Viskas, ko reikia parduoti internetu

Set up an online store in minutes to sell on a website, socialinė žiniasklaida, or marketplaces.

6 Major Legal Policy FAILS of Fortune 500s

Major Legal Policy Fails of Fortune 500s and Their Lessons to Take Away

14 min read

Every few months, the internet becomes replete with news of outrage at a change in a major company’s legal policy. It’s always the same story — the company makes a shocking or ambiguously worded update to one of its policies, there is a public backlash, the CEO makes a formal apology, and the changes are scrapped.

Inevitably, the company loses customers, its stocks take a hit, and it wears a scarlet letter in the public eye for a few months — at least until another company gets pinched for similar crimes against consumer privacy.

So what can your business do to avoid a similar fate?

Below, we’ve outlined 6 examples of high-profile, Fortune 500 legal policy fails, and the lessons to take away from them.

1. Spotify

In August of 2015, Spotify updated its privacy policy to include terms that suggested the company would be able to access user photos, contacts, and location and sensor data. The update caused public outcry, as users across social media expressed concerns that the implied improvement in service would not be worth the amount of personal data surrendered.


The company alienated its then 75 millions active users with an ill-conceived update to its privacy policy

Spotify had failed to make clear that these terms were opt-in, and that users would have to first give their express permission before the company could access any of this additional data.

The next day, the company’s CEO, Daniel Ek, posted a public apology on the company website in an effort to address user concerns and clarify his position. He also promised to update the policy again in a way that would better reflect the company’s true intentions.

2. Instagramas

Į 2012, the popular photo-sharing app created a storm of controversy with an update to its privacy policy. This update included terms which stated that Instagram had the right to sell the personal data of its users — including usernames, likenesses, and photos — without any compensation to the user.

One day later, following an uproarious backlash across social media and in the news, the company’s CEO went public with an apology and promised to remove the offending language from the policy. He cited the confusing language used in the terms and a misinterpretation of their intentions as the cause for the backlash.

Kevin Systrom

Instagram’s CEO, Kevin Systrom, failed to make his reasons for updating the company’s privacy policy clear

This was not before an unprecedented number of users left Instagram for other photo-sharing applications — with Pheed, ypač, benefitting from the controversy.

3. Dropbox

Dropbox, the extraordinarily popular file hosting service, courted controversy in July of 2011 with a change to its privacy policy that seemingly granted ownership of all user-generated content to the company.

One line of the new policy, ypač, drew ire from netizens. The line read:

DropboxHorrified users interpreted this to mean that, by using the Dropbox service, they were granting the company the right to do whatever it wanted with the work, nuotraukos, documents, and research that they entered into the platform. Toliau, users would have no recourse to take back ownership or gain compensation.

In response to the ensuing public outrage, the company amended its policy to add a line which explained that the license in question was for the sole purpose of technically administering and operating the service.

4. Snapchat

Another photo-sharing application to come under privacy-related scrutiny, Snapchat caused an uproar in 2015 when it released an update to its terms of service that gave the company license to store, reproduce, modify, and publish any and all user content.

To the app’s users, this was an especially heinous breach of trust and privacy, as Snapchat’s primary appeal is the fact that you can send photos that disappear moments later. If photos can be stored, reproduced, and published by the company, it means that they do not really disappear at all.

Only three days later, and in response to the public outcry, Snapchat took to its blog to clarify its stance and the wording of its policy updates.

The company emphasized that it had only updated its policies so that they’d read the way people actually talk. Snapchat adamantly maintained that it had not and would not store user content, and went lengths to ensure users that their photos and messages were deleted after they were seen or had expired.

5. Delta Air Lines

Delta Air Lines, one of the biggest airlines in the world, was embroiled in legal conflict in 2012 because of its mobile app, Fly Delta. The application allows users to check in, pay luggage fees, and rebook flights. To perform these services, the app must collect personal information from its users. Tačiau, at the time, the app did not include a privacy policy.

Kalifornija passed legislation in 2003 that requires mobile app developers to conspicuously place a privacy policy — or a link to the privacy policy — within the app, that details what personal information is collected and how it is used. This law is referred to as the California Online Privacy Protection Act, or CalOPPA.

While Delta’s website had a privacy policy, it made no mention of the Fly Delta app, and according to privacy experts, it wasn’t reasonably accessible to app users. To the state of California and its lawmakers, this was in direct violation of CalOPPA. Faktiškai, California attorney general Kamala Harris decided to sue Delta on behalf of the state of California, over the CalOPPA violation.

Delta Airlines

Delta has since added a dedicated privacy policy for its mobile applications.

After more than three years of trials and appeals, the case was thrown out in favor of Delta Air Lines. The presiding judge held that the Airline Deregulation Act of 1978, a federal law, preempted the application of CalOPPA to the Fly Delta app — thus giving airlines an industry-specific exception to CalOPPA.

6. Evernote

Evernote, a note-taking application, caused outrage in 2016 with an update to its privacy policy that allowed the company’s employees to access and read user content. The policy stated that the access was given for “machine learning purposes”.

Also outlined in the policy was the right of users to opt out of giving Evernote employees such access, but this came at the cost of decreasing the quality of service. Strangely, later in the same privacy policy, it was stated that by using the application, users had already opted in to this practice — and could not opt out.


Two days later, amidst a cacophony of social media backlash, Evernote’s CEO made a public apology, took responsibility for the company’s mistakes, and promised to ditch the new privacy policy changes.

What Can We Learn from Their Mistakes?

Although the aforementioned cases involve high-profile names, the offending companies all made similar, very fundamental mistakes with the management of their legal policies. You can learn from these mistakes, and take steps to ensure that your business and your legal policies don’t meet a similar fate.

Get a privacy policy

If your company’s website or app collects user information of any kind, you must have a privacy policy. Even if you don’t collect any personal information at this time, it is still best to have one.

Delta Air Lines was prosecuted by the state of California for neglecting to include a privacy policy with its mobile app. Fortunately for them, there was a federal law pertaining specifically to airlines that superseded CalOPPA and got them off the hook. This will not be the case for you and your business.

Including a privacy policy on your website or mobile application can only benefit you, but not having one can end up costing you thousands of dollars.

Privacy policy

Sužinokite daugiau: How to Write a Privacy Policy for Your E-Commerce Store

Use language that is easy to understand

Nearly all of the cases outlined above were a result of the use of language that was too easily misinterpreted. These misinterpretations and subsequent consumer outcry could have been avoided by simply taking more care to ensure that the language used was easy to understand.

If possible, avoid using overly formal language in your legal policies. Legalese is difficult for many people to understand, and could create confusion or misinterpretations. Overly formal language also acts as a barrier of sorts, seemingly keeping the user at arm’s length.

Try to be as conversational as possible. Your users will feel more confident in their understanding of your policies, and also that you are being real and open with them.

Snapchat policy

Snapchat’s privacy policy cuts out the legalese and uses very conversational language, which is easy to understand for the average user.

Be transparent about your intentions

Another pitfall common amongst most of the cases detailed above was a lack of transparency about the company’s intentions. The companies rightly notified their users that there were updates to the policies, but did little to explain the reason for those updates or the effects the changes would have.

Make an effort to be open with your users. Notify them with any changes to your legal policies, and explain why those changes have been made. If you need to collect more personal information to improve your services, just be open and let them know. They will appreciate your candidness and be more likely to give you the benefit of the doubt.
Twitter policy

Twitter dedicated an entire blog post to explaining how and why the company updated its privacy policy. Users appreciate and trust this level of transparency.

Get a second opinion

When working on something for a long time, it’s easy to get too close to it to notice problems. In the cases discussed above, lawyers most likely spent hours poring over those policies to make them just right.

Tačiau, when push came to shove, the documents contained some glaring problems that the companies in question clearly hadn’t noticed or anticipated. This is why it’s important to get a second — or even a third — opinion on your proposed changes. They may notice something that you’ve missed, or have a different interpretation of the words you’ve used.

Of all the companies that have suffered consumer backlash as a result of updates to legal policies, Evernote is one of the only ones to take appropriate steps to right their wrongs.

Į 2017, Evernote rolled out what was essentially the same privacy policy as the one that had been met with such outcry the year before. This time, tačiau, the language was much clearer and more transparent. The company had reworked the document, consulted with watchdog groups and privacy experts, and ultimately got their approval before rolling out the new policy.

Evernote finally learned its lesson and did things the right way — but only after suffering a very public controversy and losing countless users. Avoid the backlash, and do things the right way from the start.


Providing all the necessary legal information is important for every business. That’s why creating and using legal pages is a free feature in Ecwid. Enable your shipping and payment info, return policy, terminai ir sąlygos, privacy policy in Settings → General → Legal Pages.

Do you want to learn more about legal aspects of running an online store?


Parduodu internetu

With Ecwid Ecommerce, you can easily sell anywhere, visiems – internete ir visame pasaulyje.

About the author

Zachary Paruch is a product manager and small business expert at Termly, where he helps to develop legal policy software for small businesses. When he’s not saving SMBs from lawsuits and financial ruin, he can be found playing soccer, binging a Netflix series, or getting a beer with some good friends.

Ecommerce that has your back

So simple to use – even my most technophobic clients can manage. Easy to install, quick to set up. Light years ahead of other shop plugins.
I’m so impressed I’ve recommended it to my website clients and am now using it for my own store along with four others for which I webmaster. Beautiful coding, excellent top-notch support, great documentation, fantastic how-to videos. Thank you so much Ecwid, you rock!
I’ve used Ecwid and I love the platform itself. Everything is so simplified it’s insane. I love how you have different options to choose shipping carriers, to be able to put in so many different variants. It’s a pretty open e-commerce gateway.
Easy to use, prieinama kaina (and a free option if starting off). Looks professional, many templates to select from. The App is my favorite feature as I can manage my store right from my phone. Highly recommended 👌👍
I like that Ecwid was easy to start and to use. Even for a person like me, without any technical background. Very well written help articles. And the support team is the best for my opinion.
For everything it has to offer, ECWID is incredibly easy to set up. Highly recommend! I did a lot of research and tried about 3 other competitors. Just try ECWID and you'll be online in no time.

Your ecommerce dreams start here

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Your Privacy

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. Tačiau, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information

More information

Strictly Necessary Cookies (Always active)
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.