By Gordon Hull
As one knows, online privacy policies (and access to the Internet in general) are generally conditioned on a user’s acceptance of some sort of boilerplate terms of service. Lots of people (myself included) have complained about this state of affairs as attempting to get users to consent to all sorts of practices by way of reams of unintelligible legalese. In addition to allowing unlimited data collections, these contracts often include mandatory arbitration provisions, which means that they compel users to take disputes with the sites to arbitrators selected by the company, rather than taking them to courts.
In other words, the idea is that using the product or service constitutes consent to a series of wildly one-sided terms that the user probably could not understand if she tried. There is certainly no chance of negotiation or bargaining involved. As Julie Cohen put it, “the conception of consent emerging from that default condition is unprecedented in the law of contracts or any other body of law,” and more closely resembles older status contracts than the contracts of modern liberalism (58-9). The result is “a form of Kabuki theater that distracts both users and regulators from what is really going on” (59).
In a recent paper, Woodrow Hartzog and Neil Richards detail this state of affairs in terms of contract theory and its imaginary of two autonomous individuals negotiating and agreeing to terms. They argue that:
“Consent is most valid when we are asked to choose infrequently, when the potential harms that result from the consent are easy to imagine, and when we have the correct incentives to consent consciously and seriously. The further we fall from this gold standard, the more a particular consent is pathological and thus suspect” (1465).
The design of notice-and-consent privacy regimes is deeply pathological from this point of view. Consent is often unwitting – consumers don’t understand either the terms or the technology behind them. They also don’t understand the consequences and risks (which is entirely expected, given that they are futural and difficult to visualize). If not fully coerced, consent can be induced by both the fact that it is difficult now not to use the internet (so no opt-out) and both ISPs and networks are de facto monopolies (so no market competition). Various website design techniques make opting out difficult: pop-ups that cover up the screen, browser tabs with no ‘back’ button, and various techniques of shaming (“Yes! I want this product. No, I choose to die a lonely death”). And of course there is the question of children: COPPA only protects children up to age 13, even though contractual consent typically starts at age 18. And kids can easily get around age checks anyway.
If we step back from the normative arguments about why this situation is abusive or otherwise bad, I think there’s an interesting point to be made about subjectivity here. Basically, the sites are trying to construct a legally cognizable subject position that users then occupy. Both steps are important. The contractual language presented in the ToS defines the subject position, and it seems to me that it’s important to distinguish this subject position from a few alternatives. First, this is not the traditional subject of law. That position is foreclosed by the lack of availability of the courts. Disputes are to be settled by a privatized procedure. Second, it’s not the subject of administrative procedure either, such as recently upheld by SCOTUS in patent arbitration. That procedure also allows an appeal to courts. Third, it’s not the position of the disciplinary (?) subject that consumes mass media: there is no pretext to contract when you open a book, as Hartzog notes in an earlier paper on these contracts. In short, I think this is a quite specific subject position constructed by the technology companies for their own advantage.
There is also a split between the structural subject position and the phenomenological experience of users. Users are encouraged by the sites in question to view themselves as free and emancipated by the technology, and as empowered by its affordances. They are (for obvious reasons) not encouraged to view themselves as signing away their rights.
The gap between user experience and described subject position leads to the second question: whether users can be said to occupy this subject position, i.e., whether these contracts are enforceable. Can technology companies rely on the coercive power of the state to define the subjectivity of users on their terms?
It is the position of the technology companies that use of their products constitutes acceptance of the terms of service; sometimes this requires clicking a button. Courts have been generally unwilling to say that the contracts are objectively unenforceable as unconscionable or otherwise inconsentable (though Hartzog and Evan Selinger more recently make the case that facial recognition ought to be the sort of thing that someone cannot consent to – the harms are potentially too great and difficult to understand). This means that the question legally has come down to whether the notice and consent procedures are adequate. Hartzog’s earlier paper suggested that, as of roughly 2010, courts had been most likely to refuse to enforce ToS on casual users – those who just read a website but do not otherwise particularly interact with it. Still, the law was inconsistent and this emerging de facto carve-out was far from either settled or explicit.
Here, a recent survey of the case law by Nancy Kim is encouraging. She reports that the case law is still very inconsistent, and users often lose. But: there’s a movement toward demanding more of websites:
“The standards of “notice” and “manifestation of assent” remain the same, but how those standards are applied varies depending upon the facts of the case and the jurisdiction. Berkson v. Gogo LLC and Nguyen v. Barnes & Noble, Inc. have been particularly influential in helping inform the application of the standards. Reflecting the influence of these two cases, courts have started to assess the reasonableness of notice by evaluating the website experience from the perspective of the offeree and by considering how the drafter chose to present terms. Thus, instead of asking why the offeree failed to read visible terms, more and more courts are asking why the offeror failed to draft terms in a more conspicuous manner. As the court in Rushing v. Viacom Inc. emphasized, the burden is on website owners to “put users on notice of the terms to which they wish to bind consumers.” Accordingly, courts are increasingly asking for two types of evidence from drafters. The first is in the form of screenshots or webflows that demonstrate how the terms were presented to plaintiffs. The second is in the form of the drafter’s internal records that document that the plaintiff actually accessed the website at the time the notice was allegedly presented.” (1693)
There’s a lot to be done here, of course, but it’s nice to see some legal pushback, and to see how courts understand evidence and other traditional legal concepts in this context. Kim cites several cases where courts determined that reasonably prudent users would not realize that they were entering into a contractual relation – for example, there was a hyperlinked “terms of service” but it was buried several pages into a website and well below the prominent “click here for the next step of your purchase.” Nearly all of the cases Kim cites are about the enforceability of mandatory arbitration clauses, which suggests both the specificity of the subject position the websites are constructing, and the extent to which its enforceability is an artifact of their power over not just users but the state.
Recent Comments