Ethical Risks in Terms of Service and Privacy Policies of Mobile Apps
Bar Fargon Mizrahi - BIU Law Data Lab, Bar-Ilan University
My recent Article, “Ethical Risks in Terms of Service and Privacy Policies of Mobile Apps” (attached below) introduces a novel conceptual framework and comprehensive typology for analyzing ethical risks in ToS and PPA of mobile apps. The proposed typology is the first to integrate ethical risks stemming from both ToS and PPA into a single coherent framework. The typology takes into account a variety of rights and addresses the level of rights violations and various practices. In addition, the Article examines the scope of protection against the identified ethical risks that is awarded by landmark laws in the area of digital privacy and consumer protection: The General Data Protection Regulation (GDPR), the Consumer Rights Directive of the European Union, the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).
The typology, and the broad legal framework that it encompasses, can be effectively applied across a multitude of fields and for a variety of purposes. First and foremost, the typology is intended to improve the accessibility and comprehensibility of ethical risks in ToS and PPA and can, therefore, be used to educate users and help them make informed decisions regarding the apps they choose to use and the manner in which they use them. The findings of this research may also help mobile app providers draft more ethical ToS and PPA. Furthermore, the findings may prompt privacy protection and consumer protection regulators to broaden the scope of their regulation and enforcement activities and to reconsider the regulatory requirements in this domain (thus mitigating the identified ethical risks to users). Moreover, the typology will form a baseline for empirical studies that address user perceptions of ethical risks, as well as for studies that seek to analyze the contents of PPA and ToS. Specifically, it can serve as the basis for the work of computer scientists who develop automated tools to identify ethical risks in apps.
The Article includes four parts: Part I explains the terms ToS and PPA and raises the question of whether they are the right tools to protect user rights, in particular their right to autonomy. Part II reviews the concept of ethical risks in mobile apps and divides the different risks into three categories: (1) ethical risks arising from the content of ToS and PPA; (2) ethical risks that stem from users’ lack of informed decision-making regarding ToS and PPA; and (3) ethical risks external to ToS and PPA. Part III explores and explicates the first category of risks: presenting a typology of ethical risks arising from the content of ToS and PPA and how these risks violate user autonomy. Additionally, it examines how the four key laws in the area of digital privacy and consumer protection protect (or fail to protect) against the ethical risks identified in the typology. Part IV discusses the typology’s potential applications.