The more TOS I read through, the more it seems we need a "common law" solution.
(I use the term "common law" loosely here)
Something like a couple of pre-defined categories for software services (e.g. info provider, social network, real-world interface) with pre-set rules (e.g. the client cannot attempt to break the social network; the owner of the social network cannot re-sell data to a third party).<p>We have something like this for brick'n'mortar retail already -- each store can't just make up their own rules but rather has to operate within a societal framework.<p>The system we have right now leads to every corporation being incentivized to claim as much legal ground as possible in the TOS, leading to a de-facto corpo-state. It also undermines the rule of law in a cultural sense since many things in the TOS may be deemed unenforceable when actually challenged in court. The users will always be is a several disadvantageous bargaining position.
To: arbitrationoptout@23andme.com
Subject: Request to Opt-Out of Updated TOS<p>23andMe Team,<p>I am contacting you regarding the recent changes to the 23andMe Terms of Service, dated November 30, 2023. My name is [your name as registered with 23andMe], and the email associated with my 23andMe account is [your 23andMe account email].<p>I hereby formally request to opt out of the newly updated Terms of Service. I do not consent to the terms as outlined in the recent update.<p>Thank you for processing my request promptly.<p>[Your Name]
"If you have not notified us... you will be deemed to have agreed..."<p>Is changing the terms of a service agreement with no confirmation/acceptance from the user even legal or enforceable?
“… encourage a prompt resolution of any disputes and to streamline arbitration proceedings where multiple similar claims are filed“<p>Someone’s getting ready for some fallout from data leaks.
How is it, that after the fact (the hack), can the TOS be changed to mitigate damages from their lack of security? If this is the case, why worry about security then if all we need to do is change the TOS after the fact. No, I suspect a good lawyer or two can challenge this.
Regardless of TOS, relatives who never agreed to the TOS may still have standing.<p>Will some non-TOS-signing relative who was impacted by the data breach lead a trillion-dollar class action suit?<p>(Class action, with the goal of putting a healthy fear of the public into abuse-inclined industry. Not the class action goal of letting a misbehaving company pay off liability with a small percentage of their gains from misbehavior, in exchange for making a few lawyers wealthy.)
My mother innocently used this service, and filled out the form identifying all relatives by name.<p>The results she received were entirely unenlightening, 50% of my DNA is now in their sketchy database, and I have no way to opt-out of anything.<p>I truly despise this organization.
There is perhaps one upside.<p>As it turns out, when binding arbitrarion is forced, those very same companies can't handle the caseloads that come with thousands of cases being filed individually so it can be a bit of a footgun<p><a href="https://www.nytimes.com/2020/04/06/business/arbitration-overload.html" rel="nofollow noreferrer">https://www.nytimes.com/2020/04/06/business/arbitration-over...</a>
Can someone please confirm: Is forced binding arbitrage allowed in EU/EEA/EFTA?<p>If no, what happens if you are a customer from France or Germany? It seems like this contract is totally unenforceable!<p>A bit deeper, I really wish it was illegal to create intentionally unenforceable contracts. Too many companies create these incredibly scary contracts that no mortal human can understand, let alone know if unenforceable.
I can’t count the times I have advised friends and family against using certain products and services, only to be ignored or be accused of being paranoid. In some cases the response is “well, you can already find anything about anyone on the internet” or “they already have everything”, etc. It’s incredibly frustrating to watch some of these highly consequential breaches happen. I have yet to have someone come back to me to say “You know, you were right.<p>I am sure many/most HN readers have come across this to varying degrees.<p>Not sure there’s a fix. The only people who eventually get it are those who are unlucky enough to eventually suffer the consequences of their lack of interest in privacy and data safety.
Society and lawmakers need to update the TOS and legislate these companies out of existence and their databases need to be wiped.<p>Privacy laws really need to be updated for both collection against individuals as well as taking into account what the aggregate data represents.
Have terms of service ever successfully been challenged for failing to meet the requirements of a contract? Like if I make an Uber account for my mom, and she uses it, at what point is she bound by the ToS?
Thanks for reminding me that I needed to cancel my account. I <i>should</i> have done it years ago when they announced they were being bought out by private equity, and before the inevitable security breaches. Oh well, better late than never, I guess.<p>And, before the "why did you ever do this?!" replies, my wife really wanted to do it, all the way back when they first started, and I relented. Our common 0.3% "sub-Saharan African" results is still a running joke.
How do unilateral TOS changes like this work in practice? If the previous TOS didn't force binding arbitration, can they unilaterally impose this change on existing users? Basically forcing existing users to "agree" to this? What recourse do existing users have?<p>I don't use / won't use 23andMe, because of issues like this (the nature of the relationship changing unilaterally). I don't like sharing private data, nothing is more private than my DNA.
In case anyone is interested I've been compiling as much factual information on arbitration here. Not yet complete but reasonably useful and well sourced<p><a href="https://grimreaper.github.io/arbitration/docs/problems/" rel="nofollow noreferrer">https://grimreaper.github.io/arbitration/docs/problems/</a>
People who are not 23andMe customers might nevertheless be harmed by these breaches due to the peculiar nature of DNA data, and they could conceivably sue without being bound by any TOS.
You have to go through all of this and give away your body's code to corps and governments just to learn maybe your grandparents were from some part of the world?
do note you can and should send a response that says “no.”<p>then you get to keep the existing terms, which are likely slightly better. hence the hoop through which you must jump.
Just to share a positive from 23andMe, given all the bad press around here.<p>I got on this service a couple years ago. I am adopted and had spent a long time trying to track down one side of my biological family. I had very little to go on other than a first name and general whereabouts 40+ years ago.<p>As it became more popular, I had half siblings and, eventually, my biological father reach out to connect.<p>Its been great knowing I have that connection finally. We're planning to meet soon.<p>This is a huge benefit of this kind of "opt in" service, but I recognize how devastating it might be if someone was concealing my existence for, say, religious reasons and a data leak or loose privacy settings from a common relative revealed something.<p>It's a nuanced issue, but my experience has been immensely positive in that it gave me something I may never have had.