Social media firms told to simplify terms and conditions

28 November 2014

Social media users may not be fully aware of how their data can be used by websites and apps given the excessive length and complexity of the terms and conditions that companies make users agree to, the Science and Technology Committee has warned. According to the Committee, these contracts are therefore not fit as a mechanism for demonstrating that users have given informed consent for some of the ways companies are now exploiting personal data.

The Committee is calling on the Government to work with the Information Commissioner to develop a set of information standards that websites and apps can sign up to; committing themselves to explain how they use personal data in clear, concise and simple terms.

Science and Technology Committee Chair, Andrew Miller MP:

"Facebook’s experiment with users emotions highlighted serious concerns about the extent to which, ticking the terms and conditions box, can be said to constitute informed consent when it comes to the varied ways data is now being used by many websites and apps. Let’s face it, most people click yes to terms and conditions contracts without reading them, because they are often laughably long and written in the kind of legalese you need a law degree from the USA to understand. Socially responsible companies wouldn’t want to bamboozle their users, of course, so we are sure most social media developers will be happy to sign up to the new guidelines on clear communication and informed consent that we are asking the Government to draw up."

Apps requiring personal data

The Committee also identify a problem with apps requesting information that they do not obviously need to provide their advertised service. Companies should have a greater responsibility to explain their need to require (and retain) personal information. The report recommends that the Government use its work with the Information Economy Council to provide companies with guidelines on responsible data collection.

Andrew Miller MP added:

"A line also needs to be drawn between the information that apps actually need to provide a service and the kind of personal information they often request when registering new users, information that is becoming increasingly valuable in our networked society. I hope that a voluntary system of guidelines can work, because, if not, legislation might be needed."

Kitemark for the responsible use of data

It is vital that companies effectively communicate how they intend to use personal data collected from users of services and if terms and conditions cannot be made easier to understand then this must be explained separately. The report suggests that an internationally recognised Kitemark could be the first step in ensuring the responsible use of UK citizens’ data by social media platforms and other organisations.

Andrew Miller MP concluded:

"Whilst we expect the Government to encouraging others to meet high standards, we also want to see it lead by example. The Government cannot dictate to others, when its own services, like piloted by the NHS, have been found to be less than adequate. The Government must audit all public sector online services and ensure that they provide easy to understand information about their usage of personal data."

Government use of data

The report points out that Government's approach to online safety has been piecemeal and focused on immediate needs with little horizon scanning.

Data use by public organisations has also been inconsistent across the UK. Some good examples exist of administrative services that demonstrate what the UK should be aiming for, such as paying a road fund licence on the DVLA website - an easy-to-use and efficient service. These bring benefits to both service provider and customer, providing a trusted platform for the exchange of data for service. NHS, on the other hand, is an example where this trusted relationship failed to develop.

The Government must learn lessons from this and develop a privacy impact assessment for policies that collect, retain or process personal data. 


The law concerning the rights  of  individuals  in  relation  to  their  data  was  outlined  in  the  EU  Data  Protection  Directive  (95/46/EC)  and  transposed  into  UK  law  through  the  Data  Protection  Act  1998. The Data Protection Act 1998 requires, for instance, that consent must be obtained from individuals before their data can be used for research purposes.  In January 2012, the EU Commission published a draft General Data Protection Regulation  for  updated  data  protection  legislation.

Further information

Image: iStockphoto

More news on: Parliament, government and politics, Crime, civil law, justice and rights, Science and technology, Information technology, Privacy, Parliament, House of Commons news, Commons news, Committee news, Data protection, Internet and cybercrime

Share this page