6 Major Legal Policy Fails of Fortune 500s and Their Lessons to Take Away

Sep 12, 2017 by Zachary Paruch, Termly
6 Major Legal Policy FAILS of Fortune 500s
Posted Sep 12, 2017 by Zachary Paruch, Termly

Every few months, the internet becomes replete with news of outrage at a change in a major company’s legal policy. It’s always the same story — the company makes a shocking or ambiguously worded update to one of its policies, there is a public backlash, the CEO makes a formal apology, and the changes are scrapped.

Inevitably, the company loses customers, its stocks take a hit, and it wears a scarlet letter in the public eye for a few months — at least until another company gets pinched for similar crimes against consumer privacy.

So what can your business do to avoid a similar fate?

Below, we’ve outlined 6 examples of high-profile, Fortune 500 legal policy fails, and the lessons to take away from them.

1. Spotify

In August of 2015, Spotify updated its privacy policy to include terms that suggested the company would be able to access user photos, contacts, and location and sensor data. The update caused public outcry, as users across social media expressed concerns that the implied improvement in service would not be worth the amount of personal data surrendered.

Spotify

The company alienated its then 75 millions active users with an ill-conceived update to its privacy policy

Spotify had failed to make clear that these terms were opt-in, and that users would have to first give their express permission before the company could access any of this additional data.

The next day, the company’s CEO, Daniel Ek, posted a public apology on the company website in an effort to address user concerns and clarify his position. He also promised to update the policy again in a way that would better reflect the company’s true intentions.

2. Instagram

In 2012, the popular photo-sharing app created a storm of controversy with an update to its privacy policy. This update included terms which stated that Instagram had the right to sell the personal data of its users — including usernames, likenesses, and photos — without any compensation to the user.

One day later, following an uproarious backlash across social media and in the news, the company’s CEO went public with an apology and promised to remove the offending language from the policy. He cited the confusing language used in the terms and a misinterpretation of their intentions as the cause for the backlash.

Kevin Systrom

Instagram’s CEO, Kevin Systrom, failed to make his reasons for updating the company’s privacy policy clear

This was not before an unprecedented number of users left Instagram for other photo-sharing applications — with Pheed, in particular, benefitting from the controversy.

3. Dropbox

Dropbox, the extraordinarily popular file hosting service, courted controversy in July of 2011 with a change to its privacy policy that seemingly granted ownership of all user-generated content to the company.

One line of the new policy, in particular, drew ire from netizens. The line read:

DropboxHorrified users interpreted this to mean that, by using the Dropbox service, they were granting the company the right to do whatever it wanted with the work, photos, documents, and research that they entered into the platform. Further, users would have no recourse to take back ownership or gain compensation.

In response to the ensuing public outrage, the company amended its policy to add a line which explained that the license in question was for the sole purpose of technically administering and operating the service.

4. Snapchat

Another photo-sharing application to come under privacy-related scrutiny, Snapchat caused an uproar in 2015 when it released an update to its terms of service that gave the company license to store, reproduce, modify, and publish any and all user content.

To the app’s users, this was an especially heinous breach of trust and privacy, as Snapchat’s primary appeal is the fact that you can send photos that disappear moments later. If photos can be stored, reproduced, and published by the company, it means that they do not really disappear at all.

Only three days later, and in response to the public outcry, Snapchat took to its blog to clarify its stance and the wording of its policy updates.

The company emphasized that it had only updated its policies so that they’d read the way people actually talk. Snapchat adamantly maintained that it had not and would not store user content, and went lengths to ensure users that their photos and messages were deleted after they were seen or had expired.

5. Delta Air Lines

Delta Air Lines, one of the biggest airlines in the world, was embroiled in legal conflict in 2012 because of its mobile app, Fly Delta. The application allows users to check in, pay luggage fees, and rebook flights. To perform these services, the app must collect personal information from its users. However, at the time, the app did not include a privacy policy.

California passed legislation in 2003 that requires mobile app developers to conspicuously place a privacy policy — or a link to the privacy policy — within the app, that details what personal information is collected and how it is used. This law is referred to as the California Online Privacy Protection Act, or CalOPPA.

While Delta’s website had a privacy policy, it made no mention of the Fly Delta app, and according to privacy experts, it wasn’t reasonably accessible to app users. To the state of California and its lawmakers, this was in direct violation of CalOPPA. In fact, California attorney general Kamala Harris decided to sue Delta on behalf of the state of California, over the CalOPPA violation.

Delta Airlines

Delta has since added a dedicated privacy policy for its mobile applications.

After more than three years of trials and appeals, the case was thrown out in favor of Delta Air Lines. The presiding judge held that the Airline Deregulation Act of 1978, a federal law, preempted the application of CalOPPA to the Fly Delta app — thus giving airlines an industry-specific exception to CalOPPA.

6. Evernote

Evernote, a note-taking application, caused outrage in 2016 with an update to its privacy policy that allowed the company’s employees to access and read user content. The policy stated that the access was given for “machine learning purposes”.

Also outlined in the policy was the right of users to opt out of giving Evernote employees such access, but this came at the cost of decreasing the quality of service. Strangely, later in the same privacy policy, it was stated that by using the application, users had already opted in to this practice — and could not opt out.

Evernote

Two days later, amidst a cacophony of social media backlash, Evernote’s CEO made a public apology, took responsibility for the company’s mistakes, and promised to ditch the new privacy policy changes.

What Can We Learn from Their Mistakes?

Although the aforementioned cases involve high-profile names, the offending companies all made similar, very fundamental mistakes with the management of their legal policies. You can learn from these mistakes, and take steps to ensure that your business and your legal policies don’t meet a similar fate.

Get a privacy policy

If your company’s website or app collects user information of any kind, you must have a privacy policy. Even if you don’t collect any personal information at this time, it is still best to have one.

Delta Air Lines was prosecuted by the state of California for neglecting to include a privacy policy with its mobile app. Fortunately for them, there was a federal law pertaining specifically to airlines that superseded CalOPPA and got them off the hook. This will not be the case for you and your business.

Including a privacy policy on your website or mobile application can only benefit you, but not having one can end up costing you thousands of dollars.

Privacy policy

Learn more: How to Write a Privacy Policy for Your E-Commerce Store

Use language that is easy to understand

Nearly all of the cases outlined above were a result of the use of language that was too easily misinterpreted. These misinterpretations and subsequent consumer outcry could have been avoided by simply taking more care to ensure that the language used was easy to understand.

If possible, avoid using overly formal language in your legal policies. Legalese is difficult for many people to understand, and could create confusion or misinterpretations. Overly formal language also acts as a barrier of sorts, seemingly keeping the user at arm’s length.

Try to be as conversational as possible. Your users will feel more confident in their understanding of your policies, and also that you are being real and open with them.

Snapchat policy

Snapchat’s privacy policy cuts out the legalese and uses very conversational language, which is easy to understand for the average user.

Be transparent about your intentions

Another pitfall common amongst most of the cases detailed above was a lack of transparency about the company’s intentions. The companies rightly notified their users that there were updates to the policies, but did little to explain the reason for those updates or the effects the changes would have.

Make an effort to be open with your users. Notify them with any changes to your legal policies, and explain why those changes have been made. If you need to collect more personal information to improve your services, just be open and let them know. They will appreciate your candidness and be more likely to give you the benefit of the doubt.
Twitter policy

Twitter dedicated an entire blog post to explaining how and why the company updated its privacy policy. Users appreciate and trust this level of transparency.

Get a second opinion

When working on something for a long time, it’s easy to get too close to it to notice problems. In the cases discussed above, lawyers most likely spent hours poring over those policies to make them just right.

However, when push came to shove, the documents contained some glaring problems that the companies in question clearly hadn’t noticed or anticipated. This is why it’s important to get a second — or even a third — opinion on your proposed changes. They may notice something that you’ve missed, or have a different interpretation of the words you’ve used.

Of all the companies that have suffered consumer backlash as a result of updates to legal policies, Evernote is one of the only ones to take appropriate steps to right their wrongs.

In 2017, Evernote rolled out what was essentially the same privacy policy as the one that had been met with such outcry the year before. This time, however, the language was much clearer and more transparent. The company had reworked the document, consulted with watchdog groups and privacy experts, and ultimately got their approval before rolling out the new policy.

Evernote finally learned its lesson and did things the right way — but only after suffering a very public controversy and losing countless users. Avoid the backlash, and do things the right way from the start.

***

Providing all the necessary legal information is important for every business. That’s why creating and using legal pages is a free feature in Ecwid. Enable your shipping and payment info, return policy, terms and conditions, privacy policy in Settings → General → Legal Pages.

Also read: How to Write a Good Return Policy for E-сommerce Stores

About The Author
Zachary Paruch is a product manager and small business expert at Termly, where he helps to develop legal policy software for small businesses. When he’s not saving SMBs from lawsuits and financial ruin, he can be found playing soccer, binging a Netflix series, or getting a beer with some good friends.

Stay up to date!

Get free e-commerce tips, news and inspiring ideas delivered directly to your inbox

Also read