Just-In-Time Click-Through Agreements:
Interface Widgets for Facilitating User Understanding and
Confirming Informed, Unambiguous Consent

 

Andrew Patrick

Institute for Information Technology

National Research Council of Canada

Andrew.Patrick@nrc.ca

 

July 8, 2002

 

The most common method for supporting consent in computer applications is a "user agreement".  When you have installed new software on your computer, or signed-up for an Internet service, you have undoubtedly seen an interface screen that presents a User Agreement or Terms of Service.  In order to continue, you have had to click on an "I Agree" button or an equivalent label.  These interface screens are commonly called "click-through agreements" because the users must click through the screen to get to the software or service being offered [5].  (An alternative label is "click-wrap agreement", in parallel to more traditional "shrink-wrap" agreements attached to software packaging.)  These agreement screens are an attempt to provide the electronic equivalent of a signed user agreement or service contract  [4].  By clicking on the "Agree" button, the user is confirming their understanding of the agreement and indicating consent to any terms or conditions specified in the accompanying text.

 

The legality of these click-through screens in forming the basis of a legal agreement or contract has been established, but with some qualifications.  The Cyberspace Law Committee of the American Bar Association has recently reviewed the case law and developed a set of guidelines for creating click-through agreements [3].  These guidelines have been summarized into six principles to be considered by system developers [2][5]:

 

1.     Opportunity to review terms:  users must view the terms of the agreement before consenting to the agreement.  A recent case involving Netscape [5] established that it is important that there is no other method to obtain the product or service other than by clicking-through the agreement.

 

2.     Display of terms:  the terms have to be displayed in a "reasonably conspicuous" [5] manner.  A recent case involving Ticketmaster [3] established that simply linking to the terms at the end of a long home page was not enough.

 

3.     Assent to terms:  the language used to accept the agreement must clearly indicate that a contract is being formed.

 

4.     Opportunity to correct errors: there should be a method for users to correct errors, such as seeking a final confirmation before proceeding, or allowing the user to back-out of an agreement.

 

5.     Ability to reject terms:  the option to reject the terms of the agreement should be clear and unambiguous, and the consequences of the rejection should be stated (e.g., "if you do not agree, you will not be able to use this software").

 

6.     Ability to print the terms:  the interface should allow the user to print the terms for later reading.

 

Other factors that should be considered when creating click-through agreements [4] are to redisplay the terms and conditions at product startup (reminding), and to support the ability to review the terms at any time (e.g., in the "help" or "about" menus).  In addition, developers should adapt the terms and conditions to local languages and requirements.  If these principles and considerations are heeded, case law suggests that click-through agreements will likely be enforced, at least in US courts.  (Some jurisdictions, such as Germany and China, are unlikely to enforce any of these agreements [4]).

 

The text of many click-through agreements tends to be long and complex, often to ensure that all the points raised above are addressed.  The result is that many users have difficulty reading and understanding the documents (a comprehension problem), and many users click the "Agree" button without considering the terms at all (a consciousness problem).  The problems arise because people have limited cognitive abilities that must be considered.  We have limited attention spans, a restricted ability to process large quantities of detailed information at one time, and limited memories.  Thus, using interface techniques that are sensitive to user characteristics is important.  This observation may be particularly relevant if users are being asked to agree to a number of terms that will affect them substantially, such as the processing of their personal data. 

 

Ensuring that users fully understand and unambiguously agree to the processing of their personal information is important for complying with privacy legislation and guidelines.  Consider the definition of consent provided in the EU Directive 95/46/EC on privacy protection [1]:

 

'the data subject's [user's] consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.  (Article 2-h)

 

It is clear that a large, cumbersome, complicated User Agreement presented to the user only when they begin to use a product or service fails to live-up to the requirements for "specific" and "informed" consent, and yet these types of user agreements are the majority.  These issues are of particular concern in relation to explicit consent.  For example, the EU Directive states that when sensitive data (e.g., race, ethnic origin, religious beliefs) are processed, the user must give "explicit consent" (Article 8-2-a) to the processing of the sensitive data.  Again, a single, large, click-through User Agreement does not meet the spirit of The Directive.

 

The solution to this problem proposed here is a new concept of "Just-In-Time Click-Through Agreements" (JITCTAs).  The main feature of a JITCTA is not to provide a large, complete list of service terms but instead to confirm the understanding or consent on an as-needed basis.  These small agreements are easier for the user to read and process, and facilitate a better understanding of the decision being made in-context.  Also, the JITCTAs can be customized for the user depending on the features that they actually use, and the user will be able to specify what terms they agree with, and those they do not.  The responses made by the user during the JITCTAs can also be recorded so there is a clear, unambiguous record of the specific agreements made with the user.  In order to implement JITCTAs, the software will recognize when users are about to use a service or feature that requires that they understand and agree to some term or condition. 

 

A sample screen capture of a JITCTA is shown in Figure 1.  In this example a user has selected the Trade Union Membership information field in an interface screen.  Since this would be considered sensitive information in the EU Privacy Directive, a JITCTA has appeared to obtain explicit, timely, unambiguous consent to the processing of this data.

 

Figure 1:  An example of a Just-In-Time Click-Through Agreement (JITCTA)

 

 

In summary, well-formulated click-through agreements are legally permissible in many countries, and Just-In-Time Click Through Agreements improve on this device by supporting more appropriate decision-making and control that is sensitive to human factors constraints.

 

References

 

1.     European Union.  Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.  http://www.cdt.org/privacy/eudirective/EU_Directive_.html

2.     Halket, T.D., & Cosgrove, D.B.  Is your online agreement in jeopardy?  http://www.cio.com/legal/edit/010402_agree.html

3.     Kunz, C.L.  (2002).  Click-Through Agreements: Strategies for Avoiding Disputes on Validity of Assent. http://www.efscouncil.org/frames/Forum%20Members/Kunz_Click-thr_%20Agrmt_%20Strategies.ppt.    See also C.L. Kunz, J. Debrow, M. Del Duca, and H. Thayer, "Click-Through Agreements: Strategies for Avoiding Disputes on Validity of Assent," Business Lawyer, 57, 401 (2001).

4.     Slade, K.H.  (1999).  Dealing with customers:  Protection their privacy and enforcing your contracts.  http://www.haledorr.com/db30/cgi-bin/pubs/1999_06_CLE_Program.pdf

5.     Thornburgh, D.  (2001).  Click-through contracts:  How to make them stick.  Internet Management Strategies.  http://www.loeb.com/FSL5CS/articles/articles45.asp