Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Review Draft of 6 December 2010
© Xamax Consultancy Pty Ltd, 2010
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/EC/LinkedIn-1012.html
When compared against a consumer protection checklist and a privacy statement template, LinkedIn's Terms of Service and Privacy Policy are shown to be seriously wanting.
The business models underlying social networking services (SNS) are dependent on the provision of content by users, the compellingness of that content, and the capacity of the SNS operator to leverage off that content. It has therefore been in the interests of SNS operators to at least encourage and generally to enveigle users into providing content of interest to other users, and to maximise the discoverability and accessibility of that content. The terms of service and privacy policies applied to SNS are devised by SNS operators to serve those needs.
In the very early days of SNS, the author undertook an assessment of Plaxo (Clarke 2004). The market has diversified, adoption rates have grown, different services have achieved successes in different national contexts (see, for example, the Wikipedia entry), and the services have become more sophisticated and more closely inter-linked with the advertising market. Recently, a great deal has been published about the misbehaviour of leading players. Summaries of the issues are in Clarke (2010) re Facebook, and re Google's second attempt, Google Buzz (which follows its not-very-successful Orkut service).
LinkedIn stands a little apart from other SNS. Since its inception in 2003, it has been projected as a professional networking service. This paper reports on assessments of LinkedIn's Terms of Service and Privacy Policy, which were conducted in December 2010. The paper commences with a brief description of the research method adopted. The following section introduces and applies a Checklist of consumer interests. A Privacy Statement Template is then used as a basis for evaluating the company's Privacy Policy. Greater detail on particular aspects is provided in Appendices.
The company's Terms and Privacy Policy were downloaded. These comprise:
Firefox 3.0.18 was unable to reliably render the documents in PDF, and copies were extracted using Safari 4.0.4.
A preliminary analysis was undertaken on 4-5 December 2010, by reading through the documents and identifying aspects that appeared to raise consumer rights or privacy issues. This activity was based on the author's 20 years of work in the eBusiness strategy and policy. Previous assessments have been published in Clarke (2005c, 2006 and 2008). Edited versions of the notes arising from that analysis are in Appendix 1 (Terms) and Appendix 2 (Privacy).
A second analysis was then undertaken, evaluating the two documents against a checklist of consumer interests and a privacy statement template. Details of the two reference-points are provided in the sections below. No testing has been performed of the details of particular functions performed by LinkedIn or of the veracity of claims in the two documents.
Conclusions were drawn, and this review draft was provided to LinkedIn for comment. [The paper was also exposed to colleagues who work in related areas, and to electronic communities comprising individuals with an interest in Internet policy and consumer matters and/or privacy. The draft was revised to reflect feedback received.]
This section describes a checklist of consumers' interests, and then reports on an evaluation of LinkedIn's Terms against it.
There is remarkably little in the way of a authoritative checklists of what consumers need in Terms of Service for online services. Clarke (2006) identified several partial sources, in particular OECD (2000) and UN (2003), and proposed a checklist. This was further enhanced in Clarke (2008), and discussed in Svantesson & Clarke (2010).
The Checklist is comprehensive, covering such aspects of the marketer-consumer relationship as information about the merchant, the process and the terms, the fairness of those terms, consent, privacy protections, recourse and redress. It is only a list, however, and does not, at this stage, include prescriptive statements about what consumers need. They therefore need to be interpolated, based on other sources and expertise.
Based on the 2008 version of the Checklist and LinkedIn's 2010 Terms, many aspects of consumers' needs appear to be reasonably addressed. There are, however, many other aspects that are not appropriately handled.
In the Information cluster, the accessibility of the terms is unsatisfactory, because prior versions are not available. On the other hand, if the company's assertion of the power to change contracts at will is accepted by courts (or never litigated), then old Terms become null and void as soon as the company makes a change.
Some of the Terms of Contract are not reasonable. Of particular concern are Terms 4A, 5 and 6, which deny any responsibility to actually provide the service, to provide it reliably, and to sustain all data stored on it. A further concern is the inconvenience for a great many subscribers of the jurisdiction of California, set by Term 8, irrespective of the location of the subscriber - even though for more than half of LinkedIn's subscribers, their contract is actually with a company in Ireland. Term 2I purports to impose unseen 'clickwrap' Terms in relation to the use of downloadable applications.
Terms 7A and 7B purport to provide the company with excessive powers to "restrict, suspend or terminate" accounts. Terms 10B1 and 10B28b set ambiguous thresholds in relation to "inappropriate, inaccurate, or objectionable content", and purport to provide the company with very substantial powers in relation to that content.
Term 9E purports to grant the company "the right to modify, supplement or replace the terms of the Agreement", i.e. to change the Terms unilaterally and without notice. Term 9G purports to deny a subscriber the right to any form of injunctive relief. Term 10B19 unreasonably prohibits a subscriber from taking what may be entirely justifiable actions to "Remove, cover or otherwise obscure any form of advertisement included on LinkedIn".
In relation to Security, aspects relating to the storage and transmission of data are reasonably clearly explained, and in general it appears that aspects that are under the company's control may be adequately addressed. However, Term 2F implies that if credit card details have been provided by the subscriber, then full rather than partial details are retained (e.g. all except the last four digits of the card-number).
Personal safety is unreasonably compromised, however. Identity protection is one area of concern. Term 2C(4) requires subscribers to "only maintain one LinkedIn account at any given time", despite the fact that many people use more than one identity. For literary authors and artists this may be merely a convenience, but for undercover operatives, and for political journalists in dangerous countries, it may be crucial to personal safety.
The situation is somewhat confused by Term 10B5, which says "[Don't] Create a user profile for anyone other than a natural person". A nom de plume is a partial profile, relating to one particular identity or persona of a natural person. (This kind of confusion is symptomatic of the failure of corporations and government agencies to appreciate that entities and identities are different notions). Term 10B26 says "[Don't] create a false identity on LinkedIn", without providing any guidance as to what the notion of 'false identity' means. Term 10B28a purports to ban the use of pseudonyms.
Personal control of location information is another factor crucial for some kinds of people, at least some of the time. Yet Term 2I forces subscribers to disclose their physical location, as a condition of service, and without an effective consent or even an opt-out facility, even if location is irrelevant to the transaction. Term 10B28h goes further and purports to preclude a person from protecting their net-location, and in some circumstances perhaps their physical location.
Particularly in view of these Terms, it is unconscionable for Term 5 to purport to deny "ALL LIABILITY FOR IDENTITY THEFT OR ANY OTHER MISUSE OF YOUR IDENTITY OR INFORMATION" (capitalised in the original).
As regards Choice, little is available because LinkedIn's Terms are non-negotiable conditions of service. The company's Privacy Policy states that there is a range of Settings relating to privacy, but these are not visible until after a subscriber has signed up.
As regards Consent, the Terms assert that the subscriber is granting consent, despite the fact that the Terms are all non-negotiable. This does not satisfy the requirements of informed and freely-given consent (Clarke 2002). Similarly, Term 9E purports to render consent irrelevant to modifications of the Terms of Service.
Recourse is severely limited. Although processes are declared in relation to complaints about copyright and content, no general enquiry and complaints process is provided in relation to such matters as service quality and terms of service. Nor is any external complaints process offered, nor any indication as to which regulators have responsibilities and powers in relation to the company's operations. Such information may be available to subscribers after they have logged in, but no information is available to people considering whether to become subscribers. Term 9G purports to deny a subscriber the right to any form of injunctive relief.
In relation to the final section of the Checklist, Redress, LinkedIn also serves subscribers very poorly. Terms 4A, 5 and 6 go as far as to purport to deny any rights to restitution, irrespective of the nature and gravity of the loss and of the extent of the company's responsibility for the harm occurring. No indication is provided of relevant laws, nor any way to initiate queries and complaints, nor any paths for seeking redress from any authority.
The 2008 version of the Checklist is deficient in not providing a separate heading for Copyright. Term 2B grants the company the kind of copyright licence over the subscriber's data that essentially negates the subscriber's nominal ownership of it. Anything that a subscriber puts on the site becomes available to LinkedIn with almost the same powers as if they owned it. This appears to include not only published Profile data, but also Registration data and 'Private' data. In relation to its own content, LinkedIn is over-zealous in its endeavours to protect its interests. Term 3 purports to grant a right to access, and to deny the rights to 'screeen-scrape' and to 'deep link'. None of those rights exists under copyright law.
This section provides background information about a particular Privacy Statement Template, and then reports on an evaluation of LinkedIn's Privacy Policy against it.
It has become common for operators of web-sites to explain their practices in relation to the personal data that they gather about consumers. A review of the origins and nature of such Privacy Policy Statements (PPS), and of research relating to their usage, is provided in Clarke (2011). Various names are applied to PPS. In LinkedIn's case the term used is 'Privacy Policy'.
Limited guidance is available in the literature as to what constitutes an appropriate form for a PPS Clarke (2011). Based on the author's 30 years of professional, consultancy and research activity in the area, including consideration of the various guides to and exemplars of PPS published by government agencies and industry associations, a Privacy Statement Template was published in Clarke (2005a, 2005b).
During the first 5 years following its publication, the Template has accumulated over 20,000 downloads. It has been used by many organisations in preparing their own PPS. Its primary benefit, however, is as a standard against which corporate PPS can be compared. The Template stipulates requirements in the areas of data collection, data security, data use, data disclosure, data retention and destruction, access by data subjects to personal data, information about data handling practices, the handling of enquiries, general concerns and complaints, enforcement, and changes to privacy undertakings.
The evaluation in this section is based on the 2005 PPS Template and LinkedIn's 2010 Privacy Policy.
A number of aspects of LinkedIn's PPS approach best practice, such as the clear explanations of the nature and purpose of the service (Introduction), of cookie-usage (1F), and of log data (1H). A number of the features of the service are also privacy-positive, such as the opt-out facilities for web beacons (1G) and promotional communications (2B), the repeated mentions of and links to Settings, the statement that users are provided with "granular control over the information they share" (3B), and the memorialisation provisions (3D).
However, a number of aspects give rise to concerns, some of them very serious.
As regards Data Collection, no statement appears to be made about the collection of subscriber data from other sources. A considerable amount of data about each subscriber comes into LinkedIn's possession from other subscribers, and some may come from other sources such as credit bureaux. If the Privacy Policy is as seriously deficient in this regard as it appears to be, it requires correction.
Term 1, which links with 1A and 1B, refers to "certain information", but at no stage is it made clear which data-items the Terms refer to. This lack of clarity needs to be overcome in order to deliver 'certainty' to subscribers.
In relation to Data Security, Term 5B stipulates as a condition of service that the data will be stored in the USA, irrespective of the subscriber's location. For many of the more than 50% non-American subscribers, the USA has lower-grade data protection and more highly intrusive government powers than is the case in their own jurisdiction.
Although a statement is made about technical security measures, and about control over the behaviour of contractors, no undertakings whatsoever appear to be provided in relation to the behaviour of staff, and controls over that behaviour.
The term Data Use refers to LinkedIn's use of personal data that it has access to. Profile data is made available by subscribers to other subscribers. Private data is stored on the system by each subscriber for their own purposes alone. Yet Terms 1B and 1C provide the company with considerable latitude to put both Profile and Private data to any purpose it chooses, including for serving advertisements and for increasing networking. Term 3B also defaults to allow use of personal data by LinkedIn for polls and surveys.
The term Data Disclosure encompasses all forms of access to personal data by parties other than the subscriber and LinkedIn. LinkedIn's policies fall a long way short of an acceptable standard.
On the one hand, Term 2E states that "we do not ... provide your personally identifiable information to third parties for marketing purposes". On the other hand, Term 2F declares that "permission to access certain account information may be automatically granted [to a large number of LinkedIn Partners and Platform Developers] to provide combined services or functionality". This access is "automatically granted", i.e. a condition of service. There are grounds for concern that this may represent a substantial undermining of what otherwise appeared to be substantial assurances.
Term 2K is unreasonable, in that it purports to permit the disclosure of personal data, without legal authority, merely "to assist government enforcement agencies". Moreover, the provision appears to apply to almost any agency.
Although Term 3B declares that LinkedIn's settings are designed "to provide our users granular control over the information they share", a person who is not (yet) a subscriber cannot see what the options are. Moreover, Term 3B sets a default permission by subscribers to receive third-party advertising.
In addition, no undertaking is given to communicate to the subscriber that an exceptional disclosure has occurred; and no undertaking is given to disclose only such data as is necessary in the particular circumstances.
The Data Retention and Destruction undertakings are also inadequate. Terms 1J, 3A and 3C contain mutual inconsistencies. It is feasible that they could permit retention for a long period, or even indefinitely, and it is unclear what the complete set of purposes is that could be used to justify retention. As noted earlier, full credit-card details appear to be retained, which creates the risk of financial fraud.
It is a fundamental of data protection that Access and Correction Rights must exist. It would appear that the subscriber has access to data that they themselves create and the ability to maintain it. However, it is not clear that subscribers have the necessary access and correction rights in relation to:
Correction rights include the ability to delete data. But Term 1J suggests that data deletion is not under the subscriber's direct control, and, further, that a response to a request can take as long as 30 days, and even then the data may not be deleted.
As regards Information about Data-Handling Practices, a moderate amount about the company's processes is provided, together with an email-address for "questions or comments".
That address provides a starting-point for the Handling of Enquiries, General Concerns and Complaints. However, very little information is available about the processes involved. Term 5B states that "If you do not receive acknowledgment of your inquiry or it is not satisfactorily addressed, you may raise your complaint with TRUSTe". However, TRUSTe is merely the operator of a meta-brand (Clarke 2001), and the actions that the organisation takes have commonly had more to do with protection of its own brand than with protection of consumers.
In relation to Enforcement, there is, admittedly, no effective regulator in the USA. However, the Federal Trade Commission should be at least mentioned, and it is highly unsatisfactory that no mention is made of the large number of data protection commissioners in many countries throughout the world that have powers, particularly in relation to complaint investigation.
The approach to Changes to the Privacy Undertakings is seriously inappropriate. LinkedIn has no obligation to sustain the Privacy Policy if the business is sold, or when something occurs that can be argued to fit within the vague term 'reorganisation'. The company asserts the right to make whatever changes to the Privacy Policy it sees fit, unilaterally, without prior notice, without effective contemporaneous notice, and without modification to the published Privacy Policy. The Privacy Policy cannot be relied upon as presenting LinkedIn's undertakings, because notices may also exist elsewhere on the company's website. LinkedIn applies all changes it makes retrospectively, such that any undertaking it has provided can be reneged on. Moreover, any change the company makes purports to be automatically consented to by every LinkedIn subscriber.
In short, all of the good features of the document are completely undermined by the malleability of the undertakings, at the company's sole discretion, without notice, and with what amounts to retrospective effect.
LinkedIn is targeted at professionals. It would be reasonable to expect that LinkedIn's users would be generally better-informed than users of other SNS, would have higher expectations about the reasonableness of the terms of service, would be more capable of registering their disapproval, and would expect professional responses from their service-provider. Yet LinkedIn's Terms include a significant number of provisions that are unreasonable and even unconscionable. The deficiencies are so serious that some categories of individuals should currently avoid any association with LinkedIn.
It is unclear what proxy the corporation used for its users when it devised the Terms. Focus groups would be one way to gather insights into the expectations and concerns of targeted market-segments. Discussions with representative and advocacy groups would be another approach to gaining information. A further possibility is a third-party evaluation conducted by a consultancy with appropriate expertise.
SNS may be finally growing beyond fashion-accessories and becoming part of the fabric of the society - and particularly in LinkedIn's case, of the economy. During 2010, consumers have shown a heightened level of concern about the policies and practices of Facebook and Google. LinkedIn is also highly-exposed, by virtue of its size and the relative sophistication of its user-base. It would appear to be highly advisable that the company take much greater care in relation to the consumer-friendliness and privacy-protectiveness of its policies and practices.
This Appendix contains the results of the preliminary analysis of LinkedIn's Terms of Service, undertaken on 4 December 2010.
Term 2B grants the company the kind of copyright licence over the subscriber's data that essentially negates the subscriber's nominal ownership of it. Once you've put anything on the site, that's the end of your control over it.
The licence is provided to LinkedIn in respect of "any information you provide, directly or indirectly to LinkedIn, including but not limited to any user generated content, ideas, concepts, techniques or data to the services, you submit to LinkedIn".
For bland profile data, this may not be much of an issue. But subscribers are at risk of being sucked into publishing more than just profile data.
When a subscriber posts useful information (e.g. an answer to a request for advice) in a manner visible to every other subscriber, it may be reasonable to infer an open content licence (for everyone, not just LinkedIn). But a one-to-one message, even if it were accompanied by an express or implied copyright notice or confidentiality constraint (e.g. "just between you and me"), would arguably be open for exploitation by LinkedIn.
Term 2C(4) requires subscribers to "only maintain one LinkedIn account at any given time". But many people use more than one identity. Typical examples include literary authors and artists, but political journalists in dangerous countries, and undercover operatives may also be dependent on maintaining separation between their personas.
This is somewhat confused by Term 10B5, which says "[Don't] Create a user profile for anyone other than a natural person". A nom de plume is a partial profile, relating to one particular identity or persona of a natural person. (The confusion arises from the all-too-common failure to appreciate that 'identity' and 'entity' are different notions).
Term 10B26 says "[Don't] create a false identity on LinkedIn", without providing any guidance as to what the notion of 'false identity' means. Term 10B28a purports to ban the use of pseudonyms.
Term 2F implies that full credit card details are retained (if they are provided by the subscriber), rather than partial credit card details, e.g. all except the last four digits of the card-number.
Term 2I declares that "If you use the Services through a mobile device, you agree that information ... may be communicated to us, including ... your physical location". Hence, as a condition of service, subscribers are required to disclose their physical location, even if this is irrelevant to the transaction.
Term 2I purports to force subscribers to accept unseen Terms for the use of downloadable applications ("by using any downloadable application to enable your use of the Services, you are explicitly confirming your acceptance of the terms ...", emphasis added).
Term 2K declares that "You acknowledge that your submission of any information, statements, data, and content to us is voluntary on your part". This is not logical, because some data is obligatory, as a condition of registration.
Term 3 purports to "grant ... a ... right to access". No such right exists under copyright law.
Term 3 purports to deny a right to 'scrape', which is presumably intended to refer to 'screen-scraping'. It is unclear whether such a right exists under copyright law. It is in any case counter-productive, since it would preclude a subscriber sending a screen-image as part of an incident report. Term 10B11 repeats the purported prohibition against scraping.
The problem is compounded by Term 10B6, which says "[Don't, on pain of termination] Utilize information, content or any data you view on and/or obtain from LinkedIn to provide any service that is competitive, in LinkedIn's sole discretion, with LinkedIn". The 'sole discretion' term is unconscionable.
A further unreasonable provision is Term 10B10, which prohibits deep-linking. No such right exists under copyright law. It is in any case counter-productive and even unconscionable, because it purports to preclude the inclusion of the URLs for such pages as the Terms of Service and the Privacy Policy.
Terms 4A, 5 and 6 purport to deny any liability to provide the service, to provide it reliably, to sustain data stored on it, etc., and also purport to deny warranties or limit them to a very small sum. Term 4A even lacks a saving phrase along the lines of 'to the extent permitted by law'.
Term 5 purports to deny "ALL LIABILITY FOR IDENTITY THEFT OR ANY OTHER MISUSE OF YOUR IDENTITY OR INFORMATION" (capitalised in the original). Some of that information is provided openly, but some (such as credit card details) is provided to LinkedIn alone. It is unconscionable to attempt to deny liability in such circumstances.
Term 7B purports to empower LinkedIn to "restrict, suspend or terminate the account of any User [for] any ... behavior that LinkedIn, in its sole discretion, deems contrary to its purpose".
Term 7B also purports to empower LinkedIn to have a policy of "terminating accounts of Users who, in LinkedIn's sole discretion, are deemed to be repeat infringers under the United States Copyright Act". The terms 'sole discretion' and 'deemed' represent a far-from-adequate basis for such an action.
Further, the relevance of the US Copyright Act is unclear in the case of subscribers who reside other than in the United States, and whose contract is declared to be with LinkedIn Ireland Limited.
Term 8 purports to determine the jurisdiction as being California, irrespective of the locations of the subscriber and of the company with whom the subcriber has a contract, and to do so irrespective of law.
Term 9E purports to grant LinkedIn "the right to modify, supplement or replace the terms of the Agreement", i.e. to change the Terms unilaterally and without notice.
Term 9G purports to deny a subscriber the right to any form of injunctive relief, and is not qualified by any saving phrase along the lines of 'to the extent permitted by law'.
Term 10B1 imposes as a condition of service an obligation not to post "inappropriate, inaccurate, or objectionable content". Those terms are undefined and highly ambiguous, and could be interpreted as a very low threshold. For example, comments made in this analysis of LinkedIn's Terms could be argued (or, given the nature of other Terms, merely asserted or deemed) to be any and all of "inappropriate, inaccurate, or objectionable content". Similarly, Term 10B28b purports to ban "otherwise objectionable" content.
Term 10B4 says "[Don't] Include information in your profile or elsewhere, except in designated fields, that reveals your identity or sensitive personal information such as an email address, phone number or address or is confidential in nature". Presumably this is meant to be qualified by 'unless you intend to disclose it'. But 10B4 is expressed as a condition of access that has to be 'strictly observed', and hence grounds for the draconian suspension and termination Term.
Term 10B28c prohibits "any personally identifiable information for which there is not a field provided by LinkedIn". Cultural variants are profuse (e.g. saints' names and their equivalents in religions other than Christianity, star-signs and other birth-signs). Breach (at LinkedIn's discretion) is asserted to be grounds for unilateral and unappealable termination.
Term 10B17 purports to prohibit "unsolicited communications to other Users", on pain of termination. This appears to be a rather silly Term for a networking site. Term 10B20 contains a more reasonable provision.
Term 10B19 purports to prohibit a subscriber from taking an action to "Remove, cover or otherwise obscure any form of advertisement included on LinkedIn". It is unconscionable to preclude such actions as:
Terms 10B21 and 22 purport to prohibit the use and sharing of personal data "obtained from LinkedIn except as expressly permitted in this Agreement or as the owner of such information may expressly permit". The context of a networking service that publishes individuals' creates circumstances in which consent is implied, and does not have to be express, particularly in an Agreement between the accessor and LinkedIn.
Term 10B24 says "[Don't] Invite people you do not know to join your network". This appears to be impracticable in a professional networking service - unless the concept of 'know' has been substantially redefined.
Term 10B28h prohibits content that "Forges headers or otherwise manipulate identifiers in order to disguise the origin of any communication transmitted through the Service". This nominally precludes a person from protecting their net-location, and in some circumstances perhaps even their physical location. This threatens personal safety and has implications for executives in locations that would tend to disclose their activities at the time (such as negotiations with a takeover prospect).
This Appendix contains the results of the preliminary analysis of LinkedIn's Privacy Policy, undertaken on 5 December 2010.
In the Introduction, "We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page. By continuing to use the LinkedIn service after notice of changes has been sent to you or published on the LinkedIn website, you are consenting to the changes" (emphasis added).
In 2L, "We may also disclose [all personal data] as part of a reorganization or a sale of the assets of LinkedIn Corporation, a subsidiary or division. Any third party to which LinkedIn transfers or sells LinkedIn's assets will have the right to continue to use the personal and other information that you provide to us".
In 5C, "We may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way we treat your personally identifiable information, or in the Privacy Policy document itself, we will display a notice on the LinkedIn website or send you an email, as provided for above. Unless stated otherwise, our current Privacy Policy applies to all information that LinkedIn has about you and your account. Using the LinkedIn Services after a notice of changes has been sent to you or published on our site shall constitute consent to the changed terms or practices" (emphasis added).
The combination of these provisions gives rise to the following issues:
In 1, it says "you voluntarily and willingly provide us certain information, including personally identifiable information, which we collect in order to provide the Services. If you have any hesitation about providing information to us and/or having your information displayed on the LinkedIn website or otherwise used in any manner permitted in this Privacy Policy and the User Agreement, you should not become a member of the LinkedIn community".
From 1A, it is clear that the "certain" personal data includes "name, email address, country, and password", none of which is in itself problematical. From 1B, there is reference to "information [that] is minimally required at registration", from which might be inferred that the short list in 1A is all that is mandatory. It remains unclear, however, whether there are any other items of "certain" personal data whose provision is a condition of participation.
The personal data could be thought of as being for the purposes of oneself and other users. However, in 1B, "Any information you provide at registration or in the Profile section may be used by LinkedIn as described in the User Agreement and this Privacy Policy, including for the purpose of serving advertisements through the service".
It appears that there are four categories of personal data:
On the other hand, a quite different set of categories appears on one open but obscure web-page entitled Managing Account Settings.
It might be inferred that only Registration and Profile data are available to LinkedIn for any purpose, including the serving of advertisements. But that is far from clear.
1C says that "All information that you enter or upload about your contacts ... will enable us to provide customized services such as suggesting people to connect with on LinkedIn". It therefore appears that all four categories of personal data are available to LinkedIn for any customised services, including increasing networking.
It might be inferred that LinkedIn will not disclose anything to its subscribers about other subscribers other than the (open) Profile data and the fact that, on the basis of the Registration data, both kinds of Profile data and Private data, LinkedIn imputes a potential for common interests between the parties. But that is far from clear.
In 1C, "You may not invite anyone you do not know and trust to connect with you". It is unclear what "know" and "trust" mean. Given that the purpose of the service is "to connect with others on LinkedIn", the practicality and the enforceability of this provision are both doubtful. The expression might also be inferred to empower LinkedIn to impute some kind of trust relationship between individuals simply on the basis of an invitation being sent.
In 1C, "The names and email addresses of people whom you invite will be used to send your invitations and reminders as well as to allow LinkedIn to help expand your network". This could be read as meaning that you may provide additional contact-details of your own contacts who are not LinkedIn users, and that LinkedIn may keep those additional contact-details. Name and email-address are not in themselves highly sensitive. On the other hand, some SNS encourage subscribers to upload their entire address-books, or to maintain their address-books on the SNS, in which case a great deal more about non-subscribers than name and email-address may be exposed to the SNS operator.
In 1J, "If you update any of your information, we may keep a copy of the information that you originally provided to us in our archives for uses documented in this policy". This is unbounded in time, and vague as to purposes. It could also be inferred to mean that even deleted data may be retained indefinitely, despite the expiry of the purpose for which it was provided.
In 3A, "even after your request for a change is processed, LinkedIn may, for a time, retain residual information about you in its backup and/or archival copies of its database". This is vague as to the retention period, but is much less unreasonable than the apparently conflicting provision in 1J.
In 3C, "we may retain certain data contributed by you if LinkedIn believes it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law. LinkedIn may also retain and use your information if necessary to provide the Services to other Users". This appears to be a reasonable set of relevance criteria for data retention, but it is unclear whether this is the complete set of "uses documented in this policy" referred to in 1J.
In 1J, "You may request deletion of your information at any time by contacting LinkedIn customer service. We will respond to your request within 30 days". It is reasonable to infer that there is no general deletion command available within the service (although the function may be available for individual data items, by means of amending the content to <null>). In all circumstances, if a person has decided to request deletion, they want it done now and not deferred or forgotten. Further, in some circumstances, there may be personal safety concerns arising from the continued availability of the data.
In 2A, "You have the right to withdraw your consent to LinkedIn's collection and processing of your information at any time, in accordance with the terms of this Privacy Policy and the User Agreement, by changing your Settings, or by closing your account". The nature of the Settings, and the defaults, appear not to be visible without login, and no explanation was apparent in the very limited documentation of the service available to non-subscribers. Hence a person who is considering becoming a subscriber cannot see what the options are.
On one occasion, however, by following an obscure trail within the site, a page entitled Managing Account Settings was discovered, which provides some information about those Settings.
In 2F, "permission to access certain account information may be automatically granted [to certain LinkedIn Partners and Platform Developers] to provide the combined services or functionality". The list shows there is a large number of partners.
It is uncertain what the "certain" account information is, because the term 'account information' is not defined, and is not related to the various categories of personal data mentioned at various points in the Privacy Policy and explained in somewhat inconsistent ways. It could be inferred to be only Registration data, which in turn could be inferred to be only "name, email address, country, and password" (although it is to be expected that password will not be available, and arguably should not be available even to LinkedIn). But that is not entirely clear, and the extent of data access could be much wider than that.
This access is "automatically granted", i.e. a condition of service. There is a form of opt-out in the Settings area, but this is acknowledged as being only partially effective.
There are grounds for concern that this may represent a substantial undermining of what otherwise appeared to be significant assurances, in particular "we do not ... provide your personally identifiable information to third parties for marketing purposes. Further, we will only share your personally identifiable information with third parties to carry out your instructions or to provide the Services or information unless compelled by law, or as necessary to enforce our User Agreement or protect the rights, property, or personal safety of LinkedIn, its Users, and the public" (2E).
In 2K, "we may need to disclose personal information, profile information and/or information about your activities as a LinkedIn User ... if LinkedIn has a good faith belief that disclosure is necessary ... to assist government enforcement agencies".
This is unreasonable and excessive. No such disclosures should be made without legal authority. In addition, the term 'government enforcement agencies' is different from 'law enforcement agencies' and could be reasonably inferred to mean any government agency in any jurisdiction. (Exceptions are of course reasonable in rare emergency situations relating to the likely prevention of harm to a person or persons, but these must be subject to ex post facto controls).
In 3B, "LinkedIn accounts are also defaulted to allow Users to be contacted to participate in polls, surveys and partner advertising. Click here to change these settings". The company asserts that the majority of the Settings "are what we believe to be reasonable default settings that we have found most professionals desire"; but this does not appear to apply to these three settings, particularly the last of them (third-party advertising).
In 4, "You must not provide to LinkedIn and/or other Users information that you believe might be injurious or detrimental to your person or to your professional or social status". This is not matched by any requirement relating to 'information that might be injurious or detrimental to other people'.
In 4, "You must not download or otherwise disseminate any information that may be deemed to be injurious, violent, offensive, racist or xenophobic". Firstly, it is unclear whether this is appropriate in a Privacy Policy or is a commercial Term. Secondly, the words "may be deemed to be" set far too low a threshold test. Thirdly, LinkedIn purports to provide itself with uncontrolled power based on that inappropriately low threshold: "Any violation of these guidelines may lead to the restriction, suspension or termination of your account at the sole discretion of LinkedIn" (emphases added).
In 5B (under a non-relevant heading), "by becoming a User, you have given us your express and informed consent to transfer the data that you provide to us to the United States and to process it in the United States".
This is a serious matter for the more than 50% of subscribers who are not resident in the USA, because US data protection law is the weakest in the advanced world, US government agencies have very substantial and in many cases ineffectively controlled data access capabilities, and the US asserts for itself very substantial extra-territorial powers.
Clarke R. (2001) ''Meta-Brands' Privacy Law & Policy Reporter 7, 11 (May 2001), at http://www.rogerclarke.com/DV/MetaBrands.html
Clarke R. (2002) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002, at http://www.rogerclarke.com/EC/eConsent.html
Clarke R. (2004) 'Very Black 'Little Black Books' Xamax Consultancy Pty Ltd, February 2004, , at http://www.rogerclarke.com/DV/ContactPITs.html
Clarke R. (2005a) 'Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at http://www.rogerclarke.com/DV/PST.html
Clarke R. (2005b) 'About the Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at http://www.rogerclarke.com/DV/PSTAbt.html
Clarke R. (2005c) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template of 19 December 2005' Xamax Consultancy Pty Ltd, December 2005, at http://www.rogerclarke.com/DV/PST-Google.html
Clarke R. (2006) 'A Major Impediment to B2C Success is .... the Concept 'B2C' Invited Keynote, Proc. ICEC'06, Fredericton NB, Canada, 14-16 August 2006, at http://www.rogerclarke.com/EC/ICEC06.html
Clarke R. (2008) 'B2C Distrust Factors in the Prosumer Era', Invited Keynote, Proc. Collecter IberoAmerica eCommerce Conf., Madrid, June 2008, pp. 1-12, at http://www.rogerclarke.com/EC/Collecter08.html
Clarke R. (2010) 'Vignettes of Corporate Privacy Disasters' Xamax Consultancy Pty Ltd, August 2010, at http://www.rogerclarke.com/DV/PrivCorp-0609.html
Clarke R. (2011) 'The Effectiveness of Privacy Policy Statements ' Chapter in 'Digital Business Security Development: Management Technologies' IGI Global, 2011, Eds. Kerr D., Gammack J. & Bryant K., pp. 84-111, at http://www.rogerclarke.com/EC/PPSE0812.html
OECD (2000) 'Guidelines for Consumer Protection in the Context of Electronic Commerce' Organisation for Economic Cooperation & Development, Paris, March 2000, at http://www.oecdbookshop.org/oecd/get-it.asp?REF=9300023E.PDF&TYPE=browse
Svantesson D. & Clarke R. (2010) 'A Best Practice Model for eConsumer Protection' Computer Law & Security Review 26, 1 (January 2010) 31-37
UN (2003) 'Guidelines for Consumer Protection' United Nations, New York, 2003, at http://www.un.org/esa/sustdev/publications/consumption_en.pdf
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. His focus for the last 20 years has been on strategic and policy aspects of eBusiness, information infrastructure, privacy and dataveillance. He is a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University. He is an Advisory Board Member of Privacy International, and a Board Member of the Australian Privacy Foundation and its Chair 2006-11.
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 4 December 2010 - Last Amended: 6 December 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/LinkedIn-1012.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2024 - Privacy Policy