Has Dropbox set the stage for a privacy revolution?

July 8, 2011 Off By David
Object Storage
Grazed from GigaOM.  Author: Derrick Harris.

Life has been something of a rollercoaster ride for Dropbox lately. In May, the consumer cloud-storage service was hit with an FTC complaint based on allegedly misleading contractual language about data security. Last month, a group of consumers filed a class-action lawsuit against Dropbox for how it handled a temporary security hole in the service.

Then, on July 1, when Dropbox tried to do right by its users by clearing up much of the language in its terms of service, privacy policy and security overview, another uproar ensued. It appears this was the first time many customers bothered to read these documents, because the commenters on a blog post announcing the changes, as well as forum members across the web, began loudly criticizing certain Dropbox practices.

Of particular concern was terms of service language about data ownership, which some customers took to mean that Dropbox claimed ownership to their data. After a couple of attempts to clarify the issue on the July 1 blog post, Dropbox completely rewrote the section regarding data ownership and updated its terms of service again on July 6.

Despite all this, when the smoke clears, Dropbox’s newfound focus on transparency could turn out to be a great thing. Especially if it triggers an avalanche of other web-service providers following in its footsteps.

The federal government is eyeing up regulation of consumer web services regarding their privacy practices, and the resulting rules have the potential to be detrimental to companies like Dropbox, Facebook and Google. Part of the reason for the proposed rules is that companies haven’t been willing to regulate themselves. Facebook, which finds itself in a privacy snafu seemingly monthly, exemplifies the problem.

Dropbox’s efforts are so potentially meaningful because the FTC states that, among its chief priorities for any federal rules, are clear, reader-friendly contractual language and privacy policies. While Google is fighting such efforts with lobbyists, Dropbox is giving an example of how to cut legalese from a contract and let users know exactly what they’re signing up for.

Take this excerpt from the hotly contested copyright section, for example:

By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below. …

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.

Dropbox General Counsel Ramsey Homsany, who joined the company about a month ago after spending years leading a legal team within Google, said he doesn’t think the contractual changes have anything to do with Dropbox’s legal issues. He said the company disagrees with the premise of FTC complaint, so it isn’t making changes in an attempt to resolve that matter. In fact, the company began rewriting its terms in April, and so the changes were already underway when he joined.

Rather, Homsany said, Dropbox knows that its users — some of whom rely on Dropbox for their life’s work — are passionate about the service, and it wants to help them make informed choices. “We don’t have a pride in being right,” he explained. If some users think the terms are unclear, Dropbox will be even clearer, he said.

Both the federal government and users still care about what customer agreements actually permit a company to, though, regardless how clearly those permissions are written. Dropbox hasn’t materially amended how it uses customer data, and Homsany doesn’t think it has to right now. It can be a delicate balancing act to retain only the necessary rights while letting users keep the rest, but he thinks that customers by and large understand that creating a quality product does require some flexibility to use their data.

Dropbox rewriting its terms, privacy and security policies isn’t the be-all, end-all of the discussion over consumer rights online, but it’s a heck of a start. Someone had to get the ball rolling and show that web services actually are paying attention to the privacy firestorm surrounding them. As the villain du jour, it might as well be Dropbox who does it.

But for their own sakes, Dropbox’s peers might want to follow the company’s lead. If enough sites spell out for their users exactly what they’re signing up for, by the time they get around to formally proposing new laws, the FTC, Congress and any other federal bodies might forget what they were so mad about in the first place.