Privacy Investigation Launched Into Rogers Yahoo Oath Email

By: Lee Rickwood

May 4, 2018

An investigation has been launched by the Office of the Privacy Commissioner of Canada following complaints about terms of service agreements offered by one of the country’s largest email and online service providers.

Many Rogers Communications customers in Canada who use the Rogers/Yahoo email service were “shocked” to find that personal information and posted content could and would be used for various purposes, from improving service to placing advertisements to signing up new customers, according to corporate email notices they received about changing terms of use.

Privacy Investigation Launched Into Rogers Yahoo Oath Email

Yahoo is now part of U.S. telecom giant Verizon and its Oath communications and digital media arm; Canadian cable and phone giant Rogers is one of several associated companies in the conglomerate’s corporate ecosystem.

Those terms changed as a result of previously announced corporate merger (part of a continuing consolidation trend seen in many industries, not least being the telecom sector): Yahoo is now part of U.S. telecom giant Verizon and its Oath communications and digital media arm; Canadian cable and phone giant Rogers still uses the underlying Yahoo email platform and parts of the technical infrastructure that Yahoo first launched more than a decade ago to deliver a wide range of online services through a long-existing partnership.

The Canadian investigation involves both Rogers and Oath/Yahoo, and statements about terms of use that the Internet and digital media service companies have published (and emailed to customers).

The statements do convey important changes in terms and conditions of use, and many who read carefully found what they felt were apparent violations of personal privacy, like the clause that stipulated a user’s consent to sharing of information about friends and contacts:

By using the services, you agree that you have obtained the consent of your friends and contacts to provide their personal information (for example, their email address or telephone number) to Oath or a third party, as applicable, and that Oath or a third party may use your name to send messages on your behalf to make the services available to your friends and contacts.”

A spokesperson for the Privacy Commissioner’s Office says they reached out to the company for more information, and that the offending clause has now been deemed “unnecessary” and removed from the terms of service.

Privacy Investigation Launched Into Rogers Yahoo Oath Email

An offending clause that has now been deemed ‘unnecessary’ has been removed from terms of service associated with the Rogers/Yahoo email service.

That being said,” Canada’s OPC continued, “we have received complaints related to other aspects of the company’s terms of service agreement and have opened an investigation involving both Rogers and Yahoo/Oath.”

So the investigation continues, but due to the confidentiality provisions in Canada’s federal privacy laws, the OPC could not provide further details about it.

But like Inspector Renault in Casablanca, who famously said he was “shocked” to find gambling was going on in the café (even as he accepted his winnings), the investigators may find that there are many responsible actors in this play, ourselves included.

For example, those who want something for nothing.

Some Rogers email users objected to the company’s stated position that the email service itself was “optional” and so at the very least their customers had a choice of email services.

Did I did just read ‘Rogers email service is optional’? If so, then what service, if any, is Rogers providing?” wrote one user, responding to a Rogers press announcement but apparently forgetting how he or she connected to the Internet in the first place.

As an Internet Service Provider (ISP), companies like Rogers provide connectivity to the Internet as a fee-for-service. Many such companies then offer e-mail as a value-added service for customers (mind you, it has a value add for the service provider, too).

Rogers/Yahoo. Sympatico. Hotmail, you name it. These services are free to registered users. And as the saying goes, if you are not paying, you are the product.

That’s the bargain many of us have struck with the digital age: we get stuff for free, but in return, we are sold. Our lives in the digital age (our posts, our likes, our searches, our shopping habits, our social lives, our music movies friends pets and family members) are very valuable to, well, others.

So one option is to pay for email instead of using a free service. Those who have been doing so for years (and talk about it in the open) get strange looks of disbelief, amazement, even ridicule: “You pay for email? Why? It’s free!”

Well, today’s headlines help explain why.

Seriously, if you pay for email service from an ASP (application service provider), you do not get advertising in the right hand column, suspiciously matching pretty much everything you’ve just written tweeted or posted about. You do not get requests or demands to share your personal data with the provider or its network of third-party partners in return for the free email service you’re getting.

(Hey, in some cases, the ASP actually gives a real local phone number you can use to to speak with a real local person in case of any issue, problem or complaint with the service. In my case, I have the operator’s physical home address, too, so I can “reach out and touch” my ASP operator any time!).

In this recent case involving Rogers/Yahoo and Oath, obviously some careful customers did read the privacy policy and user terms; good on them, but it is not always the case.

In a very unscientific poll, some 40 per cent of Rogers/Yahoo users I spoke to vaguely recalled getting an email from Oath announcing the policy changes, but they deleted it. Others said they started reading, but their eyes started glazing over with all the legalese, and they bailed. Only two in ten said they read all or most of the new policy.

In some ways, that’s understandable. User manuals, terms of use statements and privacy policies are indecipherable to many of us, and it is all too easy to get the free service without really having to read much less understand the policy. Even the new Rogers/Yahoo Oath statement came with a ‘not right now’ button so users could get their email for at least thirty days without having to read the new terms.

Privacy Investigation Launched Into Rogers Yahoo Oath Email

As long and convoluted as some privacy policies may be, they are very important documents and they need to be read and understood by all concerned.

There is a need to simplify privacy policies and make them more accessible and understandable, that’s clear – as clear as it is that these statements are very important to read and comprehend. Our relationship with an email provider may not be “till death do us part”, but it is surely an important one, and judging by some of the reactions to the Oath story, emails are pretty important to us, surely important enough to do some reading and research.

There are even digital tools to help you read a privacy policy, and decide whether its parameters leave you feeling comfortable and secure, or more like you are taking a spin on a fixed roulette wheel.

Yes, another Casablanca reference.

Like, “round up the usual suspects!

People who thought the new Rogers/Yahoo and Oath statements of privacy and usage were unusual can read other such statements and get a similar result.

Surprised at the fact Yahoo had been sold to Verizon (even though it was announced almost a year ago), some users could not accept that policies were changing as a result of a seemingly distant transaction.

But as unlikely as it may seem, a similar clause exists in Google’s privacy policy should it be sold:

“If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.”

And check out this snippet of the Microsoft policy:

“We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of Microsoft.” (Emphasis added.)

It seems sharing our data is their right, and anyone who uses their system has agreed.

While many observers, privacy advocates and Rogers customers eagerly await the findings and results from the investigation launched by the Privacy Commissioner of Canada, and rightly so, they all may need to read or re-read the Oath policy page (with its Rogers/Yahoo logo still prominent):

“Personal information collected for the Internet Service may be stored and processed in Canada, the United States or other countries and may be subject to the legal jurisdiction of these countries.”

Hmm…plane to Morocco, anyone?

# # #

Privacy Investigation Launched Into Rogers Yahoo Oath Email

A screen grab captured during attempts to read the various pages of a new terms of use and privacy policy issued by Rogers/Yahoo and Oath. The links are now working and some adjustments to the email policy have been made, but an investigation by the Office of the Privacy Commissioner of Canada will continue.

 

-30-


Leave a Reply

Your email address will not be published.