Privacy made simple: Translating End-User Agreements into Perfect Prose

Carved into four tons of stone, the Code of Hammurabi is one of the earliest legal codes ever written. The code sets forth punishments and fines through almost 300 rules and standards. Surprisingly, at more than 6,000 words, it may be a quicker read than many of today’s end-user license agreements (EULAs) and Terms of Service (ToS), which companies require users to agree to before using their product. 

You would think lawyers are paid by the word to construct these legal tomes, considering the jargon and legalese they manage to pack in. Visual Capitalist has an almost comical side-by-side illustration of just how long some of these Terms of Service can be, some of them taking longer to read than Shakespeare’s Macbeth. While this may help organizations that want to hide shady privacy practices, what about users who care about how their data is used by the businesses they support?

Beyond the length and complexity of the content itself, the timing and format of TOS and EULAs—typically served via pop-up once users have already decided to install the product—encourages them to blow past the fine print and click “I agree” instead of stopping to educate themselves. This behavior is so pervasive, it’s invaded our pop culture, including a rather disturbing episode of South Park. In addition, some EULAs include sections in all capital letters, a throwback to when these contracts were written using a typewriter. Instead of having the intended effect of getting the reader to pay more attention, trying to scan an all-caps paragraph via browser is a visual nightmare.

But again, why should organizations care if most people click through and accept those terms blindly? Setting aside any moral obligations for a second, privacy is becoming more and more important to users in the wake of various abuses of personal data by organizations, such as social media giants, parental monitoring apps, and other online platforms. In early January, WhatsApp made changes to its privacy policy that allowed for more sharing of its users’ data between Facebook-owned apps. Its userbase promptly flocked to Telegram and Signal, driving downloads of those more private messengers into the millions. Organizations such as ProtonMail, DuckDuckGo, and Apple have also baked privacy into their brand identities, framing it as a commodity that gives them a competitive edge.

If establishing trust in your data and privacy policies is of interest, you’ll want to revise your legal documents, such as Terms of Service, EULAs, and your privacy policy to include readable prose. In addition, explaining privacy policies and other legal terms in clear language on portions of your website or even in advertising campaigns can help educate users on their options prior to installing. 

While we recognize January 28th as “Data Privacy Day”, it’s imperative to continually raise awareness throughout the year by transparently communicating how your company handles data. 

Here are four ways to clarify how your organization handles customer data and privacy, which could go a long way in earning trust and establishing a long-lasting relationship with your users:

• Spell it out. There’s a reason for the subreddit, r/explainlikeimfive. It’s a great forum for providing layperson-friendly answers to common questions. Much in the same way, consider sectioning off portions of legal language required for your EULA and TOS contracts and list their plain language “translations” parallel to or below the sections they describe.
• Be transparent. Clearly identify the types of data collected by your organization/product and explain why that data is needed. Highlighting the reasons why your organization needs to collect particular data—for certain functions of the software or for better metrics/performance—helps educate users on which data is critical for product functionality, which is optional, and which should be anonymous or discarded. Describing the why also helps users establish trust in your organization and keeps their confidence high should changes need to be made to the policy in the future.
• Write about it. Use both your company website and blog to outline your organization’s views on privacy to customers earlier in the buyer’s journey—before they are ready to install your product. This way, potential users can spend more time with the content and absorb it in a visually friendly format.
• Promote your position. Beyond what you communicate to customers in your Terms of Service or EULA, look for opportunities to amplify your privacy-positive positioning through advertising and content marketing campaigns, SEO, press, or even through advocacy. 

Ideally, by crafting smart privacy policies that protect users and clearly communicate which data you will use and why, your prospects will have a solid sense of where you stand on privacy long before they install. While your EULAs and ToS may not be much more interesting than reading The Code of Hammurabi, if you manage to make privacy a commodity your customers are willing to pay for, you’ve done the right thing by your users and you’ll profit from it, too. 

For a look at Malwarebytes’ privacy policy, check out our webpage: https://www.malwarebytes.com/privacy/

To read up on our privacy coverage on Malwarebytes Labs, take a look here: https://blog.malwarebytes.com/category/privacy-2/