The long, legalese-heavy terms of use and policies governing internet platforms used to be largely ignored by online users. Now, companies increasingly risk reputational damage over how they write them.
At the heart of scrutiny over jargon-packed policies is artificial intelligence, and users’ fears about how their data may be used to fuel platforms’ latest AI-powered offerings. If they get it wrong, companies risk not only losing customers’ trust, but suffering a hit to their reputations as well.
Some are turning to statements stripped of a lot of legal terms, while others are adding visuals. But the exercise requires platforms to strike a fine balance between complying with legal requirements under state and federal consumer protection laws and communicating effectively with users increasingly worried about the fate of their personal information in a data-hungry AI era.
“It’s really a shift in the way companies use privacy policies and terms of use, whereas they have to be more transparent, have the mechanisms more user-friendly,” said Elizabeth Shirley, partner at Burr & Forman LLP where she helps clients draft AI, privacy, and security policies and procedures.
“That’s because the law has somewhat changed,” she said, “but the main thing I see is that people are demanding it.”
Balancing Act
Most data privacy laws currently dictate what companies write in policies—including descriptions of consumer rights, the purpose for collecting or selling user data, the types of third-parties they’ll share data with, or the sources they’ll collect data from.
Over time, policies have gotten longer and platforms haven’t always clearly communicated their practices with users.
“We’ve definitely seen policies where the legal language was technically accurate but left people potentially misled or suspicious,” said Kelly Miller, leader in FTI Consulting’s cybersecurity and data privacy communications practice where she advises companies and law firms on their communications strategies.
“When you’re dealing with AI use and sensitive data,” she said, “how something is said is just as important as what’s being disclosed.”
Companies like Microsoft’s
In 2024, Adobe got swept into a social media storm after a routine change to its terms of service spurred fears from customers who believed the platform would use their data to feed AI models. The Photoshop and Illustrator maker responded with multiple blog posts seeking to reassure users it wasn’t stealing their content, and quickly rewrote its user agreement in clearer language.
Now, the company approaches updates to those statements differently, including by adding easy-to-understand summaries of changes made in policies and terms of use.
“It’s a balancing act,” said Adobe’s global chief privacy officer and chief cyber legal officer Nubiaa Shabaka. “We want to be as transparent as possible,” she added,"we want folks in the community to read what we are about to produce, to make sure it does not have unintended consequences of what we are trying to relay without the legalese. That is certainly top of mind as we move forward.”
Damage Control
Like Adobe, other platforms more recently have pivoted to prevent reputational damage following a legal terms update.
After file transfer platform WeTransfer’s July update to its terms of service sparked user concerns, the platform recognized it had “been unclear” and issued a blog post, titled “What’s really changing,” to clarify its practices in non-legal terms.
CapCut’s terms of service faced similar feedback in June, pushing the video platform to add an “About CapCut’s Terms of Service” page to clear up what had—and hadn’t—changed about its practices.
Customer scrutiny is driving some platforms to draft more digestible versions of their policies even before they face a communications crisis.
“A lot of organizations are waking up to the fact that, ‘We need to get this right now so it doesn’t become an issue,’” Miller said.
To do so, legal leaders work with communications and marketing staff to pressure-test messaging before releasing it. Reworked legal terms can include bullet points, summaries, and even visuals.
“These statements that people are agreeing to are part of the customer journey,” said Jacqueline Babb, director of the Integrated Marketing Communications program at Northwestern University. She added, “so the communications folks and the marketing folks really do need to be brought in to collaborate on tone and voice and feel. And we can do that while retaining the overall message that the lawyers want us to have.”
It’s not just legalese that can cloud consumer messaging. Ebay’s chief legal officer, Samantha Wellington, said pushback the platform received over its terms highlighted knowledge gaps between Big Tech and users on AI.
“As a technology company in Silicon Valley, we are very, very fluent in how we can talk about technology,” but that’s not the case for many of eBay’s users, she said.
“The learning that I take from it is just being super, hyper-cognizant of the language that we use,” she added.
Users’ backlash toward companies’ legal terms marks one of the first “AI crises” platforms might face as fears about the technology linger.
“All of a sudden you’ve got this group of people that for years and years and years just clicked OK on a privacy policy who are suddenly thinking, ‘This could have some real ramifications for me,’” Babb said. “And ‘I don’t understand AI that well, but I know it’s scary.’ And so you’ve got that kind of perfect storm.”
To contact the reporter on this story:
To contact the editors responsible for this story: