Despite the Swiss Data Protection Act or GDPR, few of us know how our personal data is used by companies who collect and store our personal data. Most of us wish the terms and conditions (T&C) and privacy policies of companies processing our data was easier to understand.
The lack of effective standardization makes data protection clarifications long and complex. Simplifying company’s data requirements using pictograms can create a competitive advantage for Swiss companies and strengthen Switzerland’s position as a global hub for digitalization.
When first announced April 2017, the digitalswitzerland Challenge bet, Pictograms and Bot for Terms and Conditions, won “Audience Favourite.” Bet co-Captain, Prof. Dr. Florent Thouvenin, Associate Professor for Information and Communications Law, University of Zurich, recalled that moment for me during a recent phone interview. “We were the ones that won the public bet …everybody raised their hands because everybody knows the problem.”
Am I the only one? or do you find it disturbing we can’t do anything without first ticking, ‘I agree,’ to those annoying T&C popups? Does anyone actually take time to read them? Guessing a law professor might, I asked Florent, ‘what were the last T&C you remember reading?’ He confessed, “I analyze T&C for my work, but as a consumer – never. I am definitely one of the people who never read that stuff.”
Soon after speaking with Florent, I joined some students having lunch at START Summit 2019 in St. Gallen. Between bites of cafeteria curry and rice, I asked the next generation of innovation leaders if they ever read an app’s T&C before downloading or using it?
20-something Florian Huber, from the Technical University of Munich, spoke up, “If I know a company is big enough, that other people also use their service, I just assume that people have read it.” Questioning his rational, I asked ‘how does that feel?’ His face registered a resigned irritation with the subject before answering “I’ve become quite numb. I check the box like 95% of other people. It’s a matter of how much is this service worth and how much is your data worth to you. There’s definitely an imbalance with regards to that for me.”
The majority of Swiss companies sell or provide services and have their own online T&C check boxes we love to revile. In their defence, Florent doesn’t believe companies are intentionally making it difficult for consumers. “As somebody doing scientific work on the issue, I have a close look every now and then. And every time I’m disappointed because you don’t really get the information that you need. It’s not precise enough, and for good reason, if it’s too precise, it’s technical and people will not understand. I think companies are faced with a tricky situation, finding the right level of information is extremely difficult.”
The Challenge legal roundtable, which Florent co-Captains with Dr. Michael Tschudin, Senior Associate, Wenger & Vieli AG, attracted some of the best legal minds employed by Swiss blue chips including Swisscom, SBB, Julius Bär, NZZ, Schindler, ZKB, Migros and Credit Suisse. In spite of their bet partners’ combined firepower, at the time I interviewed Michael and Florent for this story, the obstacles they’ve been battling for twenty-three months were close to winning.
Michael offered a status update by phone the last Monday of March, “The most difficult thing in this process is to be able to put the written (T&C) content into the icons. Especially when dealing with abstract concepts like using personal data in order to fulfil the contract – but not to market other stuff you have not asked for.”
Without getting too deep in the weeds, let’s look at an example of a company using people’s personal data for: “marketing other stuff you have not asked for.” During CEO Mark Zuckerberg’s multi-day USA congressional testimony last year, an interesting revelation was that Facebook collects data from people online even if they don’t have a Facebook account. Even more interesting: there’s no way to avoid it.
How it works: Facebook’s (which includes Instagram and Messenger among their other products) Data Use Policy states the company can place tracking codes (cookies) in your browser to monitor your Internet activity. Many sites use cookies, but Facebook is noteworthy. When people navigate around the internet, sites that use Facebook’s advertising pixel or other social APIs linking back to Facebook (e.g. the “Like” button), send data about those site visits back to the social media colossus. FB collects that data on everyone who visits these sites, whether they’re a registered Facebook user or not.
Regardless if a company’s T&C qualifies for a skull and crossbones pictogram, Michael points out that even if it was, “such a pictogram would contain a moral assessment, which should be avoided.”
Recall the bet was intentionally neutral in its ambitions:
“The Legal Roundtable bets that it can establish a Swiss standard for data processing with a company’s data requirements in order to simplify the handling of personal data by means of pictograms …”
“Our initial goal,” Florent said, “was to facilitate the understanding of privacy policies, and make sure that people would invest two or three seconds to have a quick look, and then realize what is going on with their personal data.”
Curious to learn what motivated his personal interest for championing this bet, the professor explained, “What I’m usually doing is writing scientific papers, giving talks, attending conferences – that’s all very interesting, but it often does not change the life of individuals involved. Whereas this project could have a direct impact on everybody in Switzerland. That’s the motivation.”
Can the legal Roundtable pull off the near impossible and show enough progress to convince the Challenge jury on Demo Day 2019? Michael was pessimistic when we last spoke, “I don’t think we will be ready (April 15th) because we’re still in the act of editing the icons. After that, our aim is to standardize and to motivate companies to use them.”
Since it took the legal roundtable a year longer than anticipated to gain agreement among their own bet partners of like-minded lawyers, I expressed my doubts for rapid corporate adoption. Michael countered by explaining their bet collaborators, “don’t really have a say on budget issues – which was important in relation to graphic design support –, but on the other hand, they do have a say on content issues when it comes to legal questions.” It’s not a stretch to follow this councillor’s logic. Michael bases his early adopter predictions on reputation concerns – maybe the most persuasive argument a corporate lawyer can make to his or her employer.
“What the icons can deliver is a higher level of transparency,” Michael continued. “The upside for companies is if you have more transparency you have more reputation upside and the consent of consumers is worth more. Because informed consent (using pictograms) is worth more than the consent to general terms and conditions, which everybody knows are not read by consumers.”
What’s at stake if this audience darling fails to complete its bet? I asked Florent if he recalls any negative consequences for people not reading the T&C before clicking “yes.” He answered, “The most important thing is that they would not know what is going on with their personal data. Some people are afraid because they don’t know, which is a fair point. Transparency is a major issue, and it’s not there, so that’s a problem.”
His answer helps explain but not excuse the new ethics of our digital reality. There’s even a new term for it: privacy paradox, is used to describe the inconsistency between our concern about privacy vs. our actual online behaviour. The bottom line is with no clear understanding what we are signing away when we click “Agree” on sign-up pages, fear and uncertainty will grow, inhibiting digitalization’s social acceptance and having a chilling effect on innovative solutions.
While writing this bet story, including the unfortunate but honest conclusion this bet was out of contention for the 2019 challenge, a message arrived while I was viewing the Ruth Bader Ginsberg biography film, “On the Basis of Sex.” Fortuitous for everyone, Daniel Ginter, Senior Director digitalswitzerland, notified me the legal round table team had overcome “icon design impasse” and will be ready to showcase its bet to the world April 15that Kraftwerk in Zurich – this event is open to the public.
