Mobile app users e-sign terms of service (ToS) and privacy policy agreements (PPA) on a daily basis, oftentimes without reviewing them. This practice is problematic because ToS and PPA include considerable “ethical risks,” that are, questionable elements that they would not reasonably expect to find in these agreements.

This Article introduces a novel conceptual framework and comprehensive typology for analyzing ethical risks in ToS and PPA of mobile apps. The proposed typology is the first to integrate ethical risks stemming from both ToS and PPA into a single coherent framework. Furthermore, the typology addresses the identified risks in terms of both the rights violated and the concrete business and legal practices that create them. Based on this thorough analysis, the Article argues that the legal mechanisms of ToS and PPA do not achieve their purposes. ToS and PPA often legalize ethical risks by obtaining users’ consent to terms that users may not fully understand. As such, rather than protecting users, ToS and PPA frequently perpetuate users’ vulnerabilities and subject them to rights-infringing measures.

In addition, the Article examines the scope of protection against the identified ethical risks that is awarded by landmark laws in the area of digital privacy and consumer protection: The General Data Protection Regulation (GDPR), the Consumer Rights Directive of the European Union (EU), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).

The Article concludes with a discussion of its practical implications, which can have far-reaching consequences for privacy protection and consumer protection regulation. These implications include guidance for developing new regulatory and decision-support tools, improving consumer understanding of ethical risks, and assisting mobile app providers in drafting ethical user agreements.

Link.