Some new types

[michielbdejong]

Here is a list of document types that Tosback2 uses but src/types.js does not yet list. We probably don't want to merge all of these, some include the service name in the document type and some are too similar or even look like typos. I'll tick the boxes of the ones this PR keeps, I'll update the Tosback2 rules at the XML source, not to use any document types that are not ticked here:

• API Terms of Use
• APIs Terms of Use
• Acceptable Use Policy
• All Policies
• Application-Based Services Terms of Use
• Cable Internet Terms of Use
• Canary Privacy Policy
• Cbs Interactive Privacy Policy
• Closed Captioning Policy
• Conditions of Use
• Consumer Terms of Sale
• Cookie Policy
• Copyright
• Copyright and Your use of the British Library Website
• Customer Privacy Policy
• DMCA
• Data Policy
• Data Use Policy
• EULA
• Etiquette Policy
• Flickr Privacy Policy
• GOOGLE PRIVACY POLICY
• Geo guidelines
• Gizmo Privacy Policy
• Google Project Hosting - Additional Terms
• Group Video Calling Fair Usage Policy
• Host Guarantee Terms and Conditions
• Intellectual Property
• Intellectual Property Policy
• Legal Information
• Legal Information (Intuit)
• LinkedIn in Microsoft Applications with Your Personal Account
• Microsoft Services Agreement
• Microsoft Terms of Use
• Network User Agreement
• Oath Privacy Center
• Online Practices
• PRIVACY POLICY
• Policies and Notices
• Privacy
• Privacy Notice
• Privacy Policy Agreement
• Privacy Policy and Terms of Use
• Privacy and Cookies Policy
• Privacy for eero Devices
• Residential Services Subscriber Agreement
• Router Compatibility List
• Rules on Resolving Image Piracy Complaints
• SAMSUNG PRIVACY POLICY FOR THE U.S.
• Security
• Security & Privacy
• Security Advisory
• Signal Terms & Privacy Policy
• Term of Service
• Terms
• Terms & Conditions
• Terms Of Use
• Terms and Conditions and Privacy Policy
• Terms and Conditions of Use
• Terms of Sale
• Terms of Service & Privacy Policy
• Terms of Service 1
• Terms of Service and License Agreement
• Terms of Service and Privacy
• Terms of Use (Consumer)
• Terms of Use - About Copyright
• Terms of Use and Privacy Policy
• Third Party Advertising, Third Party Cookies, Affiliation, and Terms of Usage
• US Acceptable Use Policy
• Universal Terms Of Service
• User Agreement
• Visible Service Terms & Conditions
• Visitor Agreement
• Vunerability Disclosure Program
• Web Notices and Terms of Use
• Website Terms of Service
• World Of Warcraft Terms Of Use Agreement
• YOUR PRIVACY & SECURITY
• end-user-license-agreement

[michielbdejong]

Not sure how to handle this one, it's basically two privacy policies that apparently both apply:

<docname name="Privacy Policy">
    <url name="https://policies.oath.com/us/en/oath/privacy/index.html" xpath="//main[@id=&apos;site-main&apos;]" reviewed="true">
      <norecurse name="arbitrary" />
    </url>
  </docname>
  <docname name="Flickr Privacy Policy">
    <url name="https://policies.oath.com/us/en/oath/privacy/products/flickr/index.html" xpath="//main[@id=&apos;site-main&apos;]" reviewed="true">
      <norecurse name="arbitrary"/>
    </url>
  </docname>

Same for Gizmo. I'll use privacy for the product-specific one, and privacyFull for the parent company one.

[michielbdejong]

I realized that I can't do the full tosback import until we have language support, so I'll put this PR up for review with the additions I made so far, and then we can follow up later once we have support for >=1 docs of the same type for the same service, which is what some of these need.

[michielbdejong]

I don't know all the implications of adding (too) many types that are similar to each other, but in general services use very different titles for their legal documents. Some call it Terms of Use, others call it Usage Policy. Should we allow this diversity or force a more strict small set of document types?

[michielbdejong]

This does greatly increase the number of times

(Tests skipped for this document type as it is not declared for this services)

is printed when you run npm run validate... :/

[MattiSG]

Thank you very much @michielbdejong!

I'll use privacy for the product-specific one, and privacyFull for the parent company one.

We encountered this issue with Skype (parent company Microsoft). In #53, we introduced a document type tosParent. We then found that Skype had a consolidated ToS document which we imported, removing the document type along the way, in #76.
If there is no such consolidated document, then let's re-introduce tosParent from #53 🙂

I can't do the full tosback import until we have language support

Just to double-check: do you mean being able to store documents in different languages? Is the issue the fact that some documents are not in English (which contradicts our current contribution guidelines), or is it that some ToSback documents are tracked in several languages?

Should we allow this diversity or force a more strict small set of document types?

In order to enable comparative analysis, I would find it great to define types independently from the provider-given name. This way, we could compare terms of services or privacy policies across companies, no matter how they call them in their own lingo. This seems reinforced by the future addition of multiple languages: I don't think it would be manageable to translate each type into several languages!

I understand this means being able to better define each type, so that one can find the most appropriate one beyond the names. I see a couple ways this could be solved:

1. Add a description field to the document types, which would enable a more complete description and would help contributors identify the most appropriate type no matter the provider-given name.
2. Add a synonyms field to the document types, which would help with disambiguating.
3. Characterise each document type along three dimensions of the contractual relationship: party 1 / party 2 / object . Example 1, example 2.

This would mean, for example, that:

• A “cookie policy” describes the agreement on cookies between service provider and individual end user.
• A “privacy policy” describes the agreement on personal data between service provider and individual end user.
• A “law enforcement guideline” describes the agreement on service between service provider and law enforcement agents.
• “commercial terms” describe the agreement on service between service provider and commercial intermediaries.

I am not yet sure that this characterization is a proper theoretical representation of a contractual relationship, but it does seem to help pragmatically in defining document types. What do you think of it @michielbdejong? Do you have recommendations of people to reach out to to discuss this topic? 🙂

Twitter is really the worst for that (or the best if one considers readability!), as their rules and policies are split in dozens of documents. We added a few in #85, but there are definitely many others.

This does greatly increase the number of times […] is printed when you run npm run validate... :/

I think this workaround is showing its limits. We'll probably have to find a better one.

[MattiSG]

Thanks again @michielbdejong, this is super useful both towards integrating tosback rules but also to go further in defining types properly! 😃

[MattiSG]

In favor of merging with tos, unless I misunderstand and there is a difference.

[michielbdejong]

It's used by for instance Apple to define the ToS of the www.apple.com website, as opposed to their iChat ToS, Game Center ToS, iCloud ToS, and iTunes ToS. Maybe the right thing to do here is to define "the Apple website", iChat, Apple Game Center, iCloud and iTunes all as separate services. It's probably inaccurate to define "Apple" as a single service.

[michielbdejong]

That way, we can have "the tos of www.apple.com" instead of "the website_tos of Apple".

[MattiSG]

Maybe the right thing to do here is to define "the Apple website", iChat, Apple Game Center, iCloud and iTunes all as separate services.

Yes, strong +1.
This is also what I suggested and we finally decided in #77: Facebook, Facebook Ads and Facebook Payments should all be separate services. This suggests there might be a use for modeling the service provider in the end, but right now let's declare each service independently 🙂

[MattiSG]

Maybe we should expand acronyms 🤔

[Ndpnt]

Yep 👍 , I was thinking the same the last week.

[MattiSG]

In favor of merging with tos, unless I misunderstand and there is a difference.

[MattiSG]

In favor of merging with tos, unless I misunderstand and there is a difference.

[MattiSG]

We can add this, or we can ask contributors to select the subset of the document which is about ToS and about privacy, especially now that it's been made easier with #70… Could we have some examples of this @michielbdejong? 🙂

[michielbdejong]

Good point, and it applies in a few other cases as well. I'll do that.

[MattiSG]

In favor of merging with cookiesPolicy, unless I misunderstand and there is a difference.

[MattiSG]

In favor of merging with cookiesPolicy.

[MattiSG]

Could we have examples, in order to understand if this is about describing copyright owners, about DMCA, or about providing copyright licenses?

[MattiSG]

In favor of merging with privacy, unless I misunderstand and there is a difference.
Could we have an example?

[MattiSG]

I'll update the Tosback2 rules at the XML source, not to use any document types that are not ticked here

I see that many of these types contain company names, and are thus trivial to realign (e.g. SAMSUNG PRIVACY POLICY FOR THE U.S. should be privacy).
Some others are syntactic variants, also trivial to realign (e.g. APIs Terms of Use and API Terms of Use).

However some seem more complex, as they are specific to a service type, such as Host Guarantee Terms and Conditions. When these document types are not ticked, what is your intention with them? 🙂

[MattiSG]

they are specific to a service type […] what is your intention with them?

Just saw that this was precisely your question in #89 😅

[MattiSG]

Will be impacted by #90, inputs welcome there!

[michielbdejong]

Superseded by #90.

[MattiSG]

Has been only partly superseded by #90: some types are still missing.

@Ndpnt and myself spent some time yesterday building a mapping table for all the document types you referenced in this PR 🙂

Since you mentioned wanting to edit the original XML files (we could also build a dynamic mapping table), this mapping table maps each ToSBack type to a CGUs type.

Types in bold are new ones that should be created. In italic are documents that we believe should be dropped as the links are outdated.