores content in the privacy policy or additional terms for particular Services. If you submit feedback or suggestions about our Services, we may use your feedback or suggestions without obligation to you.

The license Google users grant to Google is notionally for the “limited purpose of operating, promoting, and improving our Services, and to develop new ones” but it is somewhat open ended in that Google could develop new services or modify existing ones that require your data to be used in ways you couldn’t have anticipated when signing up. This is fairly similar to Microsoft’s Services Agreement which also uses one license for all its services.

What does this all mean?

The C|Net article contains this rather alarming set of statements:

The last sentence makes all the difference. While these rights are limited to essentially making Google Drive better and to develop new services run by Google, the scope is not defined and could extend far further than one would expect.

Simply put: there’s no definitive boundary that keeps Google from using what it likes from what you upload to its service.

The chances are Google’s terms will never be an issue — and it is likely over-zealous lawyers making sure Google doesn’t somehow get screwed in the long run by a lawsuit — but it may be enough to push away a great number of entrepreneurs and creative workers who rely on holding on to the rights to their own work.

The fact is, according to its terms, Google may own any code or product you ultimately upload to its new Google Drive service, whether you realise it or not.

These statements, particularly the last one, are factually incorrect and misleading. They are also not uncommon when journalists attempt to navigate terms and conditions without the time or inclination to read them carefully. Google doesn’t claim ownership of its users’ data. Its license is fairly broad and that is understandable given the wide range of services it offers. At the same time, there is scope for the already broad license to be applied in ways users may not have considered. The specific permissions users grant to Google are substantially the same as those users grant to Microsoft (Google is more specific and lists more individual permissions but they are not fundamentally different). 

The big difference here is between Dropbox’s terms, on one hand, and Google’s and Microsoft’s on the other hand. Dropbox offers a fairly specific set of services so users have more certainty as to what they are licensing Dropbox to do with their data. Google and Microsoft offer a range of interconnected services governed by a single legal framework and the potential scope for their licenses is far broader when you consider that their users may be using a variety of Google and Microsoft services with different functionality.

I’ve seen license provisions which are far more onerous in the past. The big culprit back in 2007 was Facebook with this gem:

When you post User Content to the Site, you authorize and direct us to make such copies thereof as we deem necessary in order to facilitate the posting and storage of the User Content on the Site. By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.

This license was as close to an assumption of ownership as Facebook has ever come. It was so close to assuming ownership that the difference between ownership and licensing user content was a matter of semantics. The controversies over the Facebook terms did a lot to create more awareness of users’ expectations and what it means to be a better licensor. The current generation of terms and conditions reflect that, for the most part (there are still some shockers). These modern licenses are clearer, limited in varying degrees but are often necessarily broad to enable these services to function effectively. I agree with the one statement in the C|Net article, though –

It always pays to read the fine print.

MXit’s inappropriate website terms and conditions language

I have been doing some preparation for a talk I am giving to parents at a school this evening and one of the services I am going to chat about is the popular messaging service, MXit. I came across this wording in MXit’s terms and conditions which struck me as somewhat odd:

Unless otherwise stated by MXit in writing, you must be at least 13 (thirteen) years old to make use of the MXit Application, the MXit Websites and the Services. If you are 17 (seventeen) years and younger, but older than 13 (thirteen), you will inform your parents or guardians that you have registered for and are using the Services of MXit and upon request provide reasonable proof that you have complied with this prerequisite for access to the MXit Application and the Services.

Bearing in mind that MXit is popular with teenagers as young as 13 (officially – Mxit, like many social services, is not technically available to children younger than 13), the language used in the phrase “upon request provide reasonable proof that you have complied with this prerequisite for access to the MXit Application and the Services” is not very appropriate given the likely level of comprehension children that age will have. These terms probably don’t meet the Consumer Protection Act’s plain language requirements either, given the context.

While MXit’s terms and conditions inspired this post, I doubt MXit is the only service that has made the mistake of using overly lawyerly jargon in a document which children are, theoretically, going to read and agree with (this is a problematic assumption, complicated by children’s limited contractual capacity) before using the service. Enforcing website terms and conditions against children will probably prove to be somewhat challenging and language like this doesn’t help at all. Providers should make more of an effort to simplify their language in their terms and conditions both to better comply with the Consumer Protection Act’s plain language requirements and improve usability generally.

Add nutmeg to your Terms of Service and whisk briefly

One of my contacts on Google+, York Zucchi, pointed me to his website terms and conditions on his site which I had to share. The terms (well, this is really a liability disclaimer, not a complete set of website terms and conditions) are somewhat simple and not appropriate for all uses but they are a fun read, nevertheless:

IMPORTANT INFORMATION/DISCLAIMER

This website may contain information that is unsuitable for overly sensitive persons with low self-esteem or no sense of humour (you need a great sense of humour to do business in Africa). Any dissemination, a distribution or copying of this website is not only authorised (either explicitly or implicitly) but actively encouraged though not including the source constitutes an irritating social faux pas. If you have landed on this site by mistake we would be curious what you were trying to find online. You are welcome to stick around and read it, even if we didn’t mean for you to visit it. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. We take no responsibility for non-enjoyment, either humorous or of informative means, of this website. In the event that you do get the humour herein contained then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of reading, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, shucks, where were we.., no matter what happens, IT’s NOT, and NEVER WILL BE, OUR FAULT except where we made silly promises that we should not have. No animals were harmed in the writing of this text, although the yorkshire terrier next door is living on borrowed time. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft: However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have read this whole paragraph in error, please add some nutmeg and eggs and place it in a warm oven for 40 minutes. Whisk briefly and let it stand for 2 hours before icing.

Thanks for the link, York! I particularly like this line:

However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets

Are email disclaimers enforceable?

Email with Mark Zuckerberg, CEO of Facebook

The Economist has a thought provoking article titled “Spare us the email yada-yada” with the subtitle “Automatic e-mail footers are not just annoying. They are legally useless”. The article highlights some of the challenges facing email disclaimers and there are just no clear answers that I have come across. The central challenge is the following:

Many disclaimers are, in effect, seeking to impose a contractual obligation unilaterally, and thus are probably unenforceable.

When you send an email to someone and you have a disclaimer or link to terms and conditions, the recipient of the email may not be expecting your email or be familiar with your terms. That person may not be inclined to agree to your terms and conditions which you are effectively seeking to impose unilaterally. An email disclaimer is a form of contract with email recipients and contract law usually hinges on a “meeting of the minds” between the contracting parties. Unilaterally imposing terms and conditions is not a meeting of the minds and it is certainly not the result of some sort of negotiation.

A local blogger recently had a bad experience with a global fast food chain and tweeted his experience. The chain got in touch with him about the experience and unilaterally sought to prevent him from mentioning anything about his communications with the chain through, as I understand it, an email disclaimer. Why should the blogger be restrained from exercising his right to freedom of expression simply because the chain has a confidentiality requirement in its email disclaimer. This doesn’t seem to be in line with the contractual principles which underpin these terms and conditions.

A counterargument which I have been thinking about is that the recipient is presented with a set of terms and conditions on the basis that her consumption of that email is subject to those terms and conditions. By reading the email and acting on it, the recipient is signifying, by her conduct, that she has read, understands and agrees to those terms and conditions. This is a similar principle that applies to website terms and conditions, parking terms and conditions and hotel checkins, to name a few parallel examples. The problem with this approach is that the recipient generally only becomes aware of these terms and conditions after having opened and read the email. References to email disclaimers are typically at the bottom of an email and where there are restrictions on confidential information disclosure, for example, the damage is probably already done by the time the recipient gets to the terms reference.

Another problem with email and a characteristic which distinguishes it from the examples I mentioned above is that emails are data messages sent from the originator to the recipient, often passing outside the originator’s messaging system in the process. Unlike website terms and conditions and similar terms, originators can easily lose control of the disclaimer notice and are not guaranteed that it will be displayed prominently each time the message is displayed, or at all. While a website user can be bound by website terms and conditions just by visiting the website, the legal principle behind this starts to break down a little when it comes to email terms and conditions, at least the principle’s application.

Absent clear authority on this (and I could have missed something), making use of email terms and conditions is a risk management exercise. If these terms and conditions are legally binding, despite their challenges, then companies would be irresponsible not to make sure that they not only make use of these terms and conditions but that these terms and conditions are complete and comprehensive. Can you afford to take the risk?


Image credit: Email with Mark Zuckerberg, CEO of Facebook by Robert Scoble, licensed CC BY 2.0