Too Long; Didn’t Read?
The Terms of Service Labeling, Design and Readability (TLDR) Act directs the Federal Trade Commission (FTC) to issue rules requiring companies to include a “short-form” terms of service summary on their website as well as a graphic data flow diagram explaining relevant terms. While the bipartisan bill, introduced by Congresswoman Lori Trahan (D-MA-3) and Senators Bill Cassidy (R-LA) and Ben Ray Luján (D-NM), is arguably aimed at tech companies, the law would apply to any entity that operates a website or an online service for commercial purposes (the TLDR Act does contain a “small business” exemption, however).
The short-form terms of service summary must be easy to understand and include the following:
- A description of the effort required to read the terms of service (i.e., a total word count or the approximate time it would take to read the terms).
- The categories of sensitive information that the company processes (sensitive information includes health information, biometric information, precise geolocation, Social Security number, content of communications, audio and video recordings, financial information, online browsing history, and information concerning an individual’s race, color, religion, national origin, age or disability).
- An explanation of what sensitive information is required for the basic functioning of the service and what sensitive information is needed for any additional features (or future development).
- Directions for how the user can delete their sensitive information or prevent the company from using their sensitive information (if the company already provides the ability to delete data).
- A summary of legal liabilities and rights (including mandatory arbitration, class action waivers, licensing or waivers of moral rights).
- A list of reported data breaches from the past three years.
- Historical versions of terms of service and changes.
- Anything else the FTC deems “necessary.”
The TLDR Act also requires companies to display their full terms of service in some kind of interactive data format. Terms must appear on a permanent website page, with the summary statement at the top of that page.
A violation of the TLDR Act will be treated as an unfair or deceptive act or practice under Section 18(a)(1)(B) of the FTC Act. State attorneys general will also be able to pursue civil penalties.
With bipartisan support, it’s possible that the TLDR Act could benefit from the momentum we’re seeing on the Hill to rein in Big Tech, but it remains to be seen whether the act will have the votes to pass the House or the Senate. The TLDR Act is just one of several attempts aimed at improving the readability of terms of service, and whether or not this bill passes, it is a reminder that regulators remain focused on making online terms more accessible to consumers. While companies don’t need to take immediate action in response to this bill, it may be worth considering the readability of your online terms of service the next time you review or update them.
-
Chief Privacy & Security Partner; Chair, Privacy, Security & Data Innovations