So, a while ago, we posted an article about RapidShare's data breach and then noted the fact that RapidShare did not have a privacy policy....RapidShare apparently got the hint and has since published a privacy policy linked right at the top of their website. As of June 23, 2009, you can find that privacy policy here: http://rapidshare.com/privacypolicy.html.  But since we are here and there is so much interest in it, we decided to do a little privacy policy analysis.

 

1. The first thing to note about the privacy policy is that there is no last modified date, no date at all really.  As a matter of fact no one has any idea when this policy came into being, or when it was last modified.  In essence, leaving the user completely incapable of monitoring the privacy policy to note if there were any changes they do not agree with. (not that anyone does this anyways, but if you want to attempt avoid the FTC and corresponding fines in the U.S. and similarly in the EU, you post a date.)

2. For some reason, RapidShare thinks that it only grabs and logs data for users while they are downloading files.  The joy of joys of a poorly worded privacy policy.  I don't know every website, but RapidShare seems sophisticated enough to me to be using some sort of stats program, such as one of my favorites AWSTATS (but their probably using Ominture or Google Analytics or something).  As well as I know a stats program, (which probably isn't very well) they gather information about you when you are downloading files just the same as when you are just visiting the site or reading the privacy policy....apparently RapidShare doesn't seem to think that is important data.  More likely, whoever drafted the privacy policy probably hasn't read any of the FTC opinions or Article 29 working group publications either.  The short answer is you are supposed to disclose what you are doing with all information you collect, not just file uploading and downloading.

3. Fortunately they do not do any credit card processing on their website, so extremely large disaster avoided there!

4. I've mentioned this before, and I'll mention it again, there is no inclusion of the Privacy Policy with the terms of use.  When do I agree to this privacy policy? and when do I not?  RapidShare is bordering on adhesion contracts here, and any privacy policy could be held null and void.  This is a bit of a grey area because no court has ruled on this issue yet, but my guess is that the lack of inclusion of the privacy policy, and for that matter any indication to the user of the actions which indicate agreement and assent to the terms of use or privacy policy would hold them unenforceable.

5. RapidShare links to a variety of subdomains from their main site, including RapidGames and related...sadly there are no terms of service, privacy policies or anything related apparent on any of these sites.  I am not sure why such a popular and sophisticated site is unable to post simple terms on subdomains, but alas, they are.

This list could go on and on.  Its a bit disappointing as they are clearly trying to get their act in gear, but I don't think they talked to the right people.  Maybe next time!