Every few months, the internet becomes replete with news of outrage at a change in a major company’s legal policy. It’s always the same story — the company makes a shocking or ambiguously worded update to one of its policies, there is a public backlash, the CEO makes a formal apology, and the changes are scrapped.
Inevitably, the company loses customers, its stocks take a hit, and it wears a scarlet letter in the public eye for a few months — at least until another company gets pinched for similar crimes against consumer privacy.
So what can your business do to avoid a similar fate?
Below, we’ve outlined 6 examples of
1. Spotify
In August of 2015, Spotify updated its privacy policy to include terms that suggested the company would be able to access user photos, contacts, and location and sensor data. The update caused public outcry, as users across social media expressed concerns that the implied improvement in service would not be worth the amount of personal data surrendered.
The company alienated its then 75 millions active users with an
Spotify had failed to make clear that these terms were
The next day, the company’s CEO, Daniel Ek, posted a public apology on the company website in an effort to address user concerns and clarify his position. He also promised to update the policy again in a way that would better reflect the company’s true intentions.
2. Instagram
In 2012, the popular
One day later, following an uproarious backlash across social media and in the news, the company’s CEO went public with an apology and promised to remove the offending language from the policy. He cited the confusing language used in the terms and a misinterpretation of their intentions as the cause for the backlash.
Instagram’s CEO, Kevin Systrom, failed to make his reasons for updating the company’s privacy policy clear
This was not before an unprecedented number of users left Instagram for other
3. Dropbox
Dropbox, the extraordinarily popular file hosting service, courted controversy in July of 2011 with a change to its privacy policy that seemingly granted ownership of all
One line of the new policy, in particular, drew ire from netizens. The line read:
Horrified users interpreted this to mean that, by using the Dropbox service, they were granting the company the right to do whatever it wanted with the work, photos, documents, and research that they entered into the platform. Further, users would have no recourse to take back ownership or gain compensation.
In response to the ensuing public outrage, the company amended its policy to add a line which explained that the license in question was for the sole purpose of technically administering and operating the service.
4. Snapchat
Another
To the app’s users, this was an especially heinous breach of trust and privacy, as Snapchat’s primary appeal is the fact that you can send photos that disappear moments later. If photos can be stored, reproduced, and published by the company, it means that they do not really disappear at all.
Only three days later, and in response to the public outcry, Snapchat took to its blog to clarify its stance and the wording of its policy updates.
The company emphasized that it had only updated its policies so that they’d read the way people actually talk. Snapchat adamantly maintained that it had not and would not store user content, and went lengths to ensure users that their photos and messages were deleted after they were seen or had expired.
5. Delta Air Lines
Delta Air Lines, one of the biggest airlines in the world, was embroiled in legal conflict in 2012 because of its mobile app, Fly Delta. The application allows users to check in, pay luggage fees, and rebook flights. To perform these services, the app must collect personal information from its users. However, at the time, the app did not include a privacy policy.
California passed legislation in 2003 that requires mobile app developers to conspicuously place a privacy policy — or a link to the privacy policy — within the app, that details what personal information is collected and how it is used. This law is referred to as the California Online Privacy Protection Act, or CalOPPA.
While Delta’s website had a privacy policy, it made no mention of the Fly Delta app, and according to privacy experts, it wasn’t reasonably accessible to app users. To the state of California and its lawmakers, this was in direct violation of CalOPPA. In fact, California attorney general Kamala Harris decided to sue Delta on behalf of the state of California, over the CalOPPA violation.
Delta has since added a dedicated privacy policy for its mobile applications.
After more than three years of trials and appeals, the case was thrown out in favor of Delta Air Lines. The presiding judge held that the Airline Deregulation Act of 1978, a federal law, preempted the application of CalOPPA to the Fly Delta app — thus giving airlines an
6. Evernote
Evernote, a
Also outlined in the policy was the right of users to opt out of giving Evernote employees such access, but this came at the cost of decreasing the quality of service. Strangely, later in the same privacy policy, it was stated that by using the application, users had already opted in to this practice — and could not opt out.
Two days later, amidst a cacophony of social media backlash, Evernote’s CEO made a public apology, took responsibility for the company’s mistakes, and promised to ditch the new privacy policy changes.
What Can We Learn from Their Mistakes?
Although the aforementioned cases involve
Get a privacy policy
If your company’s website or app collects user information of any kind, you must have a privacy policy. Even if you don’t collect any personal information at this time, it is still best to have one.
Delta Air Lines was prosecuted by the state of California for neglecting to include a privacy policy with its mobile app. Fortunately for them, there was a federal law pertaining specifically to airlines that superseded CalOPPA and got them off the hook. This will not be the case for you and your business.
Including a privacy policy on your website or mobile application can only benefit you, but not having one can end up costing you thousands of dollars.
Learn more: How to Write a Privacy Policy for Your
Use language that is easy to understand
Nearly all of the cases outlined above were a result of the use of language that was too easily misinterpreted. These misinterpretations and subsequent consumer outcry could have been avoided by simply taking more care to ensure that the language used was easy to understand.
If possible, avoid using overly formal language in your legal policies. Legalese is difficult for many people to understand, and could create confusion or misinterpretations. Overly formal language also acts as a barrier of sorts, seemingly keeping the user at arm’s length.
Try to be as conversational as possible. Your users will feel more confident in their understanding of your policies, and also that you are being real and open with them.
Snapchat’s privacy policy cuts out the legalese and uses very conversational language, which is easy to understand for the average user.
Be transparent about your intentions
Another pitfall common amongst most of the cases detailed above was a lack of transparency about the company’s intentions. The companies rightly notified their users that there were updates to the policies, but did little to explain the reason for those updates or the effects the changes would have.
Make an effort to be open with your users. Notify them with any changes to your legal policies, and explain why those changes have been made. If you need to collect more personal information to improve your services, just be open and let them know. They will appreciate your candidness and be more likely to give you the benefit of the doubt.
Twitter dedicated an entire blog post to explaining how and why the company updated its privacy policy. Users appreciate and trust this level of transparency.
Get a second opinion
When working on something for a long time, it’s easy to get too close to it to notice problems. In the cases discussed above, lawyers most likely spent hours poring over those policies to make them just right.
However, when push came to shove, the documents contained some glaring problems that the companies in question clearly hadn’t noticed or anticipated. This is why it’s important to get a second — or even a third — opinion on your proposed changes. They may notice something that you’ve missed, or have a different interpretation of the words you’ve used.
Of all the companies that have suffered consumer backlash as a result of updates to legal policies, Evernote is one of the only ones to take appropriate steps to right their wrongs.
In 2017, Evernote rolled out what was essentially the same privacy policy as the one that had been met with such outcry the year before. This time, however, the language was much clearer and more transparent. The company had reworked the document, consulted with watchdog groups and privacy experts, and ultimately got their approval before rolling out the new policy.
Evernote finally learned its lesson and did things the right way — but only after suffering a very public controversy and losing countless users. Avoid the backlash, and do things the right way from the start.
***
Providing all the necessary legal information is important for every business. That’s why creating and using legal pages is a free feature in Ecwid. Enable your shipping and payment info, return policy, terms and conditions, privacy policy in Settings → General → Legal Pages.
Do you want to learn more about legal aspects of running an online store?
- Legal Docs for Online Stores: Protection and Trust
- How to Write a Privacy Policy for Your Ecommerce Store
- How to Write an Effective Return Policy
- 25 Places to Find
Low-Cost Legal Advice - 6 Major Legal Policy Fails of Fortune 500s
- Understanding the Terms and Conditions Page
- Registering Your Ecommerce Business
- Protecting the Brand: How To Register a Trademark
