USA TODAY International Edition

Terms and conditions: We ‘ agree,’ but not really

A Deloitte survey of 2,000 US consumers in 2017 found that 91% of people consent to terms of service without reading them

Survey finds that 91% of internet users blindly give away their privacy.

We’ve all done it. We’re updating the operating system on our mobile phone or installing an app, and we lazily skim through the privacy policy or we don’t bother to read it at all before blindly clicking “I agree.”

Never mind that we are handing out our sensitive personal informatio­n to anyone who asks. A Deloitte survey of 2,000 U. S. consumers in 2017 found that 91% of people consent to terms of service without reading them. For younger people, ages 18- 34, that rate was even higher: 97% did so.

ProPrivacy. com says the figure is even higher. The digital privacy group recently asked internet users to take a survey as part of a market research study for a $ 1 reward. The survey asked participan­ts to agree to the terms and conditions, then tracked how many users clicked through to read them.

Those who clicked through were met with a lengthy user agreement. Buried in that agreement were mischievou­s clauses such as one that gives your mom permission to review your internet browsing history and another that hands over naming rights of your firstborn child.

Out of 100 people, 19 clicked through to the terms and conditions page, but only one person read it thoroughly enough to realize they’d be agreeing to grant drones access to the airspace over their home.

This isn’t the first time researcher­s have used trickery to drive the point home that few people read all the terms of service, privacy policies and other agreements that regularly pop up on their screens.

In 2016, two communicat­ion professors – Jonathan Obar of York University in Toronto and Anne Oeldorf- Hirsch of the University of Connecticu­t – asked unsuspecti­ng college students to join nonexisten­t social network NameDrop and agree to the terms of service. Those who did unwittingl­y gave NameDrop their firstborn children and agreed to have anything they shared on the service passed on to the National Security Agency.

Some companies reward customers who scour the small print. Last year, Georgia high school teacher Donelan Andrews won $ 10,000 for poring through the terms of the travel insurance policy she purchased for a trip to Eng

land. The Florida insurer, Squaremout­h, offered the prize to the first person who emailed the company.

Other companies ding consumers to draw attention to the risks. In 2017, 22,000 people signing up for free public Wi- Fi agreed to perform 1,000 hours of community service to highlight “the lack of consumer awareness of what they are signing up to when they access free wifi.” The company, Purple, offered a prize for anyone who read the terms and conditions and found the clause. One person claimed it.

What you don’t know can hurt you

The problem? We needlessly put ourselves at risk by signing away all kinds of rights over what personal data an app or website collects, how they use it, with whom they share it and how long they keep it, says ProPrivacy. com.

Shady individual­s and outfits and snooping corporatio­ns extract and exploit our personal informatio­n for financial gain, spying on us with the kind of sophistica­ted monitoring tools that would make James Bond drool.

It’s not just ad targeting. Some of that informatio­n can end up in the hands of health insurers, life insurance companies, even employers, all of which make critical decisions about our lives.

Yet we mostly just shrug our shoulders when asked. At first, more than two- thirds of the ProPrivacy. com survey participan­ts claimed they read the agreement and 33 claimed to have read it top to bottom. When the jig was up, they offered up the same old excuses: It took too much time. They trusted the organizati­on had their best interests at heart. Or they didn’t care.

That “que será será” attitude is understand­able. There are few laws or regulation­s protecting online privacy, so shielding our personal informatio­n from prying eyes can seem like an exercise in futility. But we can all take steps to thwart 24/ 7 corporate surveillan­ce. That starts with reading the small print.

What are you signing?

The terms of service is a legal document that protects the company and explains to consumers what the rules are when using the service, says Ray Walsh, data privacy advocate at ProPrivacy. com. A privacy policy, on the other hand, is a legal document that explains to users how their data will be collected and used by the company and any third parties or affiliates. Remember, when you click “I agree” on these documents, your approval is legally binding.

Much of what’s included in these documents is boilerplat­e or relatively innocuous. But there are some areas to pay attention to, such as granting a company the right to sell your personal informatio­n to third parties, trace your movements using GPS and other tracking capabiliti­es, harvest your device identifiers or track your device’s IP address and other digital identifiers,

Walsh says. Beware of companies that demand a “perpetual license” to your “likeness” or to your personal data.

“These kinds of invasive stipulatio­ns can be extremely harmful, and consumers must ensure that they never agree to them or other privacy agreements that denote not how the user will gain privacy but rather how they will have it stripped from them,” Walsh says.

Search for keywords

Who has the time to wade through page after page of dense legal jargon to spot the worrisome bits?

Alex Hern, a journalist with The Guardian, spent one week in 2015 reading the terms and conditions the rest of us don’t. It took him eight hours to skim 146,000 words in 33 documents. A study by two law professors in 2019 found that 99% of the 500 most popular U. S. websites had terms of service written as complexly as academic journals, making them inaccessib­le to most people.

There are some shortcuts. Search for keywords or phrases in the document that will tell you what informatio­n the app or website collects, how long it keeps it and with whom it shares it. Watch out for sections that say you must “accept,” “agree” or “authorize” something, Walsh says.

“Third parties” is a key phrase, as are “advertisin­g partners” and “affiliates.” “Retain” or “retention” can indicate how long the company keeps your personal informatio­n. “Opt out” may indicate how to turn off the sale or collection of your personal informatio­n.

“The do’s and don’ts can alter radically from one service to another, and it is essential for consumers to understand how they can use each individual service they sign up for,” Walsh says.

Don’t have time? Here’s a shortcut

The motto of the ToS; DR user rights initiative ( short for “Terms of Service; Didn’t Read,” inspired by internet acronym TL; DR “Too Long; Didn’t Read”): “I have read and agree to the terms” is “the biggest lie on the web.”

The project offers a free browser extension that labels and rates these agreements from very good ( Class A) to very bad ( Class E) on the websites you visit. When installed in your browser, it scans terms of service to unearth the worrisome stuff.

“Invasive stipulatio­ns can be extremely harmful, and consumers must ensure that they never agree to them or other privacy agreements that denote not how the user will gain privacy but rather how they will have it stripped from them.” Ray Walsh, data privacy advocate at ProPrivacy. com.