Content providers slammed for "hostile" privacy policies

Long-time privacy advocate Dr Roger Clarke has called for tough new laws to rein in "hostile" terms and conditions used by international internet content giants like Facebook and Google.

Figure backing off with open hand.

Speaking before the Joint Select Committee on Cybersafety, Clarke branded the business models of the internet and social media companies "consumer-hostile" and exploitative of "people and their data".

Clarke - who runs the Xamax business consultancy and chairs the Australian Privacy Foundation - appeared before the committee in a private capacity.

He called on content service providers to "clarify" terms and conditions of use, including how much personal data could be used by a provider "for their own purposes".

Clarke also said that information on privacy settings - and the extent of user control over them - should be concisely tabled and clearly visible to consumers.

“They [the likes of Facebook and Google] have privacy policy statements but they are difficult to find,” he said.

“Those documents also change over time. In many cases, there is no track [record] kept of what changes occurred when.”

Clarke called for "baselines" for privacy and disclosure to be established, backed by enforcement tools like "regulatory action" and "quick and efficient access to judicial warrants", which could be used to force oversight.

"International corporations that services to Australians must be subject to legal obligations to comply with those judicial warrants," he said.

New code

Clarke's call for the establishment of a privacy "baseline" coincided with the launch of a new self-regulatory code by major social media corporations regarding the tracking of user data for targeted advertising purposes.

Google, Yahoo!7 and NineMSN were among those to sign up to the code, which permitted users to “opt-out” from receiving certain advertisements.

Facebook was conspicuously absent from the list signatories.

However, Clarke dismissed the code as “another piece of industry self regulation being rushed out the door, literally today, in order to cover up some of the holes that have been found by the public, in existing self-regulatory arrangements.”

He said it should not stop Australia's Parliament from drawing a “line in the sand” to set minimum conditions on privacy terms in user contracts.

Data "transfer"

Representatives from Facebook, NineMSN, Microsoft and Yahoo!7 rejected suggestions that they onsold user data to third parties, saying such practices would undermine user trust and confidence.

However, confidence varied among corporate representatives.

“I’m not aware that we just sell it without having a business case for Microsoft,” Microsoft Australia’s chief security officer Stuart Strathdee told the committee, before seeking to take the question on notice.

Clarke chided the Committee for asking only whether the corporations “onsold” their data.

“We should talk about 'transfer under any circumstances'. It can be trading, gifting, exchange  - there are many uses of 'weasel words' by organisations that are trying to avoid telling the truth,” he said.

He warned that corporation lawyers could draft terms of use so “you consent to everything they might want to do.”

“[By using the service], you are deemed to have read the terms and have knowledge of them as well."

While legally user knowledge and consent may have occured, Clarke argued most users would not realise the extent to which they may have allowed content providers to re-use their data.