Social media have so thoroughly infused our everyday lives that calling them “ubiquitous” seems inadequate. Facebook, Twitter, Instagram, YouTube, Snapchat, and others take up an astonishing amount of our time, bandwidth, and attention, and have become indispensable business and marketing tools as well.
While it’s easy to think of these as neutral platforms for users’ interaction, we must bear in mind that each is a functioning business, governed by its balance sheets and accountable to its owners. Accordingly, each requires users to agree to its Terms of Service and Privacy Policy before creating an account. These agreements tend to be long and rather arcane, yet the average time spent reading them is between 6 and 8 seconds.
A user agreement is not a mere formality. It’s a binding legal contract, of the type lawyers call a “contract of adhesion.” Contracts of adhesion offer no room for negotiation — the user’s only options are to take it or leave it. When faced with Instagram’s Terms of Service (TOS), a new user’s thinking may proceed as follows:
- I don’t want to read this entire long, confusing legal document.
- There are 500 million people using Instagram, so they all must have signed this thing already.
- Everyone I know who’s on Instagram likes it, and none seem to have suffered terrible consequences from signing this.
- If the terms were really bad, people wouldn’t be using the service.
And then they click OK. It’s a strange, implied crowdsourcing of legal reasoning, and unfortunately, it’s not great for keeping things on the up-and-up.
Let’s dig for a moment into what users agree to when they sign up with one of these services. I’ll focus primarily on Instagram here because this is PetaPixel, but we’ll take a quick peek at a few others as well.
Instagram’s Terms of Service is a long document, most of which is pretty straightforward and reasonably fair. You agree not to harass other users, not to try to hack their code, and other things that I think we can all agree are pretty necessary to keep things functioning.
The licensing section, though, is what I’d like to examine a little more closely. Particularly, this paragraph:
Instagram does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, subject to the Service’s Privacy Policy, available here http://instagram.com/legal/privacy/, including but not limited to sections 3 (“Sharing of Your Information”), 4 (“How We Store Your Information”), and 5 (“Your Choices About Your Information”).
Crystal clear, right? No? OK, let’s break it down, piece by piece.
Instagram does not claim ownership of any Content that you post on or through the Service.
You still own your photos (i.e., you own the copyright in your photos). Hey, that’s nice.
Instead, you hereby grant to Instagram a non-exclusive,
“Non-exclusive” means that while Instagram is getting a license, you are still free to license the photo to others as well.
fully paid
This means Instagram doesn’t have to pay you anything in return for the license.
and royalty-free,
This means Instagram won’t have to pay you anything for it in the future.
transferable,
This means Instagram can give this license to anyone they want. Getting nervous yet?
sub-licensable,
This means Instagram can sell a sub-license to another party. And they don’t have to pay you for it, because remember, we agreed above that this license is “royalty-free.”
worldwide
Self-explanatory.
license to use the Content that you post on or through the Service, subject to the Service’s Privacy Policy…
Are alarm bells going off in your head? I hope so. You’ve just granted Instagram the right to do anything at all with your photos, without ever paying you a dime for any of it.
Let’s press on. Switching over to Instagram’s Privacy Policy, the relevant section is Section 3, “Sharing of Your Information.” This section lays out the circumstances under which Instagram will sell/share your information with third parties. I’ll summarize, rather than quoting the whole thing.
There are three main categories of third party:
1. Affiliates: These are companies affiliated with Instagram, who must receive your data as a function of making Instagram work. Perfectly reasonable.
2. Service Providers: Outside companies that provide services necessary to making Instagram work. Domain servers, things like that. Again, it seems reasonable–and necessary–that these companies would need to handle your information.
3. Third-Party Advertisers: Here’s the meat. When you visit a web page, advertisers look at the cookies on your computer to get a picture of what sites you’ve already visited. Then they choose an ad to show you, based on what you’ll probably enjoy seeing/want to buy. If you’ve ever looked at a product on Amazon and then noticed ads popping up on other sites for that exact same product, this is how it happens.
This is how Instagram makes money, of course. They provide a service for free, and in return you give them some information about you, which they sell to advertisers.
There’s a privacy issue here. We think of loading a web page as if we were anonymously downloading a file from a server onto our computer, but when the server reads and writes to our browsers’ cookies, the situation is at least mutual, if not reversed. The server may be able to see quite a lot of your browsing history.
Instagram attempts to assuage fears of surveillance by suggesting that no individually identifiable information is sent to the advertisers:
We may remove parts of data that can identify you and share anonymized data with other parties. We may also combine your information with other information in a way that it is no longer associated with you and share that aggregated information.
That sounds great, right? If they’re sharing anonymized and/or aggregated data, then you’re clear?
Well, not exactly. Watch out for the weasel-words: “We may remove parts of data that can identify you…” “We may also combine your information with other information…”
The word “may” (as opposed to “will” or “must”) means that Instagram is allowed to aggregate/anonymize your data. They are under no obligation to do so.
Does Instagram anonymize data in this way? Probably so, although it’s difficult if not impossible to verify that. But under the terms laid out in Instagram’s TOS, they are under no obligation to do so, and if they suddenly decided to stop and just straight-up sell all your personal info to advertisers, (1) they would be perfectly within their legal rights, and (2) you would probably never know about it.
Let’s look at one more passage from Instagram’s Terms of Service, under “General Conditions”:
You can deactivate your Instagram account by logging into the Service and completing the form available here: https://instagram.com/accounts/remove/request/. If we terminate your access to the Service or you use the form detailed above to deactivate your account, your photos, comments, likes, friendships, and all other data will no longer be accessible through your account (e.g., users will not be able to navigate to your username and view your photos), but those materials and data may persist and appear within the Service [emphasis ours] (e.g., if your Content has been reshared by others).
That bit about “resharing” is a key point to consider. The term “reshare” includes, among other things, Instagram posts that have been embedded on other sites. Embedding a photo isn’t just posting a link to it; Instagram lets users copy a chunk of code and paste it onto their own site, so that the photo appears on the user’s site along with updated comments, likes, and so on. Like this:
Note how someone’s embedding your photo changes your relation to it: If you post a photo on Instagram, and someone embeds it on their site, there is a possibility that you won’t be able to take it down later. Normally, an Instagram photo that’s been embedded by a third party and is later deleted won’t keep appearing; the page where it was embedded will show a message saying the photo is unavailable.
But under the TOS, Instagram is perfectly free to keep sharing those photos regardless of whether they’re deleted. The TOS is most likely worded that way to cover those times when a user deletes something, but cached copies continue to appear for a while. Nonetheless, the intent is irrelevant when the language is clear, and that language in the TOS is unambiguous.
One more point from the same sentence in the TOS: “but those materials and data may persist and appear within the Service (e.g., if your Content has been reshared by others).”
“E.g.” is an abbreviation for the Latin phrase exempli gratia. It means “for example.” So another user’s reshare is an example of how your content could stay on Instagram after you’ve deleted it, but it’s not necessarily the only way. That little “e.g.” essentially gives Instagram infinite wiggle room for how they can keep your content alive and circulating without your consent. I know this sounds like I’m splitting hairs, but I guarantee you that at some point during the TOS’s development, a smart lawyer insisted on that “e.g.” for exactly this reason.
Here’s a quick flyover view of some other popular sites’ TOS:
Facebook’s policy is essentially the same as Instagram’s, including the “reshare makes it public” provision: “[Y]ou grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.”
YouTube’s TOS has the same “worldwide, non-exclusive, royalty-free, sublicenseable and transferable license.” There is one difference, though. If other people share (embed) your YouTube videos, the licenses will “terminate within a commercially reasonable time after you remove or delete your videos from the Service.”
That sounds promising. We’ve all seen old web pages with embedded videos that just show static because the videos have been taken down. But wait:
“You understand and agree, however, that YouTube may retain, but not display, distribute, or perform, server copies of your videos that have been removed or deleted.”
In other words: Once you delete your videos from YouTube, they can’t be played or shared, but YouTube can still retain an archived copy. Forever. To be fair, this policy, like Instagram’s, is probably meant to cover YouTube in the case of cached/archived files that can potentially remain on a server if they’re not properly deleted (like being in the Windows “Recycle Bin”), but regardless of the intent, the effect of this language is clear: They can keep your videos forever.
Nothing I’ve written here is meant to say that you shouldn’t use Facebook, Google, Instagram, Twitter, or any of the others. I use them myself, and just like you, when I signed up I clicked “OK” without reading the user agreement. Nonetheless, it’s worth taking a moment to examine why you’re using them and what you’re getting out of it, and consider how you can prepare now for contingencies that may arise down the road.
If you want to retain maximum control over your own photos, obviously the safest plan is not to put them online at all. It’s not a realistic goal, though, in an era when most of us do most of our marketing online. There are various steps you can take to help retain control of your work, from uploading reduced-quality versions to adding the hated watermark, but whatever you choose to do, having more information going into the process will help you decide what course of action best suits your needs.
You can find the archives of Adam Remsen’s column here.
About the author: Adam Remsen is an attorney in Memphis, Tennessee. You can learn about his practice, request his services, or tell him how wonderful he is via his web site, or find him on Twitter.
