77

We’ve just made two adjustments to our Terms of Service & Privacy Policy. They were made to return a section that was accidentally removed about the DMCA Designated Agent - there’s little to no impact to end-users and this is mostly to assure compliance. The changes to the Privacy Policy were made to point users to the correct place to exercise their rights - we have a form - as well as to properly indicate that this form is not for access requests only.


Terms of Service changes:
The entire section “11. Copyright Policy” has been added, no other sections were changed.

Privacy Policy Changes:
In the “YOUR RIGHTS” section, the sentence that was changed:

Used to read: If you would like to exercise any of these rights, please email privacy@stackoverflow.com.
Now reads: If you would like to exercise any of these rights, please submit a data request.

We’ve also renamed “Data Access Request” to “Submit Data Request” on different pages, such as on the title of the data request form. It’s also now accessible on the left nav under the same name.


These are the extent of the changes made today. Though minor, we also want to let you know that we’re always reviewing the text of these legal documents and there’s an ongoing larger review of the Privacy Policy - we know there were concerns around the last revision and are addressing them. While these documents need to be written by our legal team, going forward, we want to provide a chance for the community to see the changes and to comment on any red flags prior to setting them live when appropriate.

6
  • 72
    Detailing the before and after in the YOUR RIGHTS section is really nice. Thank you for doing that.
    – Spevacus
    Jan 12 at 13:42
  • 27
    Thank you for the exact detail on the differences, so I don't have to do this again. I hope you do this every time from now on!
    – pxeger
    Jan 12 at 14:35
  • 21
    @pxeger that's the idea going forward, yes.
    – Cesar M StaffMod
    Jan 12 at 14:43
  • 6
  • 26
    I'm often severely critical of SE Inc. (justifiably, in my view :-) ), but this is a great example of how you do something right. Tell us you're making a change, and rather than dump pages of legalese on us, tell us exactly what you changed. Nice one! Jan 14 at 11:28
  • 6
    The new section is also really clear and helpful. Jan 14 at 11:29
27

What does this change mean for the aforementioned email address (privacy@stackoverflow.com)? Will it remain in operation, or is it completely discontinued?

1
  • 25
    It still works - it's still the place to email if you have any questions regarding the privacy policy, your data, and to exercise any rights related to the CCPA.
    – Cesar M StaffMod
    Jan 12 at 13:44
9

Section 10b is unchanged, and says:

If you don’t want to be bound by the arbitration and class-action waiver provisions in this section, you must notify us in writing within thirty (30) days of the date that you first accept these Public Network Terms (unless a longer period is required by applicable law)

For clarity, does any change to the terms of service (including this one) "reset the clock" when it comes to the 30 day period for notifying Stack Exchange to opt out of the arbitration terms, or does the clock only reset when 10b is changed?

3
  • 2
    Just to make sure I understand the question - are you asking: if you've previously opted out of arbitration, do you have to opt-out again? Or if there's a new 30 days period you may opt out because of the change if you haven't previously done so?
    – Cesar M StaffMod
    Jan 12 at 14:44
  • 5
    @CesarM If there's a new 30 days period where you may opt out because of the change if you haven't previously done so
    – Smitop
    Jan 12 at 15:16
  • 9
    According to our legal, only a change in the arbitration clause itself would trigger a new opt-out period.
    – Cesar M StaffMod
    Jan 13 at 14:29
5

I think there's a case inconsistency with the use of the 2nd person singular pronoun "you" in the new 11. Copyright Policy section

Reporting Copyright Infringements

If You believe that content residing or (...)

(...)

  1. Identification, including a description, of the copyrighted work or material You are claiming has been infringed. If You are claiming infringement of multiple works, you may provide a representative list.

This use of the first letter in upper case is inconsistent with the case used throughout the rest of the document. The You only has the first letter in upper case after a full stop, or is written in all caps YOU in paragraphs that are fully written in caps.

Can you please correct it or otherwise explain why the first letter is capitalized only in the 11. Copyright Policy section?

3
  • 7
    A typo on our end, the meaning is the same as "you" in the rest of the document. We'll write it down to be fixed in the future
    – Cesar M StaffMod
    Jan 13 at 14:29
  • 1
    @CesarM I found the typo reminiscent of Uncle Sam.
    – bad_coder
    Jan 13 at 14:36
  • 3
    It's normal in contract documents for parties to be capitalised and listed in a Definitions section. I suggest that it's the reste of the document that's wrong :-)
    – grahamj42
    Jan 14 at 10:46
4

Why wasn't an email sent about the changes in Terms of Service & Privacy Policy?

Since these are legal agreements, it is very important that all users are informed.

I do not feel that adding the tag is equivalent to an email.

Related: Send an email to users if any changes are made in the privacy policy and/or terms of service

7
  • 8
    I think a public announcement like this is infinitely more constructive than millions of emails that would probably be mistaken for and sent automatically to junk mail. Millions of SO registered users barely use Stack Exchange, and wouldn't care about any changes in the terms as long as they can still post a question and get an answer. The users who do care are the ones who visit SE on a regular basis, who look at the bulletin board, who take an interest in Meta.
    – Mari-Lou A
    Jan 18 at 19:50
  • 7
    @Mari-LouA If one has not been explicitly notified about changes to legal documents, then how can anyone claim that users have "agreed" with them? I for one has not signed a single document or used electronic id to do so, so there is no binding way to prove that I have agreed to anything.
    – Lundin
    Jan 19 at 10:41
  • 3
    @Lundin you agreed to the TOS when you signed up, which says "Stack Overflow reserves the right, in its sole discretion, to modify or replace these Public Network Terms, [and will notify you of changes] by posting a notice on the public Network."
    – JeffUK
    Jan 19 at 17:44
  • 2
    @JeffUK "or by sending you notice via e-mail" Jan 19 at 18:11
  • 4
    @RandomPerson Yes, or not and it's at their discretion. I'm not saying it's a bad idea, just correcting the assertion that this post is not valid notice under the terms.
    – JeffUK
    Jan 19 at 18:13
  • @JeffUK I didn't sign anything then either. How can you prove that real life person x has agreed to anything on this site? Clicking a mouse on a button isn't a legally binding action unless you have identified yourself with electronic id etc first.
    – Lundin
    Jan 20 at 7:14
  • @Lundin in practicality, this will only happen if you identify your real self as a user of this site by suing them for something.. then that's when they'll pull out the TOS. If they never know who you are, the extent of the reach of the TOS is that they will cancel your account if you breach them.
    – JeffUK
    Jan 20 at 9:35
3

Reading section 11, I wanted to understand what data would be published by Lumen (with which Stack Exchange shares the complaint). It's actually quite difficult to find on their site, so here is their guide to what is redacted (https://www.lumendatabase.org/pages/lumen-notice-basics) :

General Redactions Performed by Lumen

Lumen makes a good faith effort to redact out all personally identifying information (“PII”) contained within notices other than the name of the sender or rightsholder, and the country of origin of the notice. Our automatic redaction processes seek to identify and remove the following:

Email addresses
Phone numbers
Other forms of ID number (e.g. Social Security #s, national ID #s)

Lumen also makes a good faith effort to not display the street addresses of individuals who are the Senders or Recipients of notices if that information has been included in a notice. Lumen will generally remove such information, as well as other PII, on request if it is inadvertently included in notice fields by a notice Sender.

Lumen generally does NOT remove the names of the individual or entity who holds the right(s) at issue that the notice is seeking to exercise. This is typically the notice’s Sender and/or Principal, but sometimes only the Principal, in the case of notices sent by a 3rd party, such as a lawyer or agency.

If the Sender of a notice is such a 3rd party individual, Lumen makes a good faith effort to redact out the Sender’s name. Lumen does not generally redact out the names of 3rd party companies, law firms or other agencies.

4
  • The question is how relevant this is, since 2017 no reports were uploaded to Lumen according to my searches.
    – Luuklag
    Jan 14 at 11:04
  • 6
    @Luuklag it's not something we currently do, but for transparency efforts, it's something we are looking into doing again - naturally, it involves risks around PII, it's also something that we're taking into account if we are to do it.
    – Cesar M StaffMod
    Jan 14 at 12:29
  • 1
    @CesarM yeah it definetly is a concern regarding PII, as there is some PII disclosed in old reports there which I stumbled upon.
    – Luuklag
    Jan 14 at 12:52
  • 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .