FDA Releases Guidelines For Apps And Wearables For Fitness And Health
Security Flaws Place 900 Million Android Phones And Tablets At Risk

Hulu Updated Its Terms of Use And Privacy Policies

Hulu.com, the popular TV streaming service, updated its terms of service and privacy policies. An August 5, 2016 e-mail to subscribers stated:

"... we are continually focused on improving our services and the viewer experience. To address some of the changes in our services, we've updated our Terms of Use and Privacy Policy. We want to ensure that we keep you informed about our practices, so we've summarized some of the key updates below. This summary is not exhaustive, so we encourage you to review the full, updated versions of our Terms of Use and Privacy Policy Privacy Policy..."

The streaming TV service announced in May 2016 that is subscriber base of about 12 million had grown about 30 percent over 2015. Besides its $8 and $12 monthly subscription options, reportedly the service plans to introduce a third, cable-like bundle of channels for about $40 monthly.

The service's email message summarized the changes in its policies:

"Terms of Use updates
Given our constant desire to innovate our service, we clarify that we may experiment with certain features and that the content and services may change from time to time. We provide additional details about our billing practices, including in connection with promotional offers.
We include updated instructions around cancellation and explain that if you sign up and pay for Hulu through a third party (e.g., Apple iTunes) you may need to cancel your subscription or manage your billing through such third party.
We remind you that your interactions with third-party advertisements on our services, including any information you may provide through interactive advertisements, are between you and the advertiser. We encourage you to review any such advertiser's terms of use and privacy policy.
We clarify that we may communicate with you electronically and encourage you to keep copies of our electronic communications for your records.

Privacy Policy updates
We include an updated list of the types of technologies we or third parties may use to collect data from or about you. This data helps improve the content and advertisements provided to you.
We've likewise updated the section describing how we share information with business partners, service providers and other third parties.
We describe that you can choose to share information through sharing features we may offer, for example, through email, text message or social networks.
We provide instructions on how California residents can obtain more information about our data sharing practices in the event we were to share personal data about our users with third parties for their direct marketing purposes.
You have choices with respect to your use of our services and we include an updated and consolidated list of the various options available to you in a new section called "Your Choices, Including Opt-Out Options" (Section 6) which includes instructions about your opt-out choices related to your use of Hulu on websites, mobile devices and living room devices.
We explain that we may work with third parties who help us to establish connections across your related browsers and devices and how your opt-out choices apply."

What is a consumer to make of this? Hulu is clearly both providing notice to and obtaining consent from its subscribers to perform online experiments. Previously, social sites like OKCupid were heavily criticized for performing online experiments without notice nor consent. So, it is good that Hulu provides this advance notice.

Current or prospective subscribers may or may not be comfortable participating in online experiments that affect their usage of the service. To learn more, I read Hulu's Terms Of Use policy. This section seemed key:

"3.10 Modification/Suspension/Discontinuation. We regularly make changes to the Services. The availability of the Content as well as Access Points through which the Services are available will change from time to time. Hulu reserves the right to replace or remove any Content and Access Points available to you through the Services, including specific titles, and to otherwise make changes in how we operate the Services... In our continued assessment of the Services, we may from time to time, with respect to any or all of our users, experiment with or otherwise offer certain features or other elements of the Services, including promotional features, user interfaces, plans, pricing, and advertisements. You acknowledge that Hulu may do so in Hulu's sole discretion at any time without notice. You also agree that Hulu will not be liable to you for any modification, suspension, or discontinuance of the Services, although if you are a Hulu subscriber and Hulu suspends or discontinues your subscription to the Services, Hulu may, in its sole discretion, provide you with a credit, refund, discount or other form of consideration (for example, we may credit additional days of service to your account) in accordance with Section 4 below. However, if Hulu terminates your account or suspends or discontinues your access to Services due to your violation of these Terms, then you will not be eligible for any such credit, refund, discount or other consideration."

So, this revised Terms of Use policy may be the only notice subscribers receive about online experiments. And, there doesn't appear to be an option to decline (e.g., opt out of) online experiments, except to cancel their subscription. Some subscribers may not like that, and/or may want compensation for participating in online experiments.

Another section current and prospective subscribers may want to read closely is the "13. Arbitration of Claims" section. While this clause is not new, it is important since it describes how disagreements are resolved between subscribers and Hulu. Basically, most disagreements would be resolved through binding arbitration Individually, and not in court nor through a group action:

"... If we do not reach an agreed upon solution after our discussions for at least 30 days, you and Hulu agree that any claim that either of us may have arising out of or relating to these Terms (including formation, performance, or breach of them), our relationship with each other, or use of the Services must be resolved through binding arbitration before the American Arbitration Association using its Consumer Arbitration Rules, available here. As an exception to this arbitration agreement, Hulu is happy to give you the right to pursue in small claims court any claim that is within that court's jurisdiction as long as you proceed only on an individual basis... you and Hulu agree to begin any arbitration within one year after a claim arises; otherwise, the claim is waived. You and Hulu also agree to arbitrate in each of our individual capacities only, not as a representative or member of a class, and each of us expressly waives any right to file a class action or seek relief on a class basis..."

Regular readers of this blog are familiar with the issues about binding arbitration. Companies in several industries have inserted "binding arbitration" clauses into their terms of service policies with consumers. The Public Citizen website lists the banks, retail stores, entertainment, online shopping, telecommunications, consumer electronics, software, nursing homes, and health care companies that use these clauses.

Bankrate reported on March 11, 2015:

"This week, the CFPB released new research showing that banks' practice of forcing customers into binding arbitration has a wide range of downsides for consumers... The exhaustive 700+ page CFPB report shows that arbitration clauses have a broad range of negative consequences for consumers. They discourage individual consumers from pursuing claims. The CFPB found that the number of arbitrations filed by individual consumers was much lower than one would expect given the number federal lawsuits filed by those who still have that option... They squelch legitimate class-action lawsuits. Arbitration clauses generally prevent customers from joining together in class-action lawsuits... They reduce consumer protections. The way that many consumer protection laws are enforced is through civil litigation. By blocking civil suits brought by customers, financial institutions effectively give themselves an end-around against these protections... They confuse consumers. In surveys conducted by the CFPB for the report, relatively few customers understood what arbitration was, whether they were subject to it and how it works in practice... They don't lead to lower prices. The big selling point for arbitration has always been that reducing legal costs by blocking customer lawsuits would result in lower prices for consumers. But that hasn't been the case, according to the report..."

Current and prospective subscribers may or may not be comfortable giving up these rights.

The Hulu Privacy Policy is important for several reasons. It lists the technologies the service uses. The service obtains information about its subscribers from several sources: data subscribers submit into their profiles, third-party affiliates, data brokers, and the technologies used. These technologies may conflict with the privacy settings consumers use in their Web browsers. Some technologies apply specifically to phones/tablets versus laptops/desktops:

"... One technology we use is called a cookie. A cookie is a small data file that is transferred to your computer’s hard disk. We may use both session cookies and persistent cookies to better understand how you interact with the Hulu Services or Hulu advertising published outside of the Hulu Services, to monitor aggregate usage by our users and web traffic routing on the Hulu Services, and to customize Content and advertising... We may collect information through other kinds of local storage (also referred to as "Flash cookies") and HTML5 local storage, including in connection with features such as volume/mute settings for the Video Player. Because these technologies are similar to browser cookies, they are sometimes called "browser cookies," even though they may be stored in different parts of your computer... Please note that disabling cookies or deleting information contained in cookies or Flash cookies may interfere with the performance and features of the Hulu Services, including the Video Player... we may use other technologies such as web beacons or pixel tags, which can be embedded in web pages, videos, or emails, to collect certain types of information from your browser or device, check whether you have viewed a particular web page, ad, or email message, and determine, among other things, the time and date on which you viewed the Content, the IP address of your computer, and the URL of the web page... Mobile Device Identifiers and Software Development Kits ("SDKs"). We may use or work with third parties including our business partners and service providers who use mobile SDKs to collect information, such as mobile identifiers (e.g., "ad-ID" or "IDFA") and information related to how mobile devices interact with the Hulu Services. An SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected and related services and functionality to be implemented. A mobile SDK is in effect the mobile app version of a pixel tag or beacon..."

This blog has discussed several technologies (e.g., cookies, “zombie cookies,” Flash cookies, “zombie e-tags,” super cookies, “zombie databases” on mobile devices, canvas fingerprinting, etc.) which companies have used to track consumers online. This makes it important to read any service's online privacy policy. Consumers may or may not be comfortable with the tracking technologies used.

Hulu's privacy policy also lists the types of companies and entities it shares subscribers' information with, but (besides Facebook.com and Nielsen) it doesn't disclose the names of specific companies and entities (bold added):

"We work with a number of business partners who help us offer the Hulu Services, including for example our content licensors, distributors, and corporate owners. We may share information collected from or about you with such business partners... When you choose to share information with social networking services about your activities on the Hulu Services, including shows you watch or like on Hulu, information about you and your activities will be shared with that social network... We may share the information collected from or about you with companies that provide services to us and our business partners, including companies that assist with payment processing, analytics, data processing and management, account management, hosting, customer and technical support, marketing (e.g., email, online or direct mail communications) and other services... We may share the information collected from or about you in encrypted, aggregated, or de-identified forms with advertisers and service providers that perform advertising-related services for us and our business partners in order to tailor advertisements, measure, and improve advertising effectiveness, and enable other enhancements. This information includes your use of the Hulu Services, websites you visited, advertisements you viewed, and your other activities online... Our business partners, such as content licensors, as well as our advertisers, seek to measure the performance of their creative material across many platforms, including the Hulu Services. Accordingly, Hulu may permit the use of third-party measurement software that enables third parties (such as Nielsen) to include your viewing on the Hulu Services in calculating measurement statistics such as TV Ratings... If we sell all or part of our business, make a transfer of assets, or otherwise might be involved in a change of control transaction, or in the unlikely event of bankruptcy, we may transfer information from or about you to one or more third parties as part of the transaction, including the due diligence process... Third Parties When Required By Law or When Necessary to Protect Your or Our Rights. In some instances, we may disclose information from or about you without providing you with a choice. For example, we may disclose your information in the following ways: to protect the legal rights of Hulu and our affiliates or partners... and to comply with or respond to the law or legal process or a request for cooperation by a government entity, whether or not legally required..."

It is reasonable to assume that the last group includes law enforcement agencies (e.g., federal, state, local) in the United States, but the policy seems vague about whether those agencies are from other countries, too. Again, (current or prospective) subscribers may want to know the specific names of companies and entities data is shared with.

New at reading online polices? Unsure what to look for? I compiled what I've learned into this blog post: "10 Tips About How To Read Terms Of Use And Privacy Policies." You might find it helpful.

What are your opinions of Hulu's revised policies?

[Editor's note: this blog post is not legal advice. Consumers wanting legal advice should consult an attorney to help them fully evaluate any contracts or legal agreements.]

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Chanson de Roland

Years ago, I used Hulu. But then, along with the rest of the industry of online services, Hulu discovered the vast amounts of wealth that could be had from collecting its customers/users’ (Customers) personal information. As a result, Hulu then imposed one of the most privacy-compromising and legally unfair terms of service and privacy policies as could be seen anywhere. Now, from what the Editor reveals, Hulu has only gotten incredibly and appallingly worse.

Now Hulu not only collect its Customers’ personal information but it does so in conjunction with others across the web and across virtually all of its Customers’ devices, and it does so by every available means. Hulu also deprives its Customers of any just and effective forum, the courts, for settling their disputes with Hulu. Taken together, the price of using Hulu is not only its subscription but also all of your information about what you do on the Web, as Hulu and its partners can collect that information by any and every available means.

Yet there is one new incredibly powerful and dangerously insecure means that I hadn’t seen others employ, and that is the SDK. An SDK, which stands for Software Development Kit, is a complete environment for developing applications. Depending on the capabilities of the an SDK, it can be used to develop applications that can do almost anything on one’s computing devices (e.g., personal computer, smartphone, etc.), including changing how the operating system works, how the browsers on one’s device works, how any application on one’s computing device works. This is incredibly powerful stuff. And it is incredibly dangerous, because, if there is a security breach at Hulu, any of its partners, or of any SDK, the person responsible for that breach could be capable of completely controlling one’s computing devices, with all the harms that has led to and which have been reported on in the press, including this blog.

And, if these harms happen, what remedy do Hulu’s Customers have? Well they are limited to binding arbitration, which has much less power than a court to compel discovery and impose various type of remedies beyond damages, as well as establish precedents of law. And binding arbitration has shown itself to be as expensive, if not more so, as litigation for individual plaintiffs. Yet, since Hulu’s agreements bar class actions and restrict damages to the much more limited damages of binding arbitration, it is highly unlikely that any other than a very wealthy plaintiff could afford to pursue arbitration, and even for such a person, it is unlikely that damages that could be obtained would be worth the costs of obtaining them. So, while dramatically increasing the scope and extent of the invasion of its Customers’ privacy and adding an extremely dangerous new vector for malware, the SDK, to their computing devices, which hitherto had been limited mostly to developers of operating systems, who are the only ones with the resources to secure SDKs, Hulu so completely limits its Customers’ remedies for any wrongs and harms as to deprive them of any practical effective remedy for wrongs and harms that it causes or is otherwise responsible for doing to them.

It seems to me that Hulu should be paying Customers to subscribe to its service, and should be paying a lot, rather than Customers paying Hulu.

The comments to this entry are closed.