The more TOS I read through, the more it seems we need a "common law" solution.
(I use the term "common law" loosely here)
Something like a couple of pre-defined categories for software services (e.g. info provider, social network, real-world interface) with pre-set rules (e.g. the client cannot attempt to break the social network; the owner of the social network cannot re-sell data to a third party).
We have something like this for brick'n'mortar retail already -- each store can't just make up their own rules but rather has to operate within a societal framework.
The system we have right now leads to every corporation being incentivized to claim as much legal ground as possible in the TOS, leading to a de-facto corpo-state. It also undermines the rule of law in a cultural sense since many things in the TOS may be deemed unenforceable when actually challenged in court. The users will always be is a several disadvantageous bargaining position.
Until your country actually implements laws like these and Hacker News starts complaining that it is "business hostile" and "stifling innovation".
There are plenty of European countries which already have some laws like these. When I buy something on the internet, I have 14 days to return it if I don't like it. I am guaranteed to have a reasonable warranty. Companies cannot abuse my personal data without explicit consent. And indeed, forced binding arbitrage is also not allowed.
There is no need to mandate a template ToS, you just need basic consumer protection laws.
Having grown up in the US, my absolute favorite law in Czechia is the one that says the advertised price has to equal the price on the bill. In the US, you get a $20 cell phone plan and the bill is for $60 after fees. In Czechia the price is always exactly as advertised.
Another great on is that text size has legal meaning here. The larger/darker the text the greater the legal weight. So if the contract says two contradictory things, the larger text wins out...
Is that actually the law? Can I get a link to that? In slovenia we have a "suggest-to-government" website, and i'll put the working example there and hopefully at least gain some traction somewhere
Yes and no. The Czech law is very vague saying that contracts must be written in good will and be understandable by the signatories. It is the Czech supreme court which wrote up a legal test for understandability which you can find here https://www.epravo.cz/top/clanky/absolutni-zakaz-smluvnich-p...
I've translated the test using deepl:
Translation results
"In practice, the principle of fairness is manifested, inter alia, by the fact that the text of a consumer contract, especially if it is a form contract, should be sufficiently legible, clear and logically organised for the average consumer. For example, contractual terms must be of sufficient font size, not be significantly smaller than the surrounding text, and not be set out in sections which give the impression of being irrelevant. This principle of fairness also applies to the application of general terms and conditions. As stated in paragraph 9, general terms and conditions may also be applied in consumer contracts, but such application is subject not only to the formal limitations mentioned but also to restrictions as to content."
> When I buy something on the internet, I have 14 days to return it if I don't like it
One (unintended?) consequence of this is that as a consumer, you cannot buy an annual digital motorway toll pass in Austria with immediate validity. The earliest your pass can start from is 18 days from the date of purchase.
"Customers can withdraw from the online purchase of a digital vignette within 14 days. Taking into account a further three-day period for mail, your digital 2-months and annual vignette is only valid from the 18th day after purchase."
How glorious that it's necessary to include 3 extra days to cover the potential delivery time of postal mail in the event of a return for an entirely digital product :/
The workaround for this - which I discovered last time I drove a rental car in Austria - is to tick the box that says "I'm a business, not a consumer". You don't need to prove you're a business, just to tick the box. Consumer protection nullified, can purchase product valid immediately.... <sigh>
Interesting though, that's not what the regulations say - DIRECTIVE 97/7/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 1997 on the protection of consumers in respect of distance contracts
3. Unless the parties have agreed otherwise, the consumer may not exercise the right of withdrawal provided for in paragraph 1 in respect of contracts:
- for the provision of services if performance has begun, with the consumer's agreement, before the end of the seven working day period referred to in paragraph 1,
You can buy digital goods for immediate use in other EU countries as a consumer - this sounds like something more specific (is it actually even the same in Austria for things like an e-book?).
Some online services simply ask you to wave your 14-day return right if you want to start using the service immediately. Not sure why they won't do this in this case.
In NL you don't get your 14 days on remote purchases when it doesn't make sense. You cant purchase a game play it and return it. You cant eat the food. You cant wear the dress etc
If the 14 days do apply you have to inform the customer about it or it turns into 12 months.
Strange, I would have thought a pro rata refund would be allowable in these cases. I'm pretty sure that's how it works with insurance so I'm unsure why a toll pass would be any different.
Because they only sell them for durations of 10 days, 2 months and 1 year. So if you only need to cross the country for 5 hours, they would lose a lot of money.
> This is no longer true, I believe (starting Dec 1 2023). You can buy the vignette online starting immediately
If that's true then it's possible that Asfinag (the toll agency) haven't updated their website. On trying a test purchase just now to buy a two-month or annual pass it still states:
"I'm a consumer
Digital 2-month vignettes and digital annual vignettes purchased today are valid from 25.12.2023 at the earliest due to the right of withdrawal when purchasing online. All other toll products can be used immediately. (More info in the FAQ)
I represent a company
The right of withdrawal does not apply to commercial customers; purchased digital toll products are therefore valid immediately. (More info in the FAQ)"
I was only partially correct. Looked again at asfinag and the grace period does not apply to 1 and 10-day vignettes. From their website:
"18-days-period
Consumer protection is very important to us – especially as far as our digital products are concerned.
Customers can withdraw from the online purchase of a digital vignette within 14 days. Taking into account a further three-day period for mail, your digital 2-months and annual vignette is only valid from the 18th day after purchase.
This deadline does not apply if you purchase a 1-day or 10-day vignette!"
> "18-days-period Consumer protection is very important to us"
Which is of course how you immediately know that it is not just unimportant to them but they will try to do anything to not have to abide by the rules and maliciously comply with anything they can't disregard completely.
Really the 14 days should start when you actually receive the item in a usable state and if the law actually allows these kind of workarounds around that then it should be changed.
If you collect a vehicle in Austria it's almost certainly already got a vignette (pretty tricky for the rental company to operate an Austria-registered vehicle without one).
If you collect in your car in Germany, as I did, and drive it over the border yourself then you almost certainly won't get one (although I've ever been lucky!) so you need to purchase one (physical or digital) before (or as) you cross the border.
> There are plenty of European countries which already have some laws like these. When I buy something on the internet, I have 14 days to return it if I don't like it. I am guaranteed to have a reasonable warranty. Companies cannot abuse my personal data without explicit consent. And indeed, forced binding arbitrage is also not allowed.
This is because of EU laws. A lot of the best laws we have in European countries are because of EU laws.
I also suspect that this clause isn't valid in most of Europe.
You are correct, I can not find where arbitration is forbidden in the directive also it is quite the opposite.
I think in this particular case we are talking about Directive 2011/83/EU of the European Parliament and of the Council on consumer rights.
Article 6(1)
(t) where applicable, the possibility of having recourse to an out-of-court complaint and redress mechanism, to which the trader is subject, and the methods for having access to it.
ADR is not forbidden. But it is regulated by 2013/11/EU [1]. In particular:
"
(43)
An agreement between a consumer and a trader to submit complaints to an ADR entity should not be binding on the consumer if it was concluded before the dispute has materialised and if it has the effect of depriving the consumer of his right to bring an action before the courts for the settlement of the dispute. Furthermore, in ADR procedures which aim at resolving the dispute by imposing a solution, the solution imposed should be binding on the parties only if they were informed of its binding nature in advance and specifically accepted this. Specific acceptance by the trader should not be required if national rules provide that such solutions are binding on traders."
Australia also has very strong consumer protection laws. I'm not an Aussie, but many come here and tell us about it. It doesn't seem to scare companies away from doing B2C business in Australia.
As an Aussie, I can say that our consumer protection laws are awesome. Some multinational / international companies have been bitten by them, but only because they didn't do their due diligence before launching in Australia.
They're really an example of laws designed to protect people. I've universally found that people who complain about them either don't understand them, or they're trying to take advantage of people.
I don't understand how other countries operate without similar laws!
IIRC, Steam famously had to implement their refund system after the Aus government threatened legal action against them. They ended up making the refund system global rather than Aus-specific, so cheers for that one mates!
The problem as I see it is that the internet gives businesses the ability to operate globally, but having to be in specific compliance with different laws from every single country (or group like EU) is really challenging and in some cases the regulations are misguided (I think the rise of cookie consent banners is one of the crappiest things to happen to the internet as a user)
And that does make it hard, especially if you want to start an internet based business without a ton of money. It adds a huge barrier to entry. Whereas existing players can take on the burden of complying etc... further solidifying the position of very large tech companies.
I do agree that basic consumer protection laws are needed, but one overzealous piece of regulation really can cause a lot of problems.
> and Hacker News starts complaining that it is "business hostile" and "stifling innovation".
Thinking in such simple terms is going to draw you to wrong conclusions. Hacker News doesn't complain. People discuss things. Different people have different opinions. And if they did - so what? You're phrasing this as though people talking on Hacker News would somehow overturn common law.
I think GP was a valid comment about how people propping up business hostility is one of the main reasons consumer law is very weak in the US. Of course, people are allowed to have opinions. GP is arguing what the results of one of these opinions are.
I’d also use the comparison between what was claimed about EU regulations in the UK during the years leading up to Brexit, and subsequent developments. The money spent promoting those false claims was effective.
14 days is the minimum legal requirement for returns without having to state a reason. And they have to give you back real money no some funny store currency. There are also munimum warranty periods.
> Until your country actually implements laws like these and Hacker News starts complaining that it is "business hostile" and "stifling innovation".
Literally, so what? I don't understand your point. You can't be under the impression that all laws must be popular with all people, so what does it matter if some ancrap libertarians complain about it? This shouldn't stop the implementation of such laws.
It’s more than “so what” because those people aren’t coming from nowhere. American businesses spend a lot of money promoting libertarianism to this end, and it’s been effective enough that any reforms will face unified opposition from every Republican in Congress and likely some Democrats. Most of these are minority positions in the public but not in terms of legislative votes.
> American businesses spend a lot of money promoting libertarianism to this end
American businesses would be the first one crying if they had to operate in a libertarian environment. In reality, they spend a lot of money to ensure heavy regulation that allows them to build moats.
They’re pretty fond of disclaiming obligations and not being sued in real courts, though. The key thing is recognizing that most of the libertarian media exists to serve the funders’ interests, not to promote a coherent ideology.
What media is seen as holding a libertarian ideology? That is not a common bias. I do see the "consumers should have more choice" bent that you seem to be talking about more prevalently, but that's something quite different.
There’s a pipeline you can see when they’re workshopping ideas where things start at some think tank or other very openly ideological organization and moves through Reason, TNR, Fox, on to the WSJ and NYT where at each level the issue is pitched as more of a “lots of people are talking” kind of phenomenon detached from the source.
A really good example of this happened a decade ago when you started seeing these public reconsiderations where an NYT oped or someone on a Sunday news show was asking whether Rachel Carson was responsible for increased numbers of Africans dying from malaria. If you didn’t follow it before then, it looked like an organic discussion reconsidering whether an environmental success has unintended consequences.
If you had followed it, however, it was actually funded by the tobacco companies as part of an attack against public health agencies. They started with places like their lobbyist’s blog, got traction in the libertarian / right-wing blogosphere, then Reason, then the unabashed right-wing media, etc. until the more mainstream media felt the need to cover this story “everyone” was talking about:
It’s not uncommon to find that cycle behind “runaway government” news stories where the mainstream coverage doesn’t mention that someone’s full-time job was pitching that story to reporters.
While I understand that looseness of your "common law" phrase, it's precisely the newness of the field that leads us to the lack of historical precedence (ie "common law").
So I would argue that we don't need "common law", we need "actual law".
The problem is that "law" is a subject that is very, very specific. Don't want them yo sell "your data" - well then first you need to define what data is "yours" and what is "theirs". That might be harder than you think. (Do you own your docile security number? Or find the govt lend it to you? Are public records considered to be public data?)
Privacy is just one corner. What about finances - can a service cut you off? What if you never oaid for it? Can you delete posts? Can quotes from deleted posts still exist? Can advertisers target specific demographics?
The problem being that writing actual law gor this stuff is hard. Writing law that will satisfy even a majority of people is near impossible.
So I hear your call, but I suspect you won't be happy with the law when they make it.
I'm not sure, IANAL but I would say that much of what a EULA or ToS covers is not that novel, companies skate by on technicalities, and a nontrivial portion of a typical agreement may even already be invalid but lacks case law. If companies weren't worried this might be true they wouldn't need the severability clauses. For example, disassembling or repairing items you paid for or duplicating legally owned copyrighted works for personal use (not distribution) were rights that were well established, but sprinkle in the right technology (even if it has no purpose other than to interfere with these rights) and suddenly it gets a pass. It's not a novel situation, it's a loophole to opt out of established law.
You are right that we won't be happy with the new laws, as so far and with the examples I gave new laws have mostly removed consumer rights, not asserted them.
> duplicating legally owned copyrighted works for personal use (not distribution) were rights that were well established, but sprinkle in the right technology and suddenly it gets a pass
True in more than one way; owning copyright to your works and being able to refuse/get paid for commercial distribution was a right well established, but a sprinkle of right technology and suddenly they can charge people to copy your work on demand with minor modifications for your own commercial use (while you get nothing).
The newness of the field has nothing to do with it. The internet and tech in general has benefitted from being outside the law and doing all the old illegal sales and marketing techniques, online.
We can get into the weeds on the detail of the law, and we'll find in the end it looks something like where we started with 'common' law.
Law doesn't need to satisfy the majority of people, most don't want or care about what the law says or does. The law needs to secure some core concepts of liberty, freedom and move on.
There's nothing new under the sun, it's a lot of work. Making small changes works better than thinking about an entirely new system.
The easy answer should be TOS that are not non lawyer readable or not under N paragraphs are not binding. When you buy a house you don’t give 1 signature. You literally sign every friggen page including multiple places on the same page, TOS shouldn’t be different
Require companies to make a reasonable effort to ensure users have read the license.
Want to order some food from some new delivery website? Hold on, I just have to sit on this screen for 30 minutes pretending to read the EULA -- oh nevermind, I'll just go pick it up.
> Want to order some food from some new delivery website? Hold on, I just have to sit on this screen for 30 minutes pretending to read the EULA -- oh nevermind, I'll just go pick it up.
Well, that would be ideal, because in order to actually get users, the company would have to have very simple and reasonable terms. After all, that's the case for the cast majority of in-person businesses.
Youtube has a relatively short UK ToS [1] that doesn't require a lawyer to understand. This is impressive given the variety of copyright, monetisation, and content moderation rules it touches.
Yet almost nobody reads it, despite it being promoted on visitation to one of the world's most popular sites.
How about a "continental law" solution? Usually you can't give up rights you do not have yet, so you can't sign a binding arbitrage clause if you haven't been wronged yet. This is in addition to TOS'es being restricted heavily by laws that define the limits of general terms and conditions (generally contracts that are offered to a large amount of people) and the existence of consumer arbitration committees that make it really simple for consumers to go after firms.
> so you can't sign a binding arbitrage clause if you haven't been wronged yet.
This doesn't make sense to me.
Firstly, I take it that by "arbitrage" you mean "arbitration"; arbitrage is a kind of market trading, and "binding arbitrage clause" isn't a thing.
If we're talking about arbitration, many contracts contain binding arbitration clauses which are enforcible by either party from the outset; neither party has been wronged yet.
It's not like we don't have cultural admonishments against this type of behavior - take Rapunzel for example.
* Walled garden of the sorceress equivalent to corporate walled garden.
* Rapunzel (the leafy green) representing either a life-saving service or unquenchable greed of the consumer. By holding the genetic health of future children hostage, The 23andMe connection is particularly apropos - the sorceress holds Rapunzel hostage.
* The husband agrees to a ToS in exchange for rapunzel (the leafy green).
As the story unfolds the consequences reveal themselves...
It's difficult because digital ToS are so tightly tailored to your business, and digital businesses are so malleable and formless.
If you went through the effort to standardize your ToS, it would only be "useful" to a tiny handful of businesses at specific points in their growth trajectory.
Regulations like GDPR are a top-down approach to the privacy component of a Terms of Service (i.e. there are only so many variations to the privacy sections within a ToS that comply with GDPR), but there are so many more components than just customer data locality.
That being said, as a privacy-respecting entrepreneur, coming up with a "user-respecting" (i.e. win/win, legible, minimally-demanding/withholding) ToS is a sizable challenge. It'd be nice to have templates. I basically resort to reading the ToS of companies I respect in similar verticals.
Imagine there were a set of a few common terms that businesses could select, each with an icon, a high-level explanation, and the detailed legal copy.
I think there is a common set of those that would probably cover 80% of needs.
The remaining 20% could be "extended", custom terms for this company.
Such a system seems like it would make things much easier for consumers to understand, and also save legal fees for most companies. Maybe a good standard for a TOS-generator company to design and promote?
In general the problem is not that the documents are not readable or comprehensible - I understand perfectly well that in legalese it says that the situation will favor the business in every possible legal fashion and if some of those are not legal the remaining document will favor the business in every remaining possible fashion.
The problem is they are contracts of adhesion that consumers don’t have a real interest or consideration in, other than the performance being conditioned upon your agreement, and which they do not have any ability to debate or modify or generally any recourse except to go to another business with an equally odious contract as a condition of performance.
They’re not incomprehensible, they’re unconscionable, and solutions tackling the former are missing the point.
The problem is that the same “lobbying” that produced the regulatory environment permitting such contracts to be forced upon consumers also precludes any real attempt to tackle the latter. Businesses would scream here if you forced them to follow standard consumer protections, and our system is oriented to favor their interests over consumers in nearly every possible scenario as well.
Another “continental” solution to this would simply be to outlaw contracts of adhesion or contracts in which the consumer does not receive a consideration (other than performance of the contract). If you don’t have a consideration it’s simply not a valid or consciencable contract, people don’t agree to give up money or rights voluntarily in return for nothing, therefore these contracts must facially be coercive.
> If you went through the effort to standardize your ToS, it would only be "useful" to a tiny handful of businesses at specific points in their growth trajectory.
Sounds like the kind of language used by people who consider consumer protection to something to work around to maximise profit. Yeah, those businesses can get fucked.
> That being said, as a privacy-respecting entrepreneur, coming up with a "user-respecting" (i.e. win/win, legible, minimally-demanding/withholding) ToS is a sizable challenge. It'd be nice to have templates. I basically resort to reading the ToS of companies I respect in similar verticals.
Its only a sizable challenge if you want to seize more rights for yourself than is already guaranteed by existing laws.
Part of the ToS is explaining exactly what you do as a business with users' data and IP that they submit to your service. If you're maximally ethical, you still have to outline everything, and yes doing this concisely + precisely is a challenge.
Pulling an example out of a hat, see Mullvad's ToS[1] and Privacy Policy[2], and "No Logging" Policy [3].
I wouldn't say (at all) that Mullvad is trying to seize more rights that those guaranteed by existing laws, and yet maintaining their ToS almost certainly costs tens of thousands of dollars per year.
For another example, see Bandcamp's Terms of Use [1]. They straddle the line of social media (where you need the platform to be an effective moderator, which requires extensive ToU) and the music industry (which involves much liability around various IP rights).
Bandcamp isn't really screwing anybody. IMO the most objectionable thing they do is provide Google Analytics as a service to paid musicians. But the lines around that are <5% of their overall set of policies, precious few lines of which are objectionable.
Personally, I'd like for it to be illegal to force people into TOSes which add binding arbitration to access their accounts and data once they've already time and money into the system otherwise. I shouldn't be negatively impacted regarding my rights to data or damages just because you were careless with my data. Likewise, any explicit agreement to legal remedy should really be in its own independent section for users to approve.
Personally I'd like for binding arbitration to be unenforceable period. It's a hack to work around the laws of the country by preventing people from availing themselves of this and should be treated as such.
"... the owner of the social network cannot resell data to a third party)."
Not sure I understand. Social media operators do not sell data. They provide access to computer users, acting like a Trojan Horse. ("Our app is installed on millions of phones. Millions people use some individual's website to communicate with each other." Zuckerberg, Musk, etc.)
Perhaps "resell" refers to when social media companies buy data. What prohibits them from (re)selling it. Maybe the seller's terms would prohibit transfer to any third party.
Using to term "sell" to describe these data transfers to other parties is ineffective. Prohibiting the "sale" of data will not stop social media companies from transferring data to others.
I like this idea, but I think it's not flexible enough. Instead my over complicated dream is to allow companies to propose new TOS in a similar way to new top level domains. They can put in a lot of money and add TOS language to the approved list, but then anyone can use that language. Ideally the pricing would be such that only 10 to 50 unique TOS would exist at any point in time
So instead of the richest companies setting the standard for what a TOS contains.... The richest companies would formally set the standard for what a TOS contains.
I think the problem I was most interested in solving is maybe only somewhat related to this. I was frustrated that no one actually ever looks at TOS and so there is very little real informed choice happening. With a small fixed number it would be easier for audits and understanding to happen
Individual states don’t have the power to restrict arbitration agreements in this way. California has tried repeatedly, but the laws keep getting invalidated because they’re preempted by the Federal Arbitration Act, which requires that contracts containing binding arbitration clauses be enforced and treated the same as all other contracts. State laws that selectively disfavor or restrict arbitration agreements will violate this.
If this regrettable state of affairs is to be improved, it will require an act of Congress, unfortunately.
If you don't want a company to have your DNA, don't give it to them.
It seems like a business was built around people wanting to be told they had 20% more fun in their bloodline, for a fee. Those people didn't consider the implications of giving this kind of data to a private company.
Now the company is saying, "we got the DNA you gave us, for a fee and we don't want to go to court to fight you about how we use it".
Just don't give them your DNA. It's not that hard.
We have something like this for brick'n'mortar retail already -- each store can't just make up their own rules but rather has to operate within a societal framework.
The system we have right now leads to every corporation being incentivized to claim as much legal ground as possible in the TOS, leading to a de-facto corpo-state. It also undermines the rule of law in a cultural sense since many things in the TOS may be deemed unenforceable when actually challenged in court. The users will always be is a several disadvantageous bargaining position.