The Most Read Terms and Services, how age-guessing tool tell us about our uses of personal information

In the last 48 hours, age became a hot topic on Facebook, thanks to Microsoft How-Old.net free age-guessing online tool. It proves age is still a contentious topic, regardless gender, race and obviously age. A marvellous marketing gimmick!

As it always happens, once a story caught fire, a few risk aversive or investigating minds start to dig deeper and uncover an inconvenient truth — the terms of this service authorise Microsoft to use user photos more than just age-guessing. Exactly what are the future uses are unknown!

Working in cloud computing and outsourcing for the last 5 years, it is not unusual to see such user terms and conditions. Most of them are crafted in a way that almost all risks are excluded from the service provider liability. The legal counsels are paid to read all reported and unreported court cases and protect company like Microsoft in this case.

The basic assumptions of data privacy protection is in question here and this case offered a chance to review it.

 Consent from user is enough? 

For How-Old.net, clearly the intention of user uploading the photo is to find out the age and gender. User don’t expect it to tell if you have diabetes or your sexualities (it maybe possible with enough data points !). However,  the service provider terms open to possibility of others uses of the photo, without specifying what it will be. Service providers are giving themselves some elbow room for future innovations. This is actually a typical way how commercial terms response to data privacy legislations.

Most data privacy law requires informed and specific uses of personal data. The rationale is  as long as users consent with the uses of PII, there is NO violation of data privacy law. However, we have seen software or web services terms tries to include extensive scope of uses and sometimes non-restrictive uses. Users are either lured to give consent or just ignore the terms completely. User gives consents rather spontaneously !

 

For those like to read the legal terms , extracted here.

However, by posting, uploading, inputting, providing, or submitting your Submission, you are granting Microsoft, its affiliated companies, and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses (including, without limitation, all Microsoft services), including, without limitation, the license rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate, and reformat your Submission; to publish your name in connection with your Submission; and to sublicense such rights to any supplier of the Website Services.

This entry was posted in Cloud, ISO 27001, Privacy and tagged , , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup www.powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s