There’s a reason that nobody reads the little terms of service tabs tucked away at the bottom of any website: They’re too long, too full of jargon, and too impenetrable for anyone without a law degree to bother trying to understand.
Now, a bipartisan trio of lawmakers wants to change that. U.S. Rep. Lori Trahan (D-MA), along with U.S. Sens. Bill Cassidy (R-LA) and Ben Ray Luján (D-NM) announced a new bill on Thursday that, if passed, would mandate that major businesses create a simple and skimmable summary of their ToS pages designed to be read by regular people instead of entire legal teams. They’re calling it the “Terms-of-service Labeling, Design, and Readability Act”—or the TLDR Act, for short (yes, really).
Specifically, TLDR would require these summaries to outline the type of consumer data being collected on a given site and details about whether that data is actually necessary to collect in the first place. Companies will also be asked to draw out a graphic diagram to show how their data is being shared with specific third parties, and any legal liabilities for the person using the site. On top of all that, the sites will be required to let users know how they can delete their personal data being collected by the site and give instructions on how to do so. Companies will also have to list any reported data breaches that the site has experienced over the past three years, and publish nd a brief overview of any recent changes to the ToS.
Basically, this proposed short and simple version of a site’s ToS might not be as long as the indecipherable legalese you’d need to read through now, but don’t expect it to be short.
In order to enforce this mandate, companies would also be required to write these not-so-short summaries in machine readable text, so that “advocates and browser extension developers” (and presumably anyone else) could analyze differences between different companies’ terms at scale. And if a site is caught pulling something sneaky with its summary, the bill gives permission to the Federal Trade Commission to issue fines under its current “unfair or deceptive acts or practices,” rules. State AGs could also bring their own actions “on behalf of at least 1,000 affected residents in their state.”
Like most bills, TLDR is something that sounds good in theory but will likely be a complete mess in practice. Website terms of service might be impossible to read, but privacy policies are just as bad, and typically discuss more details about your data and how it’s handled than any ToS. But privacy policies aren’t tackled in this bill, and neither are the different flavors of “anonymous data” that these companies can freely collect, even though that data is usually just as sensitive as something like your address or phone number.
The tl;dr of TLDR: It’s not great! It only tackles a narrow slice of the oodles of data sites collect on you across the web, and gives them plenty of outs to keep on mining that data against your will. And even if this bill does go ahead in Congress—which, let’s be real, it likely won’t—it’s going to butt up against the current patchwork of tech privacy laws that vary state by state. It’s also going to butt up against an FTC that’s already overwhelmed with its current duties and has just lost some of the key technologists that would make this kind of oversight possible.
Thankfully, even if Congress won’t give us the ToS summaries we deserve, there’s already one website that does pretty much everything this bill aims to.