Terms broken down into plain english.

It’s been like a fireworks show lately, from April through June, with pop-ups and interstitials all stopping you from continuing on with a website you use regularly in your bustling daily life saying, “you must agree with this to be able to continue to use this website.”

Most people just click “agree” and know that they are basically at risk of agreeing to a really bad deal in order to keep moving, read what they want to read, buy what they want to buy, and go on with their day.

How good or bad is it? What is being agreed to… we took a moment to try and break down a common example of what we think is a pretty typical and standard agreement.

First of all, why now? What changed with privacy policies that caused all the hub bub, bub?

Well, we can’t blame it all on 9/11, but… no, seriously though, Europe’s new General Data Protection Regulations (GDPR), which has been approved since 2016, finally went into effect on May 25th, 2018. Since almost all major sites operate and do business in Europe, they needed to update their policies. Specifically around how they opt people into their terms – as you know, most sites basically ask for all rights to all your information, wrapped in legalize written by Bob Loblaw, attorney at law. Europe was like, “okay, these terms need to be written in a way that is more straightforward to people can understand what they are getting into…”

The struggle is real.

A study published by Carnegie Mellon University (whose mascot is a flaming brain wielding a sword) put it into very real, geeked-out terms; the study shows that if people in the United States were to actually read the privacy policies that they were served prior to agreeing to them, on average it would take each person over 244 hours in a given year. Reading these policies would collectively cost the people of the United States $365 billion dollars in lost leisure time and productivity at work each year.

Because this Blog is supposed to make it easier to understand terms associated with Privacy Policies, we are putting this overly simplified summary here:

Many of the largest companies with Privacy Policies out there will likely have similar terms and language as the example below. You need to read each to know for sure, but if they have a privacy policy like the one below, here’s an exaggeratedly simple break down:

  • Companies collect, store, and analyze any and all data that is associated with you
    • This means emails, instant messages, photos, your browsing history, searches, what you view, what you click, your financial information
      • Financial information includes brokerage statements, payment information, etc.
      • Literally anything that they can associate you, by whatever means they get it, they’ll will use it
  • Information sent to you by any person or company is allowed to be collected, stored, analyzed and sold
  • Information that can be gathered from anyone that you are connected to is allowed to be collected, stored, analyzed and sold – this includes emails, instant messages, photos, posts, etc.
  • This information on you is collected directly by the company as well as indirectly, through bought or given means
  • Even if you are not using their products, services, or websites they are allowed to still track and gather information about you
  • They are allowed to sell to you, up-sell, cross-sell to you and if another party buys your info that party is allowed to sell to you as well

The full policy is shown below in its original format as of April 2018.

Let’s start by taking Yahoo’s Privacy Policy for example…

Before we start, to make it clear, we are not picking on Yahoo. We’re just using them as an example. Why? Because they’re not as polished as Amazon and Google and frequently do things wrong, so why not?

First, we’ll set the stage and dial in how well this “updated” privacy policy adheres to being easy to read and easy to understand. Yes, those are 2 different things. Things can be easy to read, yet at the same time difficult to process. Lobby groups use this tactic frequently when trying to pass things like amendments that require a public vote. Example, “You should never not create an exception to slavery prohibition for criminals, whereof the party shall have been duly convicted.” Yes, exact– wait, what?

We started by running Yahoo’s privacy policy through a readability analyzer. Let’s see how it did…

But what does it mean?

To oversimplify, Yahoo’s Privacy policy is written at around a 7th or 8th grade level in terms of “ability to read it,” but requires approximately a college graduate level of education to understand it. It scores as highly “foggy,” meaning it is difficult as a straight read-through in a single pass.

If you look at just the Dale-Chall, considered by most “in the know” on the subject of readability mapped to understanding to be one of the most accurate methods, a score higher than 9 indicates a very high level of education required to process what is written.

To put it another way, if Yahoo’s Privacy policy was an escape room, unless you’re a college graduate – you’re going to have a very hard time making it out alive.

Let’s dig in, shall we?

Buckle up, buttercup. We’ll go through this piece by piece. NOTE: this is a blog, we are not lawyers, we are not offering legal advice. Yada yada yada, let’ begin. Yellow blocks are the actual policy, green blocks are our opinions.

In June 2017, we announced that Yahoo and AOL had joined to become Oath, a digital and mobile media company and part of Verizon. As a result, Yahoo7 is now a joint venture between Oath and Seven West Media.  As part of this collaboration, we’re bringing Oath and Yahoo7 under a single privacy policy that explains what this means for the purposes for which we will collect, and how we will share, use and disclose your personal information in order to bring you the combined services.  Some things haven’t changed, such as the control tools we provide to help you manage your experience with us.  If you have an existing Yahoo7 or AOL account, you will need to agree to this Privacy Policy.  If you have not yet agreed to this Privacy Policy, the legacy Yahoo7 Privacy Policy or legacy Oath Privacy Policy (for AOL) still apply to your account.  For Oath or Yahoo7 products or services that are accessed without signing in to an account, this Privacy Policy will apply to those products and services from [25 May 2018].  If you are creating a new account, the terms below apply as of today.

Last updated: April 2018

Let’s start our relationship with literally feeding you non-actionable garbage, “We are using one privacy policy for multiple companies. If you have not yet agreed to this policy, the policy still applies to your account anyways… well, up until May 25th, 2018, because on that date we can’t get away with doing this anymore – curse you Europe!”

Our commitment is to put users first.  We strive to be transparent about how we collect and use your information in order to keep your information secure and to provide you with meaningful choices.  This Privacy Policy explains what information Yahoo7 (“Yahoo7”, “us”, “our” or “we”), Oath, Oath’s affiliates and Oath’s house of global brands (collectively “Oath”) collect, why Oath and Yahoo7 collect it and share it, and what Oath and Yahoo7 do with it. This policy applies to Yahoo7 and Oath brands, websites, apps, advertising services, products, services and technologies (we’ll collectively refer to these as “Services”). Additional privacy practices for certain Services can be found in Details for specific products and services.

We want you to feel like you can trust us, so we’re using words like “our pledge,” “our commitment,” “transparency…” Yes, we do collect your stuff and we share your stuff, but we’re going to tell you why we do this… it’s important to us that you know why we do this.

We believe you should have tools to control your information. You can find controls to manage or review your account information, marketing preferences, location data and search history at Privacy controls. Some Services provide additional controls and privacy practices. (See details for specific products and services)

Now that Europe requires it, we also believe you should have tools to control your information that is being shared. Here’s a link. We hope you don’t follow it, but if you do we have a ton of links with little to no descriptions that you need to go through to find even more links. If you do click through, in some instances, 4 levels of navigation to subsequent pages, you will eventually get to a page with a lot of links with little to know explanation… this is actually a red herring because it’s privacy items related to Google. You like Google, right? Well, they aren’t us, you have to log in before you see our settings. If you do log into our stuff – do you have your login info handy? If so, you’ll be able to see that we are taking information across all your synced devices, using all of your search and navigation histories and suppling this to partners that pay for this information to sell you stuff. Now, good luck picking and choosing what to opt out in or out of…

We may collect and combine information when you interact with Oath and/or Yahoo7 Services including:

  • Information you provide to us. We may collect the information that you provide to us, such as:
    • When you create an account with Oath or Yahoo7 Services or brands. (Please note that, when you use Oath or Yahoo7 Services, we may recognise you or your devices even if you are not signed in to Oath or Yahoo7 Services.)  We may use device IDs, cookies and other signals, including information obtained from third parties, to associate accounts and/or devices with you.
    • When you use Oath or Yahoo7 Services to communicate with others or post, upload or store content (such as comments, photos, voice inputs, videos, emails, messaging services and attachments).
    • We analyse and store all communications content, including email content from incoming and outgoing emails.  This allows us to deliver, personalise and develop relevant features, content, advertising and Oath or Yahoo7 Services.
    • When you otherwise use Oath or Yahoo7 Services, such as title queries, watch history, page views and search queries, or view the content we make available and install any Oath software such as plug-ins.
    • When you sign up for paid Oath or Yahoo7 Services, use Oath or Yahoo7 Services that require your financial information, or complete transactions with Oath or Yahoo7 or our business partners, we may collect your payment and billing information.
  • Device information.  We collect information from your devices (computers, mobile phones, tablets, etc.), including information about how you interact with Oath and/or Yahoo7 Services and those of our third-party partners and information that allows us to recognise and associate your activity across devices and Services.  This information includes device-specific identifiers and information such as IP addresscookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data.  We may recognise your devices to provide you with personalised experiences and advertising across the devices you use.
  • Location information.  We collect location information from a variety of sources.  You can learn more about and manage your location permissions on our Locations page and by visiting the location settings tool on your devices.
  • Information from cookies and other technologies.
  • We collect information when you access content, advertising, sites, interactive widgets, applications and other products (both on and off Oath and/or Yahoo7 Services) where Oath or Yahoo7’s data collection technologies (such as web beacons, development tools, cookies and other technologies) are present. These data collection technologies allow us to understand your activity on and off Oath and Yahoo7 Services, and collect and store information when you interact with Services that we offer to partners.
  • This information includes the kind of content or ads served, viewed or clicked on; the frequency and duration of your activities; the sites or apps you used before accessing Oath and/or Yahoo7 Services and where you went next; whether you engaged with specific content or ads; and whether you went on to visit an advertiser’s website, downloaded an advertiser’s app, purchased a product or service advertised, or took other actions.
  • Information from others.  We collect information about you when we receive it from other users, third parties and affiliates, such as:
    • When you connect your account to third-party services or sign in using a third-party partner (such as Facebook or Twitter).
    • From publicly available sources.
    • From advertisers about your experiences or interactions with their offerings.
    • When we obtain information from third parties or other companies, such as those that use Oath and/or Yahoo7 Services. This may include your activity on other sites and apps as well as information that those third parties give to you or us.
    • Information that we receive from Verizon will be used consistently with Verizon’s privacy policy.

Okay, well, you’ve kept reading this for so we might as well tell you; here’s what we collect:

  • We might recognize you even if you aren’t directly signed in to our products or services; we work with others to track you and get this information.
  • We track pretty much everything you do: communications with your friends, your posts (obviously), any content you upload or store (we look at that at associate it with you) – this includes photos you’re in with your friends as well as voice inputs by you and emails you send and messaging/texts you send and the attachments in the messages and texts you send…
  • That stuff we just stated above, yeah, we analyze it – we go through it and parse it out, log it, store it and share it with others; if it wan’t clear enough before, we’re saying it now – this includes incoming content. Anything people send to you, pictures, emails, texts, we take all that info from your friends and store and analyze whatever your friends send. Remember that part where we said we may recognize you even if you aren’t using our services… well, yeah, here’s a good example – say, a friend of yours is someone we’ve been studying based on what they send you. Now let’s say they log in and start using our products – Voilà! We already recognize them. See how easy that was?
  • We keep track of your pages visited, searches, search terms, page views, and content you view.
  • We collect your payment and billing information and stuff related to your financial information – we are also allowed access to your financial information through our business partners

We also collect information from your devices (desktop, mobile, tablets, etc.). This is basically the same information we’ve already talked about but just want to make sure if you’re thinking we do it just on your desktop, we do it on everything you connect with (mainly, the biggie is your cell phone).

We track your location.

If we can find a way to get information on you from a business partner or piece of technology we’ll do it. Just be aware.

Again, to be clear this is like anything you do, view, click on, you get the point.

About your friends or basically people that are not you sending you things to you… we get that stuff, store it, use it, etc. Examples:

  • Like through Facebook
  • Publicly available info we can get (Fun fact: did you know things like your home address, how much you paid for it, when you bought, etc. is all publicly available information in many states?)
  • Anyone that will sell it to us
  • Anyone that will give it to us
  • Anything we can get from Verizon

Wow. This is grueling. You ready for a break? Let’s break, grab a cold one, use the facilities and we’ll circle back in 15…

We are able to deliver, personalise and improve Oath and Yahoo7 Services by combining, analysing and using the information we already have about you (including information we receive on and off Oath and Yahoo7 Services) and new information we collect about you to understand how you use and interact with Oath and Yahoo7 Services, and the people or things you’re connected to and interested in.  We may also use the information we have and insights we learn about you for the following purposes:

  • To provide, maintain, improve and develop relevant features, content and Oath or Yahoo7 Services, plus new products and services that we, and the Verizon family of companies, may offer.
  • Market our Services and the Verizon family of companies offerings.
  • Understand how you use our Services and those provided by the Verizon family of companies.
  • To analyse your content and other information (including emails, instant messages, posts photos, attachments and other communications).  You can review and control certain types of information tied to your account by using Privacy controls.
  • Fulfil your requests and when authorised by you.
  • Help advertisers and publishers connect to offer relevant advertising in their apps and websites.
  • To match and serve targeted advertising (across devices and both on and off Oath and Yahoo7 Services) and provide targeted advertising based on your device activity, inferred interests and location information.
  • Contact you with information about your account or with marketing messages, which you can also control.
  • To associate your activity across Oath and Yahoo7 Services and your different devices as well as associate any accounts you may use across Oath and Yahoo7 Services together. We may associate activity and accounts under a single user ID.
  • Carry out or support promotions.
  • Conduct research and support innovation.
  • To create analytics and reports for external parties, including partners, publishers, advertisers, apps, third parties and the public regarding the use of and trends within Oath and Yahoo7 Services and ads, including showing trends to partners regarding general preferences, the effectiveness of ads and information on user experiences. These analytics and reports may include aggregate or pseudonymised information.
  • Provide location-based Services, advertising, search results and other content consistent with your location settings.
  • Combine information that we have about you with information that we obtain from business partners or other companies, such as your activities on other sites and apps.
  • Detect and defend against fraudulent, abusive or unlawful activity.

We provide you with controls to manage your experience with us.  For example, you can review or edit your account information, manage your marketing preferences or opt out of targeted ads.  If you opt out, you will continue to see ads, but they may not be as relevant or useful to you.

How we use this information.

  • Make improvements on our services and offer new products and services
  • Sell you things from us and Verizon
  • Understand how you use our stuff
  • Analyze your content. We will read through, store, parse, etc. everything we can including emails, instant messages, posts, photos, and more. Here’s a link if you want to, please don’t follow it.
    • On that link, BTW, we do state that we get whatever we are legally allowed to get from financial institutions about you – we know you, we also want your finances – this includes brokerage statements.
  • Send you messages about your account and sell, up-sell, and cross-sell you while doing it
  • Associate and aggregate your information – specifically, if you have multiple accounts or user IDs or other means of partitioning yourself within our system we pull that all together to get the full picture of you
  • Sell you stuff
  • Learn more about you and research you
  • Put together reports on you to better sell you to other businesses and 3rd parties – even if we have to take info you are using nicknames, avatars, or other means of changing your identity so it doesn’t look like you – if we know it’s you we’re using it
  • Combine information about you that we get from whatever sources give it to us
  • and finally we will use your information to defend ourselves in court in case anyone (including you) says we are abusing the use of your information or doing anything illegal with it

Here are a bunch of links to make you feel like we’re allowing you to update all your information, but there will be no actionable things you can do on the immediate pages behind these links except click on more links. We’ll ask you to log in if you keep it up and hope you go away, but otherwise you will be entering a maze of links.

We share information within its affiliated brands and companies and with Verizon. We also share information we have about you for the purposes described in this Privacy Policy, including to provide Services that you have requested (including when you connect with third-party apps and widgets). We do not sell, license or share information that individually identifies our customers with companies, organisations or individuals outside Yahoo7 or Oath unless one of the following circumstances applies:

  • With your consent. We will share information with companies, organisations or individuals outside Yahoo7 or Oath when we have your consent.
  • With Verizon. As part of Verizon, Yahoo7, Oath and their affiliates may, to the extent permitted by law and consistent with user controls, share information with Verizon, Verizon affiliates and any companies that become affiliates, which may use the information for the same or similar purposes for which we use it in relation to their products, services and offerings. You can learn more about Verizon’s privacy practices here.
  • Within Oath and Yahoo7. Information may also be shared within Oath and Yahoo7, including with other Oath and Yahoo7 Services and affiliates.  The Oath privacy policy explains how it will use the information for Oath Services.  Oath or Yahoo7 affiliates may use the information in a manner consistent with their privacy policies.
  • With partners. We may share your information with non-affiliated companies who are:
    • Trusted partners.  We give user information to trusted partners who work on behalf of or with us based on our directions and in compliance with appropriate confidentiality measures. Learn more.
    •  Advertising, analytics and business partners (limited to non-personally identifiable information). We may share aggregated or pseudonymous  information (including demographic information) with partners, such as publishers, advertisers, measurement analytics, apps or other companies. For example, we may tell an advertiser how its ads performed or report how many people installed an app after seeing a promotion. We do not share information that personally identifies you (personally identifiable information is information such as name or email address) with these partners, such as publishers, advertisers, measurement analytics, apps or other companies.
    • When you use third-party apps, websites or other products integrated with Oath or Yahoo7 Services, they may collect information about your activities subject to their own terms and privacy policies.
      We allow other companies that show advertisements on our web pages or apps to collect information from your browsers or devices. Other companies’ use of cookies and other data collection technologies are subject to their own privacy policies, not this one. Like many companies, we may allow cookie matching with selected partners. However, these parties are not authorised to access Oath cookies.
  • For legal and other purposes.  We may access, preserve and disclose information to investigate, prevent or take action in connection with: (i) legal process and legal requests; (ii) enforcement of the Terms; (iii) claims that any content violates the rights of third parties; (iv) requests for customer service; (v) technical issues; (v) protecting the rights, property or personal safety of Oath or Yahoo7, its users or the public; (vi) establishing or exercising our legal rights or defending against legal claims; or (vii) as otherwise required by law.
  • New ownership. If the ownership or control of all or part of Verizon, Yahoo7, Oath or a specific Services changes as a result of a merger, acquisition or sale of assets, we may transfer your information to the new owner.

Details for specific products and services

Additional privacy practices for certain Oath or Yahoo7 Services are included here.

Information security and data retention
Oath has technical, administrative and physical safeguards in place to help protect against unauthorised access, use or disclosure of customer information that we collect or store.
To learn more about security, including the steps we have taken and steps you can take, please read Security at Oath.

We share it with anyone that will pay for it or we have to give it to because they are bigger and more powerful than us and are in our corporate family, like Verizon.

WE DO NOT SELL OR GIVE YOUR INFO TO OTHER PEOPLE unless…

  • You allow us to; so far, you are allowing us to because if you use our services like Yahoo mail or visit our websites like perform a search on Yahoo we are allowed to sell and give your info to anyone we want
  • They’re Verizon, Verizon gets first dibs on your info
  • Us, if it’s a company that is part of our family, we give your info to them
  • Not us, if it’s a company that is not affiliated with us, we sell your info to them
  • Sort of us, but not really us, but kind of a friend of ours… if we serve ads through a site, like a banner ad, or whatever – they aren’t officially with us and it’s not like they are “not” affiliated with us, they’re sort of affiliated with us – those guys, too…
  • Lawfolk and legal people – if the government asks, we’ll give it to them; or if anybody is suing you and we’re asked by lawyers in the proper way, we’ll give it over
  • Anyone that buys us, if anyone buys us in the future everything you have with us goes to them with all the rights and stuff like that – they can use them like how we’ve been saying so far

More details? Here’s a link… good luck.

Information and data retention questions? Hey! We took an oath. It’s a good oath, and if you really want to read our oath follow this link.

Oath or Yahoo7 Services are for a general audience.  We do not knowingly collect, use or share information that could reasonably be used to identify children under the age of 13 without prior parental consent or consistent with applicable law. With parental permission, a child under the age of 13 might have an Oath family account.

We love kids. Whoa! Not like that. Kids are off limits. We don’t go after kids. Having said that… if the parents give them permission to get a Yahoo email address or use Yahoo to search… that’s on them not us – the parents. Blame them. Because, yeah, now we get the kids.

When you use or interact with any of our Services, you consent to the data processing, sharing, transferring and usage of your information as outlined in this Privacy Policy. Regardless of the country where you reside, you authorise us to transfer, process, store and use your information in countries other than your own in accordance with this Privacy Policy and to provide you with Services. These countries include the United States, Ireland, Singapore, Germany and Taiwan.  Some of these countries may not have the same data protection safeguards as the country where you reside.

Oath may process information related to individuals in the EU/EEA and may transfer that information from the EU/EEA through various compliance mechanisms, including data processing agreements based on the EU/EEA Standard Contractual Clauses.  By using Oath or Yahoo7 Services, you consent to us transferring information about you to these countries.  For more information, please visit our Data transfer page.

Other important information

This Privacy Policy only applies to Oath and Yahoo7. This Privacy Policy does not apply to the practices of companies that Oath or Yahoo7 do not own or control, or to people that Oath or Yahoo7 do not employ or manage. In addition, some affiliated products (such as Tumblr) may have different privacy policies and practices that are not subject to this Privacy Policy.

Changes

We may update this Privacy Policy from time to time, so you should check it periodically.  If we make changes of a material nature, we will provide you with appropriate notice before such changes take effect.

Questions & suggestions

If you have questions, suggestions or wish to make a complaint, please complete a feedback form, or you can contact us at:

Privacy Officer c/-Legal Department
Yahoo7
PO Box R1469
ROYAL EXCHANGE
NSW 1225 Australia

We will notify you within 14 working days of the Privacy Officer receiving your complaint and will try to resolve the complaint within 30 working days.  When this is not possible, we will contact you to provide you with an estimate of the time it will take to resolve the complaint.

For Oath uses, please direct questions, suggestions and complaints to:

Oath
Customer Care – Privacy Policy Issues
701 First Avenue
Sunnyvale, CA 94089

Here’s how we technically are transferring your data, just so you know. We want to make it painfully clear to Europe, we hear you and specifically are including you in this whole deal – there we said it.

Our privacy policy is only for us and our companies, if anyone else wants to use your info they have to pay us for it.

We will periodically change these terms, that’s up to you to keep up with, not us. That’s on you. We’ll do our best to let you know if we’re changing the terms. Probably, in something similar to this document. It will be long and confusing and hopefully you’ll stop reading after the first 2 paragraphs.

If you complain to us, we’ll see what we can do about your complaint.