Hyderabad: An app user spends the least amount of time on understanding and accepting the end-user licence agreement, which governs the future interactions with the app-makers. While the comprehensive user agreement is mocked at for its length and technicalities, it is imperative to understand what the user is signing up for.
The agreement details privacy settings but is drafted in a manner that is comprehensible to only the most determined user, of whom they are few. For instance, unless the privacy policy of TrueCaller is read in its entirety, the user will not realise that the app is collecting call data including whom you called when and how.
Even companies like Facebook have come under fire. Republican Senator John Kennedy told Facebook founder Mark Zuckerberg during his testimony at the US Senate following the Cambridge Analytica scandal: “Your user agreement sucks.” Mr Zuckerberg later admitted that most users probably don’t read it.
“Actual read of the policy is not going to happen. The important information on data collection will be buried somewhere,” said Mr Kiran Jonnalagadda, co-founder of Internet Freedom Foundation
The agreement which is supposed to inform users what they are signing up for has become a place to protect the company. Experts say that the agreement has to be long as it is a contract between two parties.
“In contract law, the user agreement is considered as a contract between two parties. It has to be as precise as possible. It is about what the agreement will be, if a user takes it to the court. There are two sides to it. If companies simplify it, the court won’t understand it and vice-versa”, said Mr Srinivas Kodali, a security researcher.
Experts said that laws can be made to put a mandate on companies which exploit user agreements. Clauses that protect abusive behaviour by companies can be challenged in court. “Whatever the agreement may be, it cannot violate fundamental rights. If that happens, people can approach court,” said Mr Kodali.
India which is drafting its privacy policy can force companies to make sure that users are aware of the data being sought, on par with the European Union’s GDPR law.
“For companies to present the agreement in a legible way, the law must force them to do so. The GDPR does that in Europe and the data protection law which is set to be laid out will make it a requirement to ensure that companies clarify, what their privacy policy actually,” said Mr Jonnalagadda.
