AI in Search of Unfairness in Consumer Contracts: The Terms of Service Landscape

Abstract

This article explores the potential of artificial intelligence for identifying cases where digital vendors fail to comply with legal obligations, an endeavour that can generate insights about business practices. While heated regulatory debates about online platforms and AI are currently ongoing, we can look to existing horizontal norms, especially concerning the fairness of standard terms, which can serve as a benchmark against which to assess business-to-consumer practices in light of European Union law. We argue that such an assessment can to a certain extent be automated; we thus present an AI system for the automatic detection of unfair terms in business-to-consumer contracts, a system developed as part of the CLAUDETTE project. On the basis of the dataset prepared in this project, we lay out the landscape of contract terms used in different digital consumer markets and theorize their categories, with a focus on five categories of clauses concerning (i) the limitation of liability, (ii) unilateral changes to the contract and/or service, (iii) unilateral termination of the contract, (iv) content removal, and (v) arbitration. In so doing, the paper provides empirical support for the broader claim that AI systems for the automated analysis of textual documents can offer valuable insights into the practices of online vendors and can also provide valuable help in their legal qualification. We argue that the role of technology in protecting consumers in the digital economy is critical and not sufficiently reflected in EU legislative debates.

In recent years, consumer markets have increasingly been shaped by new information technologies and artificial intelligence (AI) systems. This development, prompted by leading companies operating consumer-facing platforms, has often been portrayed as contributing to consumer well-being. Indeed, by lowering decision-making and transaction costs, new approaches to data analytics and AI can certainly bring value to consumers (André et al., 2018; Bakos, 1997; Wathieu et al., 2002). At the same time, growing attention has been paid to the ways in which innovative technologies and business models can affect individuals’ rights and behaviour (Helbing, 2019; Jabłonowska et al., 2018; Mirsch et al., 2017).

In the field of consumer law and policy, the use of AI by large businesses has given rise to concerns over the weakening position of consumers, creating an imbalance in the market that is likely to prove unsustainable over the long term. Indeed, AI, in combination with big data, is equipping companies and platforms with enhanced knowledge and unprecedented capacities in relation to their customers: the ability to identify, on a massive scale, their tastes and preferences, strengths and weaknesses, to predict their responses, and to target them with personalised messages aimed at triggering desired behaviours (Grafanaki, 2016; Helberger et al., 2021; Zuboff, 2015). Where AI systems are developed primarily by businesses, and focused on serving their interests (such as increasing profits and market share), there is a risk of consumers becoming not empowered but overpowered by AI.¹ Similar challenges are also present in other fields transformed by technological developments, in both private and public sectors (Pasquale, 2015; Wood et al., 2019).

Faced with the growing technological sophistication and the associated promises and perils, regulators around the world have begun to contemplate the need for legislative responses. The EU legislature initially took a piecemeal approach, targeting selected problems experienced by vendors (hereafter, “traders”) and consumers. More recently, a more overarching vision for the EU digital economy was presented, covering, on the one hand, competition and the provision of services in online platform markets, and, on the other hand, equally important questions about data governance and artificial intelligence. The ambition is to simultaneously address the downsides of data-driven markets and promote the development of technologies that enhance growth and well-being.

Against this background, the present paper explores the potential of AI to generate insights about business-to-consumer (B2C) practices and to identify noncompliance of digital traders with their obligations. In so doing, it connects several themes which the EU legislature deems important but has yet to consider together. The focus of the discussion remains on five aspects of the relationship between consumers and traders in the digital economy (including platforms) that are prominent in EU regulatory and academic debates, namely, liability, unilateral change, termination, content moderation, and alternative dispute resolution (ADR). In relation to most of these aspects, a range of comparatively detailed obligations are proposed in the new legislation. However, there already exist certain horizontal norms that can serve as a valuable frame of reference for assessing traders’ online practices in B2C relations. That is the case with the analysis of standard terms which providers of digital services typically make available to consumers and which often cover the matters just described. We contemplate and test the possibility of using AI systems in the domain of standard terms control and demonstrate that these indeed can yield important insights about market practices. This illustrates, in our view, the usefulness of researching and implementing systems that support consumer organizations and leverage consumer empowerment in the AI era (Contissa et al., 2018b).

The paper is structured as follows. By way of introduction, we review the challenges faced by consumers in the world of big data and AI and highlight key aspects of the current EU landscape with regard to consumer protection in online commerce. Particular attention is devoted to the recent proposals on platforms and AI as well as to existing provisions on unfair contract terms. Based on this initial discussion, as well as previous academic research, we identify a number of overarching matters recognized as important in the relation between digital service providers and consumers. We then present a system for the automatic detection of potentially unfair terms in consumer contracts, developed as part of the CLAUDETTE project, offering this system as an example of an AI-driven initiative aimed at enhancing consumer protection (Contissa et al., 2018a; Lippi et al., 2019). Based on the dataset prepared for this particular project, we paint the landscape of contract terms used in different digital consumer markets and theorize their categories, with a focus on the previously identified overarching matters. In doing so, the paper provides empirical support for the broader claim that online systems for the automated analysis of textual documents can offer valuable insights into the practices of online traders and valuable help in their legal qualification. We argue that the role of technology in protecting consumers in the digital economy is critical and should accordingly be embraced.

Consumers in the World of Big Data and AI

New information technologies, and especially artificial intelligence, are quickly transforming economic, political, and social spaces. On the one hand, AI provides considerable opportunities for consumers and civil society. For instance, services can be designed and deployed to analyse and summarize massive amounts of product reviews (Hu et al., 2014), detect discrimination in commercial practices (Ruggieri et al., 2010), recognize identity fraud (Wu et al., 2015), or compare prices across a multitude of platforms. On the other hand, these opportunities are accompanied by serious risks, including inequality, discrimination, surveillance, and manipulation. It has indeed been claimed that AI should contribute to the realisation of individual and social interests, and that it should not be “underused, thus creating opportunity costs,” nor “overused and misused, thus creating risks” (Floridi et al., 2018).

The observed development in AI is fostered to a significant degree by the leading providers of digital services, especially online platforms. As traders gain access to vast amounts of personal data (consumers’ preferences, past purchases, etc.) and assume increasingly important social and economic roles, their relationship to consumers’ needs to receive special attention. Thanks to AI, digital service providers can effortlessly use this information to further their commercial goals, potentially to the detriment of consumers’ interest in fair algorithmic treatment, i.e., their interest in not being subject to unjustified prejudice resulting from automated processing.

To better understand the imbalance between the data infrastructures available to businesses and consumers, it is worth looking at the most common methods of machine learning and the ways in which they can be used to surveil, profile, and manipulate consumers. Data infrastructures include methods and tools for collecting, processing, and analysing consumers’ data so as to predict their future behaviour. A sophisticated data infrastructure usually includes all the necessary steps from collecting and sorting the data of interest to then using it for business interests such as advertising and profiling. Conversely, the tools available to consumers are scarce (Curran, 2018). Three approaches to machine learning are discussed here, i.e., supervised, unsupervised, and reinforcement learning—each powerful in its own way but suited to different kinds of tasks.

Supervised learning requires a training set containing a set of input-output pairs, each linking the description of a case to the correct response for that case. Once trained, the system is able to provide hopefully correct responses to new cases. This task is performed by mimicking correlations between cases and responses as embedded in the training set. If the examples in the training set that come closest to a new case (with regard to relevant features) are linked to a certain answer, the same answer will be proposed for the new case. For instance, in product-recommendation and personalised-advertising systems, each consumer feature (e.g., age and gender) and behaviour (e.g., online searches and visited Web pages) is linked to the purchased objects. Thus, if consumers that are most similar to a new consumer are labelled as being inclined to buy a certain product, the system will recommend the same product to the new consumer. Similarly, if past consumers whose characteristic best match those of the new consumer are linked as being responsive to certain stimuli (e.g., an ad), the system will show the same commercial message to the new consumer as well. As these examples show, training a system does not always require a human “teacher” to provide correct answers/predictions to the system, since in many cases answers can be obtained as a side effect of human activities (e.g., purchasing, tagging, clicking), or they can even be gathered “from the wild,” being available on the open Web.

Reinforcement learning is similar to supervised learning, as both involve training by way of examples. However, in the case of reinforcement learning, the machine is presented with a game-like situation where it learns from the outcomes of its own actions. Its aim is to figure out a solution/answer to a certain problem/question through trial and error associated with rewards or penalties (e.g., points gained or lost), depending on the outcomes of such actions. For instance, in a system learning to target ads effectively, rewards may be linked to users’ clicks. Being geared towards maximising its score (utility), the system will learn to achieve outcomes leading to rewards (gains, clicks) and to prevent those leading to penalties.

Finally, in unsupervised learning, the system learns without receiving external instructions, either in advance or as feedback. In particular, unsupervised learning is used in sorting and then categorizing data, and it can identify unknown patterns in data. The task of processing and grouping data is called clustering, and it produces clusters (where the machine can be instructed on the number or granularity of such clusters), i.e., the set of items that present relevant similarities or connections (e.g., purchases that pertain to the same product class or consumers sharing relevant characteristics).

As mentioned, AI systems developed and deployed with a business interest in mind can substantially increase the asymmetry between traders and consumers. In digital markets, certain risks to consumer interests may be further exacerbated by the fact that many technology companies—such as major platforms hosting user-generated content—operate in two- or multi-sided markets. Their main services (search, social network management, access to content, etc.) are offered to individual consumers, but the revenue streams come from advertisers, influencers, and opinion-makers (e.g., in political campaigns). This means not only that all information that is useful for targeted advertising will be collected and used for this purpose, but also that platforms will employ any means to capture users, so that users can be targeted with ads and attempts at persuasion. As a result, the collection of personal data and the data-driven influence over consumer behaviour assume massive proportions, to the detriment of privacy, autonomy, and collective interests. Moreover, online platforms often lack incentives to act impartially and consistently with regard to mediated content. For example, since controversial content has been shown to be particularly effective at capturing consumers’ attention, service providers may not always have an incentive to restrain it (Hagey & Horwitz, 2021).² In other cases, the design of ranking systems and conditions for accessing platforms can result in consumers being prevented from significant opportunities (e.g., discounts, alternative providers). These algorithmic practices are exceedingly difficult to monitor and, on the face of it, can be consistent with terms of service (ToS) accepted by consumers. Standard terms may further include far-reaching exclusions of traders’ liability as well as cumbersome provisions on dispute resolution, thereby additionally shielding providers from outside scrutiny. However, as shown in the following, service providers have been attracting increased regulatory attention and do not operate in a legal vacuum. Moreover, AI can be used not only to further business interests but also to capture valuable insights into businesses practices, and it can help legal practitioners and nongovernmental organisations in their legal assessment of such practices.

Recent Developments and Established Instruments of Consumer Protection in Digital Markets

The Emerging Regulatory Framework for Online Platforms and AI

The risks that AI poses to markets and society, and the structural characteristics of digital consumer markets, have been a subject of lively academic and policy debates over the past years. Indeed, as noted by Zuboff, in the age of surveillance capitalism, where the human experience has become a new “fictional commodity,” raw market dynamics can lead to novel disruptive outcomes (Zuboff, 2015). This is a reason why AI is often perceived as a weapon (O’Neil, 2016) in the hands of businesses, to be used to the detriment of consumers. A particularly determined push for regulation that can counteract this negative development can be observed in the European Union.

The adoption of Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR)³ is often seen as an important early step towards enhancing consumer autonomy in data-driven markets. Indeed, the Regulation lays down a horizontal framework, consisting of principles (e.g., lawfulness, fairness, transparency, data minimization) and data subjects rights (e.g., transparency and information about processing, right of access, right to object), as well as numerous rules and obligations applying to controllers and processors. The GDPR is thus a central EU act that determines how personal data should be processed, what data subjects must know, and what can happen if the relevant rules are infringed. In contrast, it does not contain specific requirements directed at particular data-driven services or technologies.

More recently, the EU institutions took steps to complement existing rules with a more detailed framework for online platforms and AI. In late 2020 and early 2021, the European Commission put forward two legislative proposals—for a Digital Services Act⁴ and for an Artificial Intelligence Act,⁵ respectively. Both initiatives are directly connected to the consumer protection domain through the New Consumer Agenda, laying out a vision for the EU consumer policy from 2020 to 2025.⁶ The proposed regulatory landscape is completed with the proposal for a Digital Markets Act,⁷ focusing on platform competition, and the proposal for a Data Governance Act,⁸ which attempts to improve the conditions for data sharing.

The aims of the ongoing reform—concerning both the mitigation of risks and the promotion of beneficial innovations—are laudable. Even so, in assessing the EU’s legislative efforts on the digital economy, we remain ambivalent. Most notably, the proposed framework looks like a missed opportunity to provide robust consumer protection. The draft AI Act does recognize important risks that AI systems may pose to the individuals affected. However, the core of the proposal lies in the framework for high-risk applications, and the key digital services provided to consumers are not qualified as such. Similarly, the proposal does not tackle economic harms, which are an important area of concern for consumers (BEUC, 2021). Aside from the high-risk framework, the proposal also specifies a number of AI practices that are altogether prohibited, but these are nonetheless defined in a highly restrictive manner (Article 5). What remain, if this is to serve as a consumer protection instrument, are some very light-touch transparency obligations about the operation of certain AI systems, e.g., those aimed at recognizing emotions (Article 52). The proposal further undertakes to support the development of human-centered AI, but proceeds from a narrow understanding of the associated public interest (Article 54(1)(a)).

The deficiencies sketched out above are hardly addressed by the other parts of the discussed reform, including those that explicitly engage with online platforms. Admittedly, the proposed Digital Services Act sheds light on several important matters in the digital consumer markets, such as liability, content moderation, and alternative dispute resolution. However, the proposal is also far from being comprehensive and, among others, fails to adequately engage with both the risks and the potential which AI holds in the platform domain. If at all, the two issues are only covered indirectly, in the context of so-called systemic risks. More specifically, the proposal envisages an obligation for very large online platforms to identify, analyse, assess, and mitigate significant systemic risks stemming from the functioning and use made of their services in the EU (Articles 26 and 27). To improve platform scrutiny, very large online platforms would further be required to provide vetted researchers with access to their data, which, however, remains equally tied to the concept of systemic risks (Article 31(2)). Such an approach seems overly restrictive, especially since the types of risks that are explicitly mentioned in the proposal are geared primarily towards third-party actions, such as the dissemination of illegal content. Problematic practices taken at platforms’ own initiative, such as the data-driven behavioural influence (Helberger et al., 2021), as well as other contexts in which access to data for research purposes could contribute to consumer well-being, appear to go unnoticed.

Horizontal Instruments of Consumer Protection

(Un)Fairness in B2C Relationships

The increase in regulatory activities in the field of online platforms and AI observed in recent years should not be taken to imply that digital traders have been operating in a legal void. On the contrary, existing horizontal instruments—including, but not limited to the GDPR—do engage with many universal questions that can be relevant to digital consumer markets. This is especially the case for the questions of fairness in consumer contracts and in commercial practices, which have long been subject to the harmonized consumer rules.

Across the academic discussion on fairness and good faith in consumer contracts, Chris Willett identifies the following areas of analysis: the manner in which the precontractual negotiating stage is conducted, including the ability to give informed consent (so-called procedural fairness); the actual terms of the contract that is being entered into, where under scrutiny is fairness in the allocation of rights and obligations (substantive fairness); and the rules for interpreting contracts and filling gaps in them, as well as on performance and changes in the contractual relationship, and the remedies provided for by the law in the event of breach of contract (Willett, 2017). Many of these areas are currently covered under harmonised EU measures, including in the context of validating standard terms, as discussed in the following section.

In today’s economic reality, the aforementioned areas where fairness becomes an issue are a cause for concern, more so in some situations that in others. This is particularly apparent in the case of online consumer contracts, where a business provider offers its standard terms in “clickwrap” form and the consumer is impatient to click on “I agree” and gain access to a website or get to using an app. From a consumer perspective, as with every standard-form contract, when entering into a new relationship with an online service provider, most of these issues may move to the background, and the question of fairness is largely reduced to the manner in which the rules and obligations of the parties are framed and described, that is, the issue in the foreground becomes about the actual transparency of the terms and the substance of the contract.

Standard-form contracts clearly have considerable economic advantages, in that traders rely on them in an effort to cover the full gamut of contractual relationships, often building on their experience in attempting to account for circumstances and eventualities which may occur in the future, thus reducing transaction costs (Beale, 1989; Willett, 2017). On the other hand, it is no secret that this type of contract leaves little room for negotiation, and the consumer’s contractual freedom is limited to either accepting or rejecting the entire contract as written. The service provider, on the other hand, enjoys considerable advantage in being able to meticulously craft the terms of the contract in fine detail and may take as much time to do so as is needed. In a time when nearly every website, application, and device with a screen comes with its own terms of service, the time factor becomes increasingly relevant given the sheer volume of contracts that today’s consumer is asked to enter into. This is perhaps the best indicator that there is always a risk of significant imbalance between the relative powers of the parties, suggesting the need for intervention by the legislator. Existing horizontal rules on unfair terms in consumer contracts are aimed precisely at narrowing or levelling this imbalance.

The Unfair Contract Terms Directive

In the EU, the provisions on reviewing the fairness of not individually negotiated terms in B2C relationships are harmonised as part of Council Directive 93/13/EEC on unfair terms in consumer contracts (UCTD).⁹ The act sets forth the minimum standard of consumer protection with regard to contract terms drafted unilaterally by the stronger party, a standard that Member States may choose to further upgrade under national law.¹⁰ Under the UCTD, a general framework for identifying unfair terms in consumer contracts is established, asking whether, contrary to the requirement of good faith, a contested term causes a significant imbalance in the parties’ rights and obligations, to the detriment of the consumer (Article 3(1)). Pursuant to Article 6(1) and Recital 21 of the Directive, Member States are required to ensure that the unfairness of terms renders them nonbinding on the consumer, while not generally voiding the contract itself. According to the relevant case law of the Court of Justice (CJEU), the assessment of an unfair nature of the term involves comparing it against the relevant statutory provisions of the Member State in question that would apply in its absence.¹¹ Also potentially having a bearing on unfairness is the non-transparency of the terms at issue, including phrasing which does not give the consumer an opportunity to foresee the economic consequences of the contract.¹²

A non-exhaustive “grey” list of potentially unfair terms has been provided in the annex to the UCTD to illustrate and exemplify terms which may be deemed unfair under framework being analysed. Thus far, no “blacklist” of terms which are always unfair has been provided at the EU level, even though corresponding recommendations have been made in the scholarship (Loos & Luzak, 2021). However, the existing grey list, developed through case law and legal research, already provides a helpful indication of which terms in consumer contracts should be approached with a wary eye. With respect to contracts entered into with digital services providers, terms relating to matters such as exclusion of liability, unilateral change, and contract termination, as well as choice of a foreign jurisdiction and foreign law, have been identified as especially problematic (Loos & Luzak, 2016; Wauters et al., 2014). As was previously indicated, similar problems also remain in the spotlight in the ongoing regulatory debate, carried out in the context of the proposed Digital Services Act.

AI for Consumer Protection

Digital Technologies and the Countervailing Power of Civil Society

In the AI and big data era, regulation and public enforcement may be insufficient, on their own, to ensure a high level of consumer protection. Therefore, scholars and consumer rights activists have argued that a new countervailing power (Galbraith, 1993) of civil society is needed to detect abuses, inform the public, and activate enforcement (Lippi et al., 2020). In the digital age, an effective countermovement also needs to be data-driven. A few examples of citizen-empowering technologies are already with us, as in the case of ad-blocking systems, as well as more traditional anti-spam software and anti-phishing techniques. But such efforts need to be taken to the next level. On the consumer’s side, support services can be deployed with the goal of analysing massive amounts of information made available to them and providing help in understanding this information and making a legal assessment. In the last few years, several projects and tools have been developed with these goals in mind. Notable examples include summary generators, analytical tools assessing the use of personal data, consumer-educating tools, and ontologies (Pałka & Lippi, 2019). In consumer law, significant progress has been made towards automating the task of identifying potentially unfair and unlawful clauses in online contracts and privacy policies, often violating the relevant EU acts. This is part of the CLAUDETTE project.

Introducing CLAUDETTE: An Automated Unfairness Detection Tool

The CLAUDETTE project¹³ aims at providing support to consumers and nongovernmental organisations for the analysis of consumer contracts and privacy policies. This support is provided by automatically identifying potentially and clearly unfair and unlawful clauses (Contissa et al., 2018b; Lippi et al., 2019). The CLAUDETTE system is based on machine learning, and in particular on supervised learning methods. Thus, in order to train the machine learning classifier, the system has been provided with a source corpus, containing examples of fair, potentially unfair, and clearly unfair clauses, as detailed in the following.

The ToS Corpus With regard to the analysis of consumer contracts, the source corpus contains 100 terms of service (ToS), analysed and manually annotated by legal experts in Extensible Markup Language (XML). The documents were selected among those offered by some of the major players in terms of user base, global relevance, and time the service was established. The marked-up clauses in the training set were used to indicate to CLAUDETTE how certain legal qualifications correspond to certain textual forms, giving the system an input, it needs to determine the category to which the clause belongs and assess its unfairness. The training algorithms “teach” the system to make determinations and assessments similar to those specified in the training set. Thus, these algorithms provide the system with criteria and mechanisms for classifying clauses. We could say that the system, through training, generates its own concept of unfairness, which is then applied to the task of classifying new clauses.

Eight categories of (potentially) unfair clauses have been identified based on the current legislative framework. In particular, they establish (1) jurisdiction in a country different from that of a consumer’s residence (<j>); (2) the choice of a foreign law (<law>); (3) liability limitations (<ltd>); (4) the provider’s right to unilaterally terminate the contract or access to the service (<ter>); (5) the provider’s right to unilaterally modify the contract or service (<ch>); (6) mandatory arbitration before court proceedings can commence (<a>); (7) the provider’s right to unilaterally remove consumer content (<cr>); and (8) consumer consent to the agreement simply by using a service, downloading an app, or visiting a website (<use>). More recently, we identified an additional category of potentially unfair clauses, i.e., clauses stating (or implicitly assuming) that (9) the scope of consent granted to the ToS also takes in the privacy policy, which forms part of the “General Agreement” (<pinc>). Such categories are widely used in ToS for online platforms (Dari-Mattiacci & Marotta-Wurgler, 2018; Loos & Luzak, 2016; Lippi et al., 2019; Micklitz et al., 2017). To capture the different degrees of (un)fairness we appended a numeric value to each XML tag, with 1 meaning “clearly fair,” 2 “potentially unfair,” and 3 “clearly unfair,” according to the criteria set out in Lippi et al. (2019). For instance, the <ltd3> label indicates that the clause concerns the provider’s limitation of liability and that it has been considered clearly unfair.

Concerning the new <pinc> category, it is interesting to note that such clauses have been introduced in ToS during the weeks right before and after 25 May 2018, i.e., the day on which the GDPR went into effect. These clauses have always been considered potentially unfair. As an example, consider the combination of the following clauses, taken from the DeviantArt ToS (last update not available):

By using our Service, you agree to be bound by Section I of these Terms (“General Terms”), which contains provisions applicable to all users of our Service, including visitors to the DeviantArt website (the “Site”). [...] The terms of DeviantArt’s privacy policy are incorporated into, and form a part of, these Terms.

While the first clause has been tagged as <ch2>, the second one has been labeled as <pinc2>. As emerges from the combined reading of the above clauses, by implicitly agreeing to the ToS, the consumer also agrees to the processing of personal data as explained in the Privacy Policy.

The Machine Learning Methodology The automated detection of (potentially) unfair clauses was addressed focusing on two main tasks: (a) detecting unfair clauses, so as to assess whether each clause is fair or (potentially) unfair; and (b) classifying unfair clauses, so as to determine the category an unfair clause belongs to (jurisdiction, arbitration, etc.).

The problem of detecting potentially unfair contract clauses was approached as a sentence classification task by adopting two methods. The first one consists in treating sentences independently of one another (sentence-wide classification), while the second one takes into account the document’s structure, and in particular the sequence of sentences. For each of these two methods, different classifiers have been tested and the results obtained were subjected to a comparative analysis (Lippi et al., 2019). The sentences obtained from the segmentation of the ToS texts were subjected to a lexical analysis (tokenization) and a syntactic analysis (parsing), using Stanford CoreNLP.¹⁴ In order to process the lexical content and the grammatical structure of sentences, we used different machine learning algorithms that include the bag-of-words and tree kernels (Lippi et al., 2019). The first captures the lexical differences between sentences and represents each sentence as a vector of the lexicon within the sentence concerned. The second, i.e., the tree kernels algorithm, analyses similarities and differences between the grammatical structures of sentences.

We ran experiments on the annotated corpus following the leave-one-document-out procedure, in which each document, in turn, is excluded from the training set and used to test and validate the classifier’s performance. In this way, for each document, the system generates predictions and also measures its performance with regard to the ToS at issue. This is a standard procedure in machine learning, making it possible to assess our system’s generalization capabilities. The results of the experiments show that CLAUDETTE correctly detected around 80% of the potentially unfair clauses in each category, ranging from a minimum 72.7% in the case of arbitration clauses, up to 89.7% in the case of jurisdiction clauses.

The proposed approach was implemented and developed as a Web server, reachable at the address http://claudette.eui.eu/demo, so as to produce a prototype system that users can easily access and test. They can simply paste the text to be analysed and subject it to the CLAUDETTE evaluation. The system will then produce an output file that highlights the sentences predicted as containing potentially unfair clauses, as well as the category they belong to. More recently, the CLAUDETTE team developed a new functionality aimed at providing users with explanations, and in particular legal rationales—i.e., the reasons why a clause is considered unfair—and the associated confidence score (Ruggeri et al., 2021).

Aside from developing CLAUDETTE’s prediction capacities, the implementation of the project, including the labelling of a comparably wide sample of standard terms in use, has also generated valuable insights about B2C relationships in digital markets. In the following, we provide a picture of the contractual practices of digital traders through statistical analysis and elaborate on the existing and potential issues faced by consumers in online environments.

Unfair Practices in Digital Markets: The Terms of Service Landscape

This section provides a longitudinal and comprehensive analysis of potentially unfair clauses in contractual terms of service used by international digital service providers. It discusses the results of an empirical study conducted on the CLAUDETTE dataset and the conclusions that can be drawn from this study. As mentioned above, the dataset consists of 100 ToS, available on the providers’ websites for review by potential and current consumers. Since 2017, the analysed ToS were gradually downloaded and analysed over a period of 3 years, with some follow-up review for the same services. It is the intention of the CLAUDETTE project researchers to increase the dataset and to undertake further reviews so as to monitor changes and identify any new patterns that may emerge in the ToS landscape, particularly as the regulatory framework evolves (Jabłonowska et al., 2021).

For the purpose of this study, we grouped contracts of online service providers into nine market sectors, as detailed in Table 1, in order to assess the relevant terms that allocate rights, obligations, and risks between both parties. This classification is also meant to investigate the distribution of specific (potentially) unfair contract-making practices along the mentioned sectors, as well as common patterns and correlations among them. The division of documents into groups is unbalanced: 20 in gaming and entertainment; 17 in social networks and online dating; 14 in travel, accommodation, and service intermediaries; 11 in content-sharing platforms; 10 in productivity tools and business management; eight in both e-commerce and Web search and analytics; seven in health and well-being, and five in communication tools. To account for this imbalance, the subsequent sectoral analysis refers to the proportion of documents that contain a given type of practice in a given sector.

Table 1 Online service platforms along market sectors

To paint the terms of service landscape in the studied sectors, we conducted an in-depth analysis of the dataset and created a novel structured corpus of different (potentially) unfair contracting practices. At the same time, we narrowed down our focus to the following five categories: (i) liability exclusions and limitations (ltd); (ii) unilateral changes (ch); (iii) unilateral termination (ter); (iv) content removal (cr); and (v) arbitration (a). In particular, we selected the five most challenging types of clauses, excluding the remaining four categories, which are less interesting for the purposes of this work, as they are always associated with the same types of practices and rationales.

Interestingly, of the 21,063 sentences in the corpus, 2346 (11.1%) were labeled as containing a potentially or clearly unfair clause, thus confirming the importance and the potential impact of the analytical work we carried out. The distribution of the different categories across the 100 documents is reported in Table 2 (Ruggeri et al., 2021). We observed a high frequency of some of the selected categories within the dataset. Arbitration clauses are the most uncommon, being contained in only 43 documents. All the other categories appear in at least 83 out of 100 documents. Limitation of liability and unilateral termination together account for more than half of all the potentially unfair clauses.

Table 2 Corpus statistics

In the following, we discuss whether and to what extent it is possible to retrieve diverse (potentially) unfair practices within each unfair-clause category, as well as whether and to what extent certain practices are more frequent than others in specific market sectors and characterize each such sector. To conduct this analysis, we assigned an identifier (ID) to each (potentially) unfair practice. Each clause in the CLAUDETTE dataset has been indexed with one or more relevant IDs, thus creating a one-to-many mapping of clauses to practices, as detailed in the following sections. The identified unfair practices have been also used to create a corpus of legal rationales or bases, i.e., reasons why a clause is (potentially) unfair (Ruggeri et al., 2021).

Liability Exclusions and Limitations

Service providers often dedicate a considerable portion of their ToS to disclaiming and limiting liabilities. Most of the circumstances under which these limitations are declared significantly affect the balance between the parties’ rights and obligations. This makes them at least questionable under the UCTD. In particular, we identified six classes of clauses limiting and/or excluding liability for damages. We thus have limitations/exclusions by (i) liability theory; (ii) causal link; (iii) kind of damages; (iv) standard of care; (v) cause; and (vi) compensation amount, as shown in Figure 1.

Fig. 1

Conceptual map of LTD classes of (potentially) unfair clauses

Within each class, we distinguished a variety of potentially unfair practices, mapping different questionable circumstances under which ToS reduce or exclude the provider’s liability (Table 3). As noted above, these practices correspond to a set of legal rationales for unfairness (Ruggeri et al., 2021). Two out of 18 are labelled clearly unfair practices (i.e,. injury and grossnegligence), while 14 have been evaluated as potentially unfair.

Table 3 Legal rationales for the legal qualification of limitation of liability unfairness

As noted, each (potentially) unfair ltd clause within the dataset may be relevant, and thus indexed with the corresponding (IDs), under more than one class and (potentially) unfair practice. Note that, even though the majority of rationales refers to the exclusion of claims for compensation, they cover different aspects at stake. Consider for instance anyloss and anydamage. While in the first case the liability exclusion depends on the causal link with the damage (e.g., incidental, direct, indirect, punitive damages), in the second case the limitation concerns the type of loss suffered by the consumer (e.g., economical, reputational).

As an example, consider the following clause taken from the Box ToS (updated August 2017):

To the extent not prohibited by law, in no event will Box, its affiliates re-sellers, officers, employees, agents, suppliers or licensors be liable for: any direct, incidental, special, punitive, cover or consequential damages (including, without limitation, damages for lost profits, revenue, goodwill, use or content) however caused, under any theory of liability, including, without limitation, contract, tort, warranty, negligence or otherwise, even if Box has been advised as to the possibility of such damages. (IDs: extent, anydamage, reputation, dataloss, ecoloss, awareness, liabtheories).

This clause can also be found in the current Box ToS version updated on August 2021. It limits the provider’s liability by kind, i.e., broad category of losses (e.g., loss of data, economic loss, and loss of reputation); by standard of care, since it states that the provider will never be liable even if negligent and aware of the possibility of damages; and by causal link (e.g., special, incidental, and consequential damages), as well as by any liability theory.

Figure 2 presents the recurrence of each (potentially) unfair ltd practice within the dataset, i.e., relative to the 100 analysed ToS. In particular, we identified 1595 references to 18 (potentially) unfair practices in 629 ltd clauses. The most common practice concerns general and nonspecific limitation and/or exclusion of liability (19.62%), followed by liability limitation for the actions of third parties (11.60%), for any damage (9.28%), and for interruption and/or the unavailability of the service (8.15%). Among the less frequent, by contrast, are limitations relating to cases of gross negligence (0.19%), intentional offences and/or damages, and physical and personal injuries (1.08%).

Fig. 2

Limitation of liability: Number of (potentially) unfair practices

Figure 3 presents the distribution of each practice across market sectors. Since the division of documents is unbalanced (see Section 4), we have normalized the number of each practice within each sector. In the following, we present a detailed description of each class of (potentially) unfair ltd clauses, and an analysis of the related practices across markets.

Fig. 3

Limitation of liability: Distribution of unfair practices across industry sectors

Limitation of Liability by Legal Theory

The first class of clauses restricts the theories of liability (ID: liabtheories) on which consumers can base actions against service providers. We retrieved this kind of limitation 53 times within the dataset (see Fig. 2), across all the sectors studied. Moreover, as shown in Figure 3, this kind of disclaimer is very frequent in ToS for communication tools (the 80% of ToS), being 2.8 times more frequent than in travel, accommodation, and service intermediaries (28.5% of ToS); 2.2 times more frequent than in content-sharing platforms (36.3% of ToS); and 1.9 times more frequent than in social networking and dating services (41.1% of ToS). In particular, while in the former, four out of five documents contain on average two LTD clauses by legal theory, in travel, accommodation, and service intermediaries only four out of 14 ToS contain a clause of this kind. In the latter case, i.e., social networks and dating, we retrieved such a practice only eight times in seven out of 17 ToS. The distribution in e-commerce, Web search and analytics services, and games and entertainment is more or less equivalent, amounting respectively to five clauses in four out of eight contracts; four clauses in four out of eight ToS; and 13 clauses in 11 out of 20 ToS. These clauses create an imbalance in the parties’ rights, in particular where the provider waives all types of damages under all theories. In this case, consumers will have greater difficulty in exercising their rights effectively. As an example, consider the following clause from the Airbnb terms of service (updated on June 2017):

Neither Airbnb nor any other party involved in creating, producing, or delivering the Airbnb Platform or Collective Content will be liable for any incidental, special, exemplary or consequential damages, including lost profits, loss of data or loss of goodwill, service interruption, computer damage or system failure or the cost of substitute products or services, or for any damages for personal or bodily injury or emotional distress [...] whether based on warranty, contract, tort (including negligence), product liability or any other legal theory, and whether or not Airbnb has been informed of the possibility of such damage, even if a limited remedy set forth herein is found to have failed of its essential purpose. (IDs: thirdparty, injury, anydamage, anyloss, ecoloss, dataloss, reputation, discontinuance, compharm, liabtheories).

The clause above can also be found in the current Airbnb ToS, last updated on 30 October 2020. It can clearly be appreciated that this clause (and others like it) is relevant under multiple classes of (potentially) unfair ltd clauses. Indeed, it limits the potential provider’s liability by theory, as well as by kind of damages, namely, for personal injuries and broad categories of loss (e.g., loss of data, loss of reputation, and economic loss), and by cause (e.g., service interruption, computer damage, and third-party actions). Under this kind of practice, recovering damages from the trader will be particularly difficult. Consider, for instance, a case in which a product defect is caused a property damage. In theory, a consumer should be able to bring an action in tort. However, clauses waiving all types of damages under any liability theory, whether contract, tort, or other kind, will pose a significant barrier to the pursuit of consumer claims. Even when the exclusion concerns only certain liability theories, a clause may still not measure up to the UCTD fairness test. For example, in view of the recent adoption of Directive 2019/770 on certain aspects concerning contracts for the supply of digital content and digital services (Digital Content Directive),¹⁵ far-reaching exclusions of the trader’s contractual liability for the digital content and digital services provided seem more than questionable.

Limitation of Liability by Causal Link

The second class of (potentially) unfair limitation of liability concerns the causal link with potential damages (ID: anydamage). In particular, the service provider limits the liability by disclaiming broad categories of damages, often encompassing special, direct and/or indirect, punitive, incidental, or consequential damages. Notably, within the dataset, this kind of limitation occurs 148 times (see Fig. 2) across all the analysed market sectors. As shown in Figure 3, clauses limiting the provider’s liability for any damage are present in 100% of ToS in four out of nine sectors, i.e., productivity tools and business management, Web search and analytics, communication tools, and content-sharing platforms. Conversely, their occurrence is lower in the travel, accommodation, and service intermediaries sector, being present only in four out of 14 ToS. As an example, consider the following clause taken from the Expedia terms of service (updated on February 2018):

In no event shall the Expedia Companies, the Expedia Partners and/or their respective suppliers be liable for any direct, indirect, punitive, incidental, special or consequential damages arising out of, or in any way connected with, your access to, display of or use of this Website or with the delay or inability to access, display or use this Website (including, but not limited to, your reliance upon opinions appearing on this Website; any computer viruses, information, software, linked sites, products and services obtaining through this Website; or otherwise arising out of the access to, display of or use of this Website) whether based on a theory of negligence, contract, tort, strict liability, consumer protection statutes, or otherwise, and even if the Expedia Companies, the Expedia Partners and/or their respective suppliers have been advised of the possibility of such damages. (IDs: anydamage, compharm, contractfailure, awareness, liabtheories, discontinuance).

This clause is also present in the current Expedia ToS, last updated in October 2020. Clauses excluding liability by causal link are clearly meant to limit the consumers’ ability to recover damages. They may be found unfair particularly when read in combination with the limitation of liability deriving from certain specific causes, such as breach of agreement and failures of performance, as well as whenever they are not based on force majeure, a case in point being terms seeking to exclude direct liability, as in the above example. Additionally, this clause unfairly does not distinguish between damages caused through the service provider’s fault or negligence and those caused as a result of circumstances beyond the provider’s sphere of control. Such limitations may also be found unfair, particularly when read in conjunction with clauses stating that the service is provided as is and on an as available basis (Bradshaw et al., 2011; Loos & Luzak, 2016), which clauses are meant to exclude express or implied warranties that the service provided will be fit for purpose or merchantable.

Limitation of Liability by Kind of Damage

The third class pertains the kind of damage for which liability is limited and/or excluded. Under this class, service providers usually differentiate between losses and injuries. With regard to losses, it is possible to further distinguish between clauses disclaiming the provider’s liability for (a) broad categories of loss—even if referring to certain specific objects, such as economic loss (ID: ecoloss), loss of reputation (ID: reputation), and loss of data (ID: dataloss)—and those limiting the liability for (b) any kind of loss (ID: anyloss) resulting from the use of the website and related services. These liability limitations affect all the analysed sectors. Specifically, limitation of liability for economic losses usually includes cases of loss of profits, loss of income, lost opportunity, lost business and sales, and loss of revenue. We retrieved 69 occurrences within the dataset (see Fig. 2). From a sectoral perspective, they are highest in Web search and analytics—where 87.5% of ToS contain this type of limitation—followed by content-sharing platforms, productivity tools and business management, and communication tools. In contrast, the occurrence is lower in the travel, accommodation, and service intermediaries sector, where only 14.29% of contracts contain a clause of this kind.

Loss of reputation refers to both reputation and goodwill damages, and it amounts to a total of 39 occurrences (see Fig. 2). This kind of disclaimer appears in 72.7% of ToS in the content-sharing platforms domain, followed by Web search and analytics (50% of ToS), health and well-being (42.8% of ToS), and social networks and dating (41.1% of ToS). In contrast, it is quite rare in the travel accommodation and service intermediaries sector (14.2% of ToS) and in games and entertainment (15% of ToS).

Clauses meant to limit or exclude providers’ liability with regard to data preservation usually include diverse sets of circumstances, such as disclosure, damage, destruction, or data corruption, failure to store data, or loss of data and other digital materials. We found a total of 74 clauses of this kind (see Fig. 2), mostly present in productivity tools and business management (100% of ToS) and in content-sharing platforms (90.9% of ToS). In contrast, such a practice is unsurprisingly very low in the travel, accommodation, and service intermediaries sector (7.1% of ToS).

Finally, we found 122 clauses disclaiming the provider’s liability for any kind of loss (see Fig. 2). They are more frequent in the productivity tools and business management sector (100% of ToS), followed by e-commerce (87.5% of ToS) and Web search and analytics (87.5% of ToS), and lowest in travel, accommodation, and service intermediaries (28.5% of ToS).

As an example, consider the following clauses, taken from the WeTransfer (updated on 9 October 2017) and the BetterPoints (retrieved in May 2019) ToS, respectively:

You acknowledge and agree that WeTransfer is not responsible for any damages to your computer system or the computer system of any third party that result from use of the Services and is not responsible for any failure of the Services to store, transfer or delete a file or for the corruption or loss of any data, information or content contained in a file. (IDs: compharm, dataloss, content).

We expressly exclude, to the fullest extent permitted by law, all liability of betterpoints.uk, its directors, employees or other representatives, howsoever arising, for any loss suffered as a result of your use of this website or involvement in any way with betterpoints.uk. (IDs: extent, anyloss).

The reported clauses are both present in the current WeTransfer and BetterPoints ToS, retrieved in December 2021 and last updated on 15 April 2021, respectively. The analysis of the entire dataset has shown that the limitation or exclusion of liability for failures in data preservation is usually linked to suspension, discontinuance, lack of availability, and termination of service. In contrast, failures to preserve data integrity are linked to (a) electronic virus attacks and malware and (b) security breaches. With regard to data preservation, an important issue pertains to cases where the unilateral suspension and/or termination of the service would entail losing some digital content (e.g., purchased and/or stored content, purchased apps, email address), or, on the contrary, where there would be an opportunity for consumers to gain access to the data to retrieve it for use and storage elsewhere. In the first case, clauses limiting the service provider’s liability appear, in our opinion, to be disproportionately disadvantageous to the consumer and thus unfair. Concerning the data integrity, significantly, the exclusion of liability for damage seems to be frequently imposed by providers that, given the nature of their service (e.g., storage-and-backup-service providers and file-transfer services, such as Dropbox and WeTransfer), should guarantee appropriate measures for data integrity. With regard to injuries, Annex I, paragraph 1(a) UCTD explicitly mentions as unfair clauses that limit or exclude the seller’s or supplier’s liability in the event of the death of a consumer or personal injury to the latter resulting from an act or omission of that seller or supplier. As an example, consider the following clause taken from the Academia terms of service (last updated on May 2017):

Neither Academia.edu nor any other person or entity involved in creating, producing, or delivering the site, services or collective content will be liable for any incidental, special, exemplary or consequential damages, or lost profits, loss of data or loss of goodwill, service interruption, computer damage or system failure or the cost of substitute products or services, or for any damages for personal or bodily injury or emotional distress arising out of or in connection with these terms or from the use of or inability to use the site, services or collective content, or from any communications, interactions or meetings with other users of the site or services or other persons with whom you communicate or interact as a result of your use of the site or services, whether based on warranty, contract, tort (including negligence), product liability or any other legal theory, whether or not Academia.edu has been informed of the possibility of such damage, and whether or not foreseeable, even if a limited remedy set forth herein is found to have failed of its essential purpose. (IDs: injury, anydamage, compharm, anyloss, dataloss, reputation, liabtheories, ecoloss, discontinuance).

Even though, at first glance, it may be difficult to imagine a situation where an act or omission of an online service provider leads to a consumer’s death, it is conceivable to foresee cases where some people may be significantly emotionally or psychologically disturbed if their online services were blocked or disrupted, as in cases where certain digital data (e.g., pictures, work-related files, or research data) are erased. Additionally, the above clause also excludes the provider’s liability under any legal theory; by different classes of causes, such as service interruption; by causal link; and by the standard of care (as detailed in the following), including cases of negligence, foreseeability, and awareness of the damage. Finally, as digital services become increasingly connected to offline interactions, e.g., in the context of online-to-offline commerce or the Internet of Things, the prospect of personal injury or even death in connection to use of a service seems no longer so remote.

Limitation of Liability by Cause

A further class of (potentially) unfair limitations of liability concerns the cause of damage. Under this class, we identified as potentially unfair clauses that limit liability for damage deriving from (a) failure to perform one or more contractual obligations under the terms of service (ID: contractfailure); (b) actions by third parties (ID: thirdparty; (c) a security breach (ID: security); (d) service interruption and unavailability (ID: discontinuance); (e) virus, malware, etc., causing harm to hardware and software (ID: compharm); and (f) information published, stored, and processed within the services (ID: content).

Breach of Agreement and Failure to Perform Contractual Obligations Under the hypothesis concerning a trader’s failure to fulfil one or more of its obligations, potentially unfair clauses stipulate that the service provider will not be liable for any failure to perform a contract or fulfil its terms obligations, including in cases involving breach of agreement, lack of performance, and failures to deliver products and services (ID: contractfailure). This kind of limitation appears in 25 clauses within the dataset (see Fig. 2), affecting 8 out of 9 sectors. It is most frequent in the e-commerce sector, being present in 50% of ToS, followed by games and entertainment, where 30% of ToS contain this practice. In contrast, occurrence is lowest in productivity and business management tools, with only 10% of ToS being affected (see Fig. 3).

As examples, consider the following clauses, taken from the Courchsurfing (updated on 10 September 2018), Goodreads (updated on 6 December 2017), and the Zynga terms of service (updated on 26 July 2016), respectively:

We shall not be liable for any failure or delay in performing under these terms, whether or not such failure or delay is due to causes beyond our reasonable control. (IDs: contractfailure).

You agree that Goodreads will not be liable to you for any interruption of the Service, delay or failure to perform. (IDs: discontinuance, contractfailure).

To the fullest extent allowed by any law that applies, the disclaimers of liability in these terms apply to all damages or injury caused by the service, or related to use of, or inability to use, the service, under any cause of action in any jurisdiction, including, without limitation, actions for breach of warranty, breach of contract or tort (including negligence). (IDs: extent, anydamage, injury, contractfailure, liabtheories).

All the above clauses are still present in the current Couchsurfing, Goodreads, and Zynga ToS, last updated in June 2020, April 2021, and November 2021, respectively. These clauses are meant to limit and/or exclude the guarantees related to the provision of the service and its reliability. Although, there might be circumstances under which such failures fall outside the service provider’s sphere of control, in most cases they do not distinguish between unforeseeable problems and those caused by the provider’s fault or negligence. Indeed, in some cases, as in the clause above, the limitation and/or exclusion of liability also expressly covers cases where the failure is due to the provider’s negligence or to a cause within the provider’s sphere of control. Therefore, these limitation-of-liability clauses seem to indirectly state that consumers could not reasonably expect the service to be delivered without problems. In this regard, it has been noted that when consumers are affected by a breach of contract, this may have the capacity to unsettle lives beyond the pocketbook (Willett, 2016). As a consequence, consumers must deal with disruption in their private lives. The recently adopted Digital Content Directive recognizes the asymmetrical nature of business-to-consumer contracts for the supply of digital content and digital services and lays down both subjective and objective conformity criteria in respect of such contracts (Articles 7 and 8). Accordingly, broad exclusions of traders’ liability for breach of contract and for failure to perform contractual obligations, which could lead consumers into error about their legal situation, would likely be deemed unlawful.

Service Interruption and Unavailability Clauses falling under this hypothesis usually state that the service provider will not be liable under one or more of the following circumstances: any technical problem, failure, or inability to use the service; suspension, disruption, modification, discontinuance, unavailability of service, even when due to any unilateral change, unilateral termination, unilateral limitation on certain features and services, or restriction on access to the service,¹⁶ without notice (ID: discontinuance). This limitation has been retrieved in 130 clauses across the entire dataset (see Fig. 2) and across all the sectors studied. It is most present in the content-sharing platform sector, with 100% of contracts containing such clauses, as well as in health and well-being, where the affected ToS amount to 85.7%. In contrast, only 21% of ToS in the travel, accommodation, and service intermediaries sector disclaim liabilities for service interruption and/or unavailability (see Fig. 3).

As examples, consider the following clauses, taken from the BetterPoints (retrieved in May 2019) and Lindenlab (last updated on 31 July 2017) ToS, respectively:

You acknowledge that we are not responsible for suspension of the Service, regardless of the cause of the interruption or suspension. (IDs: discontinuance).

Likewise, except as set forth above, in any Additional Terms, or as required by applicable law, Linden Lab is not responsible for repairing, replacing or restoring access to your Usage Subscription, or Virtual Goods and Services (including any Virtual Space or other Virtual Tender associated with each Product, as further described in an applicable Product Policy), or providing you with any credit or refund or any other sum, in the event of: (a) Linden Lab’s change, suspension or termination of any Usage Subscription or Virtual Goods and Services (including any Virtual Space or other Virtual Tender associated with each Product, as further described in an applicable Product Policy); or (b) for loss or damage due to Website or Server error, or any other reason.[...]In such event, you will not be entitled to compensation for such suspension or termination, and you acknowledge that Linden Lab will have no liability to you in connection with such suspension or termination. (IDs: dicontinunance, anyloss, anydamage).

The BetterPoints ToS were last updated in April 2021, and the above clause is still present, while the Lindenlab ToS have never been updated. Similarly to the case of liability limitation for breach of contract, these clauses seem to exclude the provider’s liability for disruptions in the availability and reliability of the service, excluding any guarantees with regard to its provision. Limitation-of-liability clauses for service interruption and unavailability may substantially affect consumers’ interests, likewise giving rise to an imbalance in contractual rights and obligations to the detriment of consumers.

Security Breach, Electronic Viruses, and Other Destructive Program Attacks Often, limitation-of-liability clauses restrict or exclude the provider’s liability for any damage deriving from a security breach, including any unauthorised access, alteration, or modification of data and data transmission (ID: security). In the dataset, such clauses are 21 in total (see Fig. 2). They were found in eight out of nine sectors, with the highest occurrence in the Web search and analytics sector (37.5% of ToS), and the lowest in the travel, accommodation, and service intermediaries sector (7.1% of ToS). These clauses are completely absent in gaming-and-entertainment ToS. Similarly, online service providers frequently limit their liability for any harm or damage to hardware and software or other equipment or technology, including data, due to virus attacks, malware, worms, Trojan horses, or any similar contamination or destructive program (ID: compharm). We found a total of 27 clauses (see Fig. 2) in eight out of nine sectors. They are mostly present in productivity tools and business management (50% of ToS) and in health and well-being (42.8% of ToS). The least-affected sector seems to be gaming and entertainment, where only 5% of ToS contained such clauses, while they were completely absent in Web search and analytics contracts. In our opinion, a full exclusion or broad limitation of liability can be seen as unjustified and significantly tilting the balance between the parties’ rights and obligations, and therefore be (potentially) unfair, regardless of whether the damage was caused intentionally or through negligent or grossly negligent behaviour, regardless of whether the attack was foreseeable by the service provider or whether the service provider was made aware of the possibility of an attack, as well as regardless of whether the service provider took the necessary security measures. Consider, for instance, the following examples, taken from the Myspace (last updated on 24 May 2018) and Badoo (updated on 11 September 2018) ToS, respectively:

In no event shall Myspace be liable to you or any third party for any indirect, consequential, exemplary, incidental, special or punitive damages, including without limitation, lost profit damages arising from [...] or any damage to a user’s computer, hardware, software, modem, or other equipment or technology, including damage from any security breach or from any virus, bugs, tampering, fraud, error, omission [...], including losses or damages in the form of lost profits, or equipment failure or malfunction, even if my space has been advised of the possibility of such damages. (IDs: anydamage, thirdparty, compharm, discontinuance, reputation, dataloss, awareness, content, ecoloss).

Badoo is not responsible for any damage to your computer hardware, computer software, or other equipment or technology including, but without limitation damage from any security breach or from any virus, bugs, tampering, fraud, error, omission, interruption, defect, delay in operation or transmission, computer line or network failure or any other technical or other malfunction. [...] This limitation on liability applies to, but is not limited to, the transmission of any disabling device or virus that may infect your equipment, failure or mechanical or electrical equipment or communication lines, telephone or other interconnect problems (e.g., you cannot access your internet service provider), unauthorized access, theft, bodily injury, property damage, operator errors, strikes or other labor problems or any act of god in connection with Badoo including, without limitation, any liability for loss of revenue or income, loss of profits or contracts, loss of business, loss of anticipated savings, loss of goodwill, loss of data, wasted management or office time and any other loss or damage of any kind, however arising and whether caused by tort (including, but not limited to, negligence), breach of contract or otherwise, even if foreseeable whether arising directly or indirectly. (IDs: security, injury, anydamage, anyloss, reputation, contractfailure, awareness, dataloss, liabtheories, ecoloss).

These two clauses are both present in the current versions of the MySpace and Badoo ToS. The latter were last updated in March 2021.

As in case of limitation of liability for service interruption and unavailability, such clauses are meant to exclude the security and reliability of the service. As the size of e-commerce and social media grows, security and privacy remain critical obstacles that hinder more accelerated growth of e-commerce. There have been many security-breach cases in the last decade, such as those of Target Corporation’s security and payment system (2013), eBay’s cyberattack (2014), Uber’s hacking incident (2016), Facebook’s breach of personal data use and privacy (2018), and many others. As a consequence, consumers have often suffered losses caused by Internet services not working properly, including losses due to leaks of personal data stored in cloud computing and social network platforms. The service provider’s obligation to put security measures in place in order to prevent failure in the protection of personal data, as well as the provider’s responsibility for such measures, has continually been enhanced from the Data Protection Directive (DPD)¹⁷ to the GDPR. Although the latter is in force, service providers keep using clauses meant to limit or exclude their liability for security issues. It is also important to note that a higher incidence of this practice can be identified in the ToS for social networks and dating, as shown in Figure 2, which usually collect a large amount of personal and sensitive data.

Published Information and Content Very frequently ToS state that the provider is not liable for any content, material, or information posted, stored, or processed within the services—including in cases of inaccuracy or error, copyright violation, defamation, slander, libel, falsehood, obscenity, pornography, profanity, or any objectionable material—or for software, products, and services on the website. These clauses are 122 (see Fig. 2) and they have been considered always potentially unfair. From a sectoral perspective, such clauses were found in all the sectors studied and, more specifically in 100% of contracts in e-commerce, while least affected is the travel, accommodation, and service intermediaries sector, where only 28.5% of ToS contains this liability disclaimer. As concerns the remaining market sectors, the occurrence of this kind of limitation of liability ranges from 75% of ToS in the productivity and business management tools sector to 40% of ToS in the communication tools sector.

Under the E-Commerce Directive (ECD)¹⁸ intermediary service providers (ISPs) should not be held liable for the content they transmit, store, or host, provided they do not have knowledge of illegal activity, as long as they are in no way involved in the information transmitted, or, in the case of hosting services, do not have any knowledge or awareness of the illegal activities, and if they do become aware of such content, they much promptly remove or disable it. Illegal content covers a wide range of violations, including infringements of intellectual property rights (trademark or copyright), child pornography, racist and xenophobic content, defamation, terrorism or violence, illegal gambling, illegal pharmaceutical offers, and illicit tobacco or alcohol advertisements. The ECD’s safe harbour framework was introduced at the turn of the century as a means for developing online services and enabling the information society to flourish (Ullrich, 2017).

Although the safe harbours adopted within the ECD remain, in principle, intact, the provider’s liability for the content they transmit, store, or host has been at the center of a big debate, and the context in which they operate is being gradually enriched through law and policy developments. Most notably, the recently adopted Directive EU 2019/790 on copyright in the Digital Single Market (DSM Directive),¹⁹ and especially its Article 17, governing the newly created liability and licensing scheme, has been regarded as a paradigm shift in copyright law. Newly adopted rules contribute to the formation of an emerging liability regime for unlawful content that differs from the conditional liability-exemption regime envisaged within the E-Commerce Directive (Montagnani, 2019).

Aside from the DSM Directive, the responsibilities of online intermediaries with regard to published information and content have been reshaped through a revision of the Audiovisual Media Services Directive (AVMSD),²⁰ the recently adopted Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online,²¹ the Commission guidance on application to commercial platforms of the Unfair Commercial Practice Directive,²² as well as many communications and recommendations dealing with the issue of illegal content online.²³ Finally, the draft Digital Services Act proposes in Article 5 further limitations on the liability exemption for host providers, including limitations where the recipient of the service is acting under the authority or control of the provider.

Overall, although liability exemptions for online intermediaries continue to be a key element of the European system, these exemptions generally are not unconditional. Moreover, further layers of duties and obligations are being gradually imposed on online platforms, under headings such as monitoring, diligence, reporting and flagging, cooperating with rightholders, forming licensing agreements, adopting appropriate measures to prevent unlawful content, and designing platforms in a way that prevents consumers from being misled. Violation of such obligations can trigger the liability of the respective providers.

Despite the legal framework and developments just described, broadly framed liability exemptions for published information and content are frequent in online terms of service. Consider the following examples, taken from the Goodreads (updated on 6 December 2017) and HeySuccess (retrieved in February 2019) ToS:

Goodreads takes no responsibility and assumes no liability for any User Content that you or any other Users or third parties post or send over the Service. You understand and acknowledge that you may be exposed to User Content that is inaccurate, offensive, indecent, or objectionable, and you agree that Goodreads shall not be liable for any damages you allege to incur as a result of such User Content. (IDs: thirdparty, content).

We will not be liable to any user for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable or we have been informed of the possibility of such loss or damage, arising under or in connection with: use of, or inability to use, our site; any negative or defamatory comments made about you by your referee(s) or other users; use of or reliance on any content displayed on our site; or service interruption, computer damage or system failure. (IDs: anydamage, anyloss, contractfailure, awareness, discontinuance, compharm, liabtheories, dicontinuance, content).

The two clauses above are both present in the current Goodreads and HeySuccess terms of service, last updated in April 2021 and retrieved in December 2021, respectively.

Third-Party Actions As mentioned, clauses designed to limit or exclude the provider’s liability for actions by third parties are among the most frequent LTD (potentially) unfair clauses. They account for 185 clauses in the studied corpus (see Fig. 2), affecting all the market sectors considered (see Fig. 3). The highest occurrence can be found in the productivity and business management tools sector and in the communication tools sector, in both affecting 80% of the relative contracts, followed by health and well-being (71.4% of ToS) and e-commerce and Web search analytics (62.5% of ToS in both cases). In contrast, the lowest number of contracts containing limitation-of-liability clauses for third-party actions belongs to gaming and entertainment (35% of ToS).

These kinds of clauses typically also feature liability exclusions for published information and content and seek to ensure that even other activities undertaken by third parties do not attract liability of the intermediary. Indeed, the scope of activities that can nowadays be undertaken with the help of digital services is remarkably broad—and so is the potential for consumer harm. This is especially prominent in online-to-offline commerce, which may lead consumers toward dangerous products or services. Examples include defective goods purchased from third-party sellers in online marketplaces,²⁴ unsafe accommodations offered through travel platforms (Stone, 2015),²⁵ or cases of sexual misconduct reported in different online sectors.²⁶ The extent to which the potential cases of liability just described are covered by the E-Commerce Directive’s safe-harbour provisions has been a subject of debate. Among the conditions for liability exclusion, Article 14 ECD refers to the provider’s knowledge of “illegal activity or information,” which suggests that the provision has a broad scope. As mentioned, however, the exclusion is not unconditional, and different duties of care can be imposed on platform operators on the basis of national and EU law. Furthermore, as the CJEU’s recent judgements in the Uber cases show, it is not always straightforward whether a given service provider falls under the ECD in the first place.²⁷ Broadly framed liability-exclusion clauses contained in online ToS may lead consumers to believe that whenever harm derives from third-party actions, there is no point in bringing any claims against the provider of digital services. As an example, consider the following clause from the Tinder ToS (updated on October 2017):

To the fullest extent permitted by applicable Law, in no event will Tinder, its affiliates, employees, licensors or service providers be liable for any indirect, consequential, exemplary, incidental, special or punitive damages, including, without limitation, loss of profits, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from: (i) your access to or use of or inability to access or use the services, (ii) the conduct or content of other users or third parties on, through, or following use of the services; or (iii) unauthorized access, use or alteration of your content, even if Tinder has been advised of the possibility of such damages. (IDs: extent, anydamage, anyloss, dataloss, reputation, content, thirdparty, security, awareness, ecoloss).

This clause is still present in the current version of the Tinder terms of service, last updated in November 2021.

Limitation of Liability by Compensation Amount

Frequently, service providers also restrict their liability by limiting the damages (compensation) they are or may be held liable to pay to consumers (IDs: amount). We found 82 clauses of this kind in the dataset (see Fig. 2), affecting all the sectors studied, with a prevalence in the e-commerce and productivity tools and business management sectors, where 87.5% and 80% of ToS contain such practices, respectively (see Fig. 3). In contrast, only 25% of ToS in Web search and analytics present clauses limiting the amount of compensation for possible damage.

Moreover, from an analysis of the collected ToS it is possible to distinguish cases in which (a) no compensation or refund in case of termination of the service will be provided, especially for free services; (b) the amount will be less than or equal to the product price or the service fees paid (if a service fee is required), even where aggregate liability may apply; and cases where (c) the refund or compensation is further limited by reference to time constraints (e.g., the amount paid by the consumer over the previous six months).

Consider, for instance, the following clauses, taken from the LindenLab (last updated on 31 July 2017), Expedia (updated on 21 February 2018), and Facebook (updated on 30 January 2015) terms of service, respectively:

You agree that Linden Lab will not be liable for any interruption of the Service (whether intentional or not), and you understand that except as may otherwise be specifically provided in Linden Lab’s billing policies, posted on applicable areas of the Service and/or Website(s), you will not be entitled to any refunds of fees or other compensation for interruption of service. (IDs: discontinuance, amount).

If, despite the limitation above, the Expedia Companies, the Expedia Partners or their respective suppliers are found liable for any loss or damage which arises out of or in any way connected with any of the occurrences described above, then the liability of the Expedia Companies, the Expedia Partners and/or their respective suppliers will in no event exceed, in the aggregate, the greater of (a) the service fees you paid to Expedia, Inc. in connection with such transaction(s) on this Website, or (b) One-Hundred Dollars (US$100.00) or the equivalent in local currency. (IDs: amount).

Our aggregate liability arising out of this statement or Facebook will not exceed the grater of one hundred dollars ($100) or the amount you have paid in the past twelve months. (IDs: amount).

The first two clauses above are present in the current versions of the LindenLab and Expedia ToS, last updated in January 2020, while the last one is absent from the current Facebook ToS, last updated in December 2020.

Limitation of Liability by Standard of Care

Clauses falling under this hypothesis stipulate a full exclusion or a broad limitation of liability, regardless of whether the damage was caused intentionally, and even if the service provider (a) was advised or should have been aware of the possibility of any such damage or loss or (b) acted with gross negligence (IdS: awareness, grossnegligence. With regard to cases under (a), i.e., liability limitations extending to the service provider’s awareness, we found 59 clauses within our dataset (see Fig. 2). Clauses of this type affect all the market sectors analysed, with an incidence ranging from 80% of ToS in the communication tools sector to 12.5% of ToS in the e-commerce sector (see Fig. 3). Concerning the latter case, i.e., the limitation of liability in case of service provider’s gross negligence, we retrieved only three clauses (see Fig. 2) in contracts respectively falling under the domains of Web search and analytics, travel, accommodation and service intermediaries, and health and well-being (see Fig. 3).

As an example, consider the following clause from the Booking terms of service (retrieved in January 2019):

However and to the extent permitted by law, neither we nor any of our officers, directors, employees, representatives, subsidiaries, affiliated companies, distributors, affiliate (distribution) partners, licensees, agents or others involved in creating, sponsoring, promoting, or otherwise making available the site and its contents shall be liable for (i) any punitive, special, indirect or consequential loss or damages, any loss of production, loss of profit, loss of revenue, loss of contract, loss of or damage to goodwill or reputation, loss of claim, (ii) any inaccuracy relating to the (descriptive) information (including rates, availability and ratings) of the Supplier as made available on our Platform, (iii) the services rendered or the products offered by the Supplier or other business partners, (iv) any (direct, indirect, consequential or punitive) damages, losses or costs suffered, incurred or paid by you, pursuant to, arising out of or in connection with the use, inability to use or delay of our Platform, or (v) any (personal) injury, death, property damage, or other (direct, indirect, special, consequential or punitive) damages, losses or costs suffered, incurred or paid by you, whether due to (legal) acts, errors, breaches, (gross) negligence, willful misconduct, omissions, non-performance, misrepresentations, tort or strict liability by or (wholly or partly) attributable to the Supplier or any of our other business partners (including any of their employees, directors, officers, agents, representatives or affiliated companies) whose products or service are (directly or indirectly) made available, offered or promoted on or through the Platform, including any (partial) cancellation, overbooking, strike, force majeure or any other event beyond our control. (IDs: extent, anydamage, anyloss, thirdprty, reputation, injury, security, grossnegligence, contractfailure, liabtheories, ecoloss, content, discontinuance).

This clause is still present in the current Booking ToS, last updated in December 2021. As in the example above, these clauses are meant to exclude a duty of care, so as to enable the service provider to do something less than that which the law would otherwise require. The duty of care is usually based on the finding that there is a sufficient degree of proximity between the provider’s action or inaction and the damage, so that the provider can at least reasonably foresee that its negligence would cause loss to the consumer. Where liability is restricted or excluded, consumers are, to different degrees, deprived of a remedy which they would have as a matter of law, and which can be considered a benchmark of fairness (Willett, 2017).

Unilateral Change

Unfairness of Unilateral Change Clauses

The “unilateral change” category identifies situations where a trader is authorized to change the terms of the original contract, with no or limited involvement by the user. The legal basis for this unfairness category in not individually negotiated business-to-consumer contracts can be reconstructed from the UCTD annex that covers “terms which have the object or effect of [...] enabling the seller or supplier to alter the terms of the contract unilaterally without a valid reason which is specified in the contract.” Such business practices can potentially give rise to a significant power imbalance between the trader and consumer. For example, a trader might change the terms of service—including the price, accessibility of products and services, and their functionalities—without informing the consumer, thus placing on the consumer the onus of regularly checking the ToS. In the category of unilateral change, we identified seven types of questionable practices (Table 4). These include situations where no notice is given by the trader or where the terms and underlying services can be changed discretionally. All such clauses have been classified in our project as potentially unfair. To illustrate some of the issues, this section includes examples from the different industry sectors.

Table 4 Potentially unfair practices for the unilateral change category

Figure 4 illustrates the number of different unilateral change practices identified in the studied corpus. In total, the seven studied practices were found 401 times among 100 contracts in nine sectors surveyed. The most common practice concerned the possibility of unilaterally changing the contract without providing reasons (59.60% of all unilateral change practices), and without notice to consumers (15.21%). Two further practices which placed the burden for finding out about the changes on the consumer were also fairly frequent (8.98% and 4.99% of all identified unilateral-change practices were those with the IDs: justposted and consresp, respectively). These four categories combined amounted to more than 80% of all unilateral change practices identified in all studied sectors. The proportion of documents, in which particular practices were present across the studied sectors, is depicted in Figure 5.

Fig. 4

Unilateral change: Number of (potentially) unfair practices

Fig. 5

Unilateral change: Distribution of unfair practices across industry sectors

Unilateral Change With No Reasons Provided

The largest group in unilateral-change explanations are of a generic nature, where the company reserves the right to change the terms at any time, for any reason, at its full discretion. Clauses of this kind were found in 100% of documents in five out of nine studied sectors. Specifically, this was the case for e-commerce, productivity tools and business management, Web search and analytics, health and well-being, and content sharing platforms. Also in communication tools, gaming and entertainment, and social network and dating, broadly framed unilateral change provisions were present in most contracts, that is, in 60%, 75%, and 82.35% of ToS, respectively. The only exception to this alarming trend was found in the travel, accommodation, and service intermediaries sector, where the practice was identified in 28.57% of standard terms. Unanticipated modifications can be especially problematic in health and well-being, where consumers may become used to specific monitoring patterns and may want to know in particular why changes are made to their health predictions.

In the following, we provide examples of the clauses retrieved from the CLAUDETTE corpus which illustrate the lack of detail and justification given to consumers. Since a single clause can have several explanations in our methodology, it was also interesting to notice that the generic clauses often also included no notice statements.

A common thread among the ToS of companies from all the studied sectors is short and vague statements, as we can see in Couchsurfing (updated on 10 September 2018), Snap (updated on 10 January 2017), and Tagged (updated on 22 March 2018):

We reserve the right to adjust pricing for our service in any manner and at any time as we may determine in our sole discretion. (ID: anyreason).

We reserve the right to set storage limits for Memories, and we may change these limits from time to time in our sole discretion. (ID: anyreason).

The Company reserves the right to change or amend this Agreement at any time, for any reason, or for no reason at all, at the Company’s sole discretion. (ID: anyreason).

It is worth noting that all three clauses continue to feature, essentially unaltered, in the service providers’ current terms (last updated on 30 June 2020, 15 November 2021, and 24 May 2021, respectively). Occasionally, these types of statements are supplemented by further explanations. However, on closely reading the ToS, it becomes apparent that such specifications typically do not overrule the more general statements expressed by blanket phrases. Accordingly, consumers will likely be unable to envisage the reasons for the prospective changes and can have very limited leeway for action when that happens.

In relation to clauses allowing for unilateral price changes, the Court of Justice of the European Union, in assessing the unfair nature of a term under the UCTD, found that “the possibility for the consumer to foresee, on the basis of clear, intelligible criteria, the amendments ... with regard to the fees ... is of fundamental importance.”²⁸ Against this background, clauses equipping traders with a broad discretion as to future pricing changes for ongoing subscriptions seem highly questionable. Moreover, while many of the digital services are provided without a monetary price, unilateral changes implemented one-sidedly at trader’s full discretion are similarly problematic, as they make it difficult, if not impossible, for consumers to anticipate not only under what conditions changes to particular terms can be made, but also which terms can be expected to be changed—so much so that the changes can even go to the core of the bargain. This reading is supported by the outcome of coordinated action undertaken against Facebook in 2019 as part of the Consumer Protection Cooperation Network. In response to requests made by the European Commission and consumer protection authorities, Facebook agreed to limit its unilateral change clauses to cases where the changes are reasonable, while also taking the consumer’s interest into account.²⁹ As seen from the examples above, however, positive changes in the market practice are all but to be taken for granted. Unilateral change with no reasons provided thus remains a cause for concern and should be monitored over time.

Unilateral Change With No Notice Provided

The second most common practice with regard to unilateral changes, identified 61 times in our corpus, involves statements by traders that consumers will not be warned of any changes. Sector-wide practices of this kind were most frequent in e-commerce, content sharing platforms, and productivity tools and business management, where they were found in 75%, 63.64%, and 50% of documents, respectively. On the other end of the spectrum, with only 7.14% of documents, was again the travel, accommodation, and service intermediaries sector.

The possibility of introducing unilateral changes without prior notice can be expressed through a variety of phrases like “without notice,” or “with no warning.” For illustration, consider the following terms found in the ToS for Yahoo (updated on 13 June 2017), eDreams (retrieved in October 2018), and Fitbit (updated on 28 September 2017):

Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service (“TOS”), which may be updated by us from time to time without notice to you. (IDs: anyreason, nowarning).

eDreams may amend or update these T&Cs at any moment, without prior notice. (IDs: anyreason, nowarning).

Fitbit may change or discontinue, temporarily or permanently, any feature or component of the Fitbit Service at any time without notice. (IDs: anyreason, nowarning).

While the clause from the Yahoo terms is no longer present in its current terms (last updated on 25 May 2018), the remaining two clauses have remained essentially unaltered in the versions retrieved in January 2022. Such practices pose a risk to consumers not realizing that substantial changes have been made to their contract, precisely for lack of notice by the companies, including price changes or changes to the service functionalities. Furthermore, such changes can consist in completely discontinuing the service, which—if undertaken without notice—can lead, for instance, to the loss of valuable data. The importance of notice was recently explicitly recognized by the EU legislature in respect of platform-to-business contracts. More specifically, Regulation 2019/1150, in effect from 12 July 2020, requires providers of online intermediation services to notify any changes of their terms and conditions to their business users at least 15 days prior to such changes taking effect.³⁰ Exceptions from the notice requirements are provided only in limited circumstances (Article 3(4)). If the importance of notifying unilateral changes made to platform contracts has been recognized with respect to business-to-business relations, the fairness of which is typically not scrutinized under EU law, the same is likely to be true for B2C contracts, covered by the broadly framed provisions of the UCTD. This finds support in the recent enforcement activities taken against Airbnb as part of the Consumer Protection Cooperation Network, as a result of which the company made a commitment not to unilaterally change its ToS without informing users in advance.³¹ This only strengthens the case for comprehensive monitoring of the practice across digital markets.

Updates Posted Online and Consumer’s Responsibility for Monitoring Changes

Two related types of business practices cover clauses which provide either that changes to the contract will be posted on the company’s website without notifying the consumer, or that it is the consumer’s responsibility to regularly check the terms for updates. Both practices were identified 36 and 20 times in our corpus, respectively.

As far as the sectoral picture is concerned, clauses providing that changes to the contract will be posted on the company’s website without notifying the consumer were found most frequently in e-commerce, health and well-being, and communication tools (75%, 71.43%, and 60% of documents, respectively). The prominent position of health and well-being once again is a cause for concern. In contrast, terms indicating that it is the consumer’s responsibility to regularly check contracts for updates were entirely absent in this sector. Practices of this kind seem generally less frequent, as they were only found in a minority of contracts across all sectors.

For illustration of potentially unfair clauses in this group, consider the following examples from Groupon (updated on 15 October 2018) and Deliveroo (retrieved in April 2018):

You agree that posting notice of any changes on the Terms of Use page is adequate notice to advise you of these changes, and that your continued use of the Site or our services will constitute acceptance of these changes and the Terms of Use as modified. (IDs: justposted, consresp).

You are expected to check this page from time to time to take notice of any changes we make, as they are binding on you. (ID: consresp).

Both clauses remain present in the current versions of service providers’ ToS (last updated on 7 September 2021 and 30 November 2021, respectively). A valid concern in such circumstances is that consumers might not even be aware that the terms have changed, and that the practice requires consumers to monitor the company’s terms regularly. Regular Internet users are likely to be bound by several dozen online contracts; it is unreasonable for them to regularly check all these pages for updates. Where such unilateral change clauses additionally state that a continued use of the service amounts to acceptance of the changes, an imbalance of rights and obligations to the detriment of the consumer is even more apparent.

Unilateral Change With Reasons Provided: Violation of Terms, Changes in the Law, Service Updates

The three remaining practices identified as part of the CLAUDETTE corpus pertain to clauses in which certain reasons are provided for changes to terms previously agreed upon or for changes regarding performance under the agreement. Clauses which specify such reasons are generally less problematic than blanket references to introducing changes at a trader’s full discretion. For example, the reasons given may relate to actions of consumers that violate the terms, or to the need to reflect changes in the law or to introduce service updates. Still, the formulation of relevant reasons may not be very clear (e.g., where it remains for the trader to determine whether a given circumstance occurs), or they might merely follow blanket phrases at a trader’s full discretion.

Consider the following examples from Tripadvisor (retrieved in February 2018), Skype (retrieved in April 2018), and WeChat (updated on 21 March 2018):

TripAdvisor may change, add or delete these Terms and Conditions or any portion thereof from time to time in its sole discretion where it deems it necessary for legal, general regulatory and technical purposes, or due to changes in the services provided or nature or layout of the Website. (IDs: anyreason, update, lawchange).

Skype reserves the right to charge you for such Products (at the normal rate) in the event that Skype determines (in its reasonable discretion) that you are abusing the terms of the offer, including if you are using any service, proxy or other devices or anonymous IP address that prevents us from locating you. (ID: againsterms).

As WeChat and user experiences are constantly evolving, we may from time to time: add, change or remove features or services from WeChat (including in relation to whether a feature or service is free of charge or not); and/or suspend, discontinue or terminate WeChat altogether. (ID: update).

As seen from the above formulations, clauses identifying reasons for unilateral change may only seemingly be different from the cases discussed earlier in Section 6.2. This is an important consideration, particularly if corresponding terms relate to services for which consumers do pay a monetary price or where the nature of the services is such that unanticipated changes may cause serious harm to the consumer. In our study, provisions mentioning reasons for unilateral changes were most frequent in the communication tools sector. Most notably, clauses authorising a trader to change the terms of the bargain by amending, updating, or discontinuing the provision of services were found in 100% of documents in that sector. With this in mind, it is interesting to note that the above clause from the WeChat ToS continues to be present, essentially unchanged, in the terms’ current version (last updated on 19 August 2021). The clause could theoretically authorize the trader to suspend or discontinue the provision of services in an instant, preventing all or some of its 1.2 billion monthly active users³² from accessing their communications. By contrast, the terms in the Skype ToS have meanwhile been amended and no longer provide that it would be the trader who, at its own discretion, establishes whether there has been a breach.³³ The latter is a welcome development, which consumer protection actors would be glad to see more often.

Unilateral Termination

Unfairness of Unilateral Termination Clauses

Found in 93 out of 100 contracts in our sample of online contracts, unilateral termination clauses skew the balance of parties’ rights and obligations by allowing one of them—in our sample the service provider in every case—to terminate the agreement at their option. Not unlike the previously discussed clauses on unilateral change, terms of this kind can authorize the trader to terminate the contract in undefined circumstances, or once the trader decides that the specified conditions have not been met, and the trader can so act even without notice. The nature of such clauses can vary greatly from contact to contract. In our sample, 420 unilateral-termination clauses, embodying 28 distinct practices, could be identified. In a number of cases, a single clause encompassed several problematic practices. In total, the 28 typified practices were identified 500 times within the contracts studied (Table 5).

Table 5 Legal rationales for the legal qualification of unilateral termination unfairness

Figure 6 represents the number of unilateral-termination practices identified in the corpus. The practice found in the highest number of cases concerned breach of contract on the part of the user (24% of all unilateral termination practices). Two further most frequent categories were those in which termination of contract by the trader was authorized without prior notice or without stating reasons (15.60% and 15%, respectively). Also comparatively frequent were practices relating the user’s engagement in unlawful or abusive activities or to termination explicitly for any reason (9% and 8%, respectively). The sectoral distribution of particular practices is depicted in Figure 7.

Fig. 6

Unilateral termination: Number of (potentially) unfair practices

Fig. 7

Unilateral termination: Distribution of unfair practices across industry sectors

While there is overlap between the unilateral change and unilateral termination practices—as in the case of no notice or no reasons—clauses explicitly providing traders with very broad leeway for action do not seem as predominant in the latter case. Possible reasons for contract termination are typically specified, and can be fairly detailed, even if not exhaustive. One explanation for this difference lies in the nature of the consequences flowing from contract termination as opposed to amendment. Already back in 2017, the European Commission and national consumer authorities called on social media platforms to ensure compliance of their practices with consumer law, arguing that contract termination “should be governed by clear rules and not decided unilaterally without a reason.”³⁴ The importance of stating grounds for restricting the provision of digital services is also recognized in recent EU legislation: not only in relation to platform-to-business contracts (Articles 3(1)(c) and 4 of Regulation 2019/1150), but also for the digital economy more broadly, as demonstrated by the pending proposal for the Digital Services Act (Article 12(1) of the proposal). As we discuss in the following sections, cases of contract termination—especially with regard to Web hosting and data storage—may at times encompass content removal, which is a subject of distinct analysis in our study. Both cases are likely to come under increased scrutiny in the coming years. A sample of the most common (potentially) unfair unilateral termination clauses found in our corpus is presented further below. The focus remains on the different definition of reasons for termination, which the CLAUDETTE methodology considers central in distinguishing between potentially unfair and clearly unfair clauses.

Termination with Reasons Provided: Example of Breach of Terms or Standards

As mentioned, the most common ground for termination by the trader in the corpus was the consumer’s breach of the agreement or of the relative community standards. From a sectoral perspective, clauses of this kind were prevalent in all the sectors studied, with the exception of the travel, accommodation, and service intermediaries sector, where they were only found in 14.29% of documents. The relative frequency of this practice was highest for content sharing platforms (90.91% of ToS), followed by health and well-being (85.71%) and social networks and dating (82.35%). Particularly noteworthy is the prominent position of content sharing platforms and social media, as platforms active in these sectors are known for developing community standards, which can be formulated rather vaguely. Moreover, as we discuss further below with respect to content moderation, platforms of this kind have gained the status of vital social outlets, which further reinforces the case for monitoring them closely.

Clauses authorising the trader to terminate the contract in the event that the consumer should breach the agreement or the relative community standards are only one example of the practice whereby the contract can be terminated if one of the predefined conditions occurs. Other prominent examples include references to contract termination where the user has been engaging in illegal or unlawful activity or has infringed the rights of others. The line between these practices is not clear-cut, and overlaps may indeed occur. Like in the case of unilateral modification, a challenge posed by such clauses usually concerns the level of discretion enjoyed by the trader in determining what constitutes the relevant condition and whether it has been fulfilled in given circumstances. For illustration consider the following examples from the Electronic Arts (updated on 17 May 2018) and Academia ToS (updated on 15 May 2017). Both clauses are also present in the current versions of service providers’ ToS (last updated on 25 August 2021 and 15 May 2017, respectively).

We also may terminate your License and your EA Account if we determine you have been cheating. (ID: breach).

If we believe, in our sole discretion, that any Member of Academia.edu or Academia Premium or other Academia.edu paid services is in breach of our Terms, or act outside of the letter or spirit of our Terms, we reserve the right to add limitations to your access to www.academia.edu, up to and including terminating all access to www.academia.edu. (ID: breach).

Where the trader enjoys significant discretion in determining whether termination of the contract is authorized, the consumer may not be able to anticipate trader’s decisions and be left without an opportunity to bring counterarguments. The corresponding risk is especially high where the relevant reasons include transgressions against “the spirit” of the terms or against vaguely defined “community standards.” Moreover, if the nature and degree of consumers’ misconduct remain unspecified, then even a minor, one-off violation theoretically may result in contract termination. Accordingly, clauses which do relate to reasons for contract termination, such as breach of contract, may nonetheless be nontransparent and unbalanced, and as such potentially unfair.

Termination Without Mentioning a Reason, or Explicitly for Any Reason

While, in CLAUDETTE, clauses which did mention reasons for unilateral contract termination by the trader are considered as only potentially unfair, the assessment was more restrictive where no such reasons were provided or where termination could expressly occur for any reason. On the whole, the reasoning set out in Section 6.2 can be applied to this group of clauses, as they equally create uncertainty on the part of the consumer and leave room for significant discretion in actions of the trader. Since termination of a contract by the trader generally goes to the detriment of the consumer, the imbalance between the parties’ rights and obligations is even more apparent in those cases than in cases involving unilateral amendments. A critical assessment of such practices is therefore more decisive.

Considered together, clauses which authorize the trader to unilaterally terminate the contract with no mention of any reason or expressly for any reason amounted to 23% of all unilateral-termination practices in our corpus. For illustration of the former consider the following examples from Amazon (updated on 30 May 2017) and 9GAG (retrieved in February 2019), both also available in the same³⁵ or similar form³⁶ in the current ToS:

Amazon reserves the right to refuse service, terminate accounts, terminate your rights to use Amazon Services, remove or edit content, or cancel orders in its sole discretion. (ID: no_grounds).

9GAG, Inc may change, suspend or discontinue the Services at any time, including the availability of any feature, database, or Content. (ID: no_grounds).

Notably, clauses of this kind were especially prominent in the Web search and analytics sector (75% of documents) and in health and well-being (71.43% of documents). A high occurrence of this type of term is particularly alarming in the latter area, where unpredictable decisions by traders can put vital interests of consumers on the line.

Finally, for illustration of express statements that the contract or access to a service may be terminated for any reason, consider the following examples from Betterpoints (retrieved in May 2019) and CrowdTangle (updated on 11 January 2017):

We may, in our sole discretion, terminate or suspend your access to all or part of the Service at any time, with or without notice, for any reason, including, without limitation, breach of this Agreement. (IDs: breach, any_reason, no_notice).

CrowdTangle, in its sole discretion, has the right to suspend, terminate or restrict your access to the Services, or any other CrowdTangle service, for any reason and at any time. (ID: any_reason).

Both clauses continue to be present in the same³⁷ or similar form³⁸ in the service providers’ current ToS. The imbalance in the parties’ rights and obligations is particularly apparent in such cases, as it is entirely up to the trader to decide whether it considers itself bound to perform. Clauses of this kind were generally less frequent in our corpus and were distributed fairly evenly across all the studied sectors. A notable exception was, once again, the travel, accommodation, and service intermediaries sector, where no such practice was found.

Content Removal

The Significance of Content Removal

A further category of clauses that can significantly tilt the balance between the consumer and the trader are unilaterally drafted contract terms which authorize the provider to delete a user’s content and material, including in-app purchases. With the rise of cloud computing, digital content is no longer stored on the consumer’s own computer but rather on the trader’s server. As a consequence, providers enjoy a position of power over the users who are merely provided with access to such content.

From a consumer protection perspective, the balance between the two parties’ rights and obligations in the case of content removal clauses is shown by our analysis to be similar to the case of unilateral termination. Service providers may choose not to state any reason for removing user content and have full discretion in removing such content even if they do make their reasons explicit. Even when reasons for removing user content are mentioned, a risk remains that online traders will be the sole authority in interpreting and applying their policies, and that they may also do so by fully automated means. Content removal practices may in this case cause not only financial loss but also damage to consumers’ private sphere, and may even undermine the purpose of entering into the contract. Indeed, when consumers form contracts to use online services, they expect to be able to buy, upload, store, share, and retrieve their content (e.g., documents, photos, e-mail).

As was mentioned, termination may often encompass content removal, especially where the storing of content lies at the heart of a given service. Similarly, the classification of content as subject to removal can in some cases also trigger the blocking of an account. In such circumstances it is especially important that the consumers be able to foresee the circumstances under which their conduct can elicit the provider’s response—and that those circumstances are not in themselves problematic. Very often, “digital force” (Palka, 2017) is used to block and remove hateful, abusive, and clearly illegal content and to comply with legal requirements, as in case of copyright infringements and the notice-and-action procedure, which is increasingly becoming a focus of soft and hard law.³⁹ Sometimes, however, content removal simply results from a discretionary, or arbitrary, corporate decision, often contested, as in the cases of the “Napalm girl” war photo (Levin, 2016)⁴⁰ and the Neptune sculpture photo (Helmore, 2017),⁴¹ both blocked for displaying nudity. A further cause of concern is the unequal treatment of similar content posted by different groups of users, potentially amounting to discrimination of marginalised communities (Iqbal, 2020).⁴² Service providers should not be able to legitimize such actions by invoking their terms of service.

As already seen from above, aside from the issue of fairness in contracting, a broader content moderation question can be raised as to whether large companies should have the power to interpret social values and principles at all. Moreover, the providers’ power to remove content and block accounts may enable new kinds of influence and control, underpinned by purposes and values that may conflict with the requirements of democratic citizenship, as in case of deletion of posts by protesters, human rights activists, and others whom private and public actors (such as police and governments) deem a nuisance. This is particularly true with regard to large online platforms and social networks, which are the primary source of information (Gottfried & Shearer, 2016).⁴³ Partly addressing this question are recent regulatory developments observed at the EU level. As was mentioned, the proposed Digital Services Act requires providers of intermediary services to include, in their terms and conditions, information on any restrictions imposed in relation to the use of their service in respect of information provided by users. Platforms would further be required to “act in a diligent, objective and proportionate manner in applying and enforcing [such] restrictions” (Article 12(2)). The direction of regulatory developments in this regard is to be welcomed. As we discuss in the next section, providers of digital services may otherwise lack incentives to specify their content-moderation policies and report on their implementation.

Unfair Content Removal Clauses

We identified 17 different practices under which service providers claim the right to unilaterally remove users' content. These are shown in Table 6.

Table 6 Potentially unfair content removal practices

Figure 8 provides a quantitative representation of the (potentially) unfair content removal practices and their frequency within each studied sector with regard to the 100 analysed ToS. It can be observed that the most frequent practices concern the ability to remove users’ content and material for any reason or no reason at all, and at the service provider’s sole discretion (31.60% of all content removal practices), as well as in cases of ToS violation (22.15%), and without notice (12.70%). In total, 216 clearly and potentially unfair content removal clauses and 307 instances of the 17 studied practices were identified in our corpus.

Fig. 8

Content removal: Number of (potentially) unfair practices

Figure 9 depicts the proportion of documents in which particular practices were present across all the sectors studied. It can be observed that more than 50% of contracts in seven out of nine sectors contained references to content removal at a trader’s sole discretion. The corresponding numbers were especially high for gaming and entertainment and social network and dating (65% and 64.7% of documents, respectively). The prominent position of gaming and entertainment is noteworthy, since respective services often make it possible for users to acquire valuable content via in-app purchases. Moreover, it is problematic that the content removal practice should occur frequently in the ToS for social networks, considering the role these platforms play as vital social outlets. Travel, accommodation, and service intermediaries once again fall at the other end of the spectrum, with full-discretion clauses being found only in 21.43% of corresponding documents. Consistently lower numbers of (potentially) unfair clauses observed in this domain beg the question whether contracts in this area are indeed more balanced, at least as regards the types of clauses studied in our project.

Fig. 9

Content removal: Distribution of unfair practices across industry sectors

Regarding the distinction between potentially and clearly unfair content removal clauses, three out of 17 categories indicated in Table 6 were considered clearly unfair, since the relative clauses stipulate that the service provider may remove content and material for any or no reason at its sole discretion (ID: fulldiscretion), without prior notice (ID: nonotice), and without the ability of users to retrieve such content (ID: noretrieve). The remaining 14 practices have been evaluated as only potentially unfair, since the relative clauses indicate the conditions for content removal. As with the other unfairness categories, each (potentially) unfair clause in the dataset has been indexed with one or more identifiers of a (potentially) unfair practice.

Consider, for instance, the following examples from the terms of service for TikTok (retrieved in October 2018) and Pokemon GO (updated on July 2016):

In addition, we have the right - but not the obligation - in our sole discretion to remove, disallow, block or delete any User Content (i) that we consider to violate these Terms, or (ii) in response to complaints from other users or third parties, with or without notice and without any liability to you. (IDs: termviolation, complaint, nonotice, tpright).

Niantic further reserves the right to remove any User Content from the Services at any time and without notice and for any reason. (IDs: nonotice, fulldiscretion).

The first clause above—taken from the TikTok ToS and indicating circumstances of content removal, albeit not very clearly—was classified as potentially unfair. In contrast, the second clause, from the Pokemon GO ToS, was classified as clearly unfair. In the latter case, the risk of individuals becoming overpowered by the unbalanced terms is particularly serious, since they would have no means of foreseeing and influencing the providers’ decisions. Interestingly, while the clause from the TikTok ToS remains unchanged in their current version (last updated in July 2020), reference to removing content “for any reason” is no longer present in the updated PokemonGO ToS (last updated on 15 May 2019). The latter do, nevertheless, continue to refer to removal of content “at any time and without notice,” while the circumstances in which content can be removed are still far from apparent.⁴⁴ Accordingly, content-removal clauses in the updated version of the PokemonGO terms are not beyond suspicion and can be deemed potentially unfair.

Arbitration

The Risks and Benefits of Arbitration

Alternative dispute resolution clauses are commonplace in the online-service contracts environment. Of particular interest are terms concerning arbitration, since they appear to be most common; in the analysed sample of 100 terms of service, a total of 106 arbitration clauses have been identified in 43 contracts. Under the EU law, arbitration clauses are potentially unfair where they were not individually negotiated and, contrary to the good-faith requirement, cause a significant imbalance between the rights and obligations of the parties, to the detriment of the consumer. Point 1(q) of the Annex to the UCTD, containing a grey list of potentially unfair clauses, explicitly refers to terms which have the object or effect of excluding or hindering the consumer’s right to take legal action or exercise any other legal remedy, particularly by requiring consumers to take disputes exclusively to arbitration not covered by legal provisions, unduly restricting the evidence available to them or imposing on them a burden of proof which, according to applicable law, should lie with another party to the contract.

There are numerous dimensions in which the use of arbitration clauses may be a detriment to consumers, to name a few:

1. 1.

   Awareness. Consumers who have signed a clickwrap contract containing a clause on mandatory arbitration may not discern that they have waived their right to litigate the case in court. Having a false idea about the means of recourse they have at their disposal, consumers may end up losing time by erroneously seeking redress by way of court proceedings.

2. 2.

   Cost. While initially praised as a quicker and cheaper alternative to litigation, arbitration may not provide such benefits from a consumer’s perspective. Filing fees can be prohibitive to a consumer, particularly one who has just suffered a financial loss in the course of a relationship with a service provider. If arbitration is to take place outside consumers’ domicile or in a language they do not master, the challenges are even greater.

3. 3.

   Secrecy. Since arbitration files are confidential in the vast majority of cases, there is no public record or precedent that could be used by the consumer in preparing the case. As a result, unless they have an arbitration experience to match that of the service providers’ legal department, they are likely to find themselves in an uphill battle. Similarly, there is little opportunity to publicly contest an unfavourable resolution.

4. 4.

   Limited remedies, discovery, and judicial review. Where an arbitration clause involves a waiver of right to court proceedings, consumers face the risk of losing the protection offered by the law. The severely limited discovery phase in arbitration proceedings restricts consumers’ opportunities to prove the alleged behaviour, whereas judicial review is often limited to the award itself and does not extend to its substantive justification. This renders arbitration attractive to large-scale service providers interested in precluding the possibility of demonstrating a longer history or patterns in their behaviour towards consumers.

The above observations concerning the risks of arbitration do not imply that alternative dispute resolution in general cannot bring benefits to consumers. On the contrary, such systems can deliver justice to more people quicker and at a lower cost than traditional ones (Schmitz, 2010). The EU has long supported the development of consumer ADR,⁴⁵ and recently also of online platforms’ internal complaint-handling systems.⁴⁶ This general development, however, has always taken place without foreclosing consumers’ access to a court, and with a range of safeguards. In contrast, as the analysis of our corpus shows, arbitration clauses included unilaterally by traders in B2C contracts can give rise to significant concerns.

Unfair Arbitration Clauses

We distinguish eight types of contracting practices concerning arbitration, each of which limits the rights of the consumer seeking recourse against a trader.

The frequency of different practices across market sectors is depicted in Figure 10, and generally reflects the order of practices in Table 7 above. The sectoral distribution of particular practices is depicted in Figure 11.

Fig. 10

Arbitration: Number of (potentially) unfair practices

Table 7 Potentially unfair arbitration practices

Fig. 11

Arbitration: Distribution of unfair practices across industry sectors

Judging from the applicable fairness standard, as set out in the UCTD grey list, the most pressing issue from a consumer protection perspective lies in clauses which provide for mandatory arbitration and put the consumer in a disadvantageous position in the arbitration process. Such clauses were unfortunately not absent from the studied corpus.

The most frequent practice found across all sectors relates to arbitration being stated to be mandatory (41.89% of all arbitration practices). Under such clauses, all disputes must be resolved through arbitration, instead of a court of law, and the rights and obligations of the parties will be decided by an arbitrator instead of a judge or jury. The studied corpus contained 62 practices of this kind across all market sectors. Exceptions to this rule were specified 34 times. Consider the examples below, taken from the terms of service for Electronic Arts (updated on 17 May 2018) and Expedia (updated on 21 February 2018):

All disputes, claims or controversies arising out of or relating to this Agreement, any EA Service and its marketing, or the relationship between you and EA (“Disputes”) shall be determined exclusively by binding arbitration. (ID: arb_obligatory).

Any and all Claims will be resolved by binding arbitration, rather than in court, except you may assert Claims on an individual basis in small claims court if they qualify. (IDs: arb_obligatory, exceptions_apply).

Both clauses continue to be present in the current versions of service providers’ ToS (last updated on 25 August 2021 and 16 June 2020, respectively). Notably, however, Expedia appears to apply different terms to different jurisdictions, while the Electronic Arts ToS explicitly state that the section on binding arbitration does not apply to users from certain regions, including the EU Member States. Such differential treatment could already be observed at the time the studied corpus was created and may pose a challenge to an automated assessment of standard terms. The continued use of such clauses in relations with consumers from certain jurisdictions can be a concern of its own, calling into questions a pro-consumer “Brussels effect” (Bradford, 2020).

Two further practices identified in the dataset which merit close attention from a consumer protection perspective relate to the application of extralegal rules or establishment of the place of arbitration outside consumer’s domicile (amounting to 15.54% and 6.76% of all arbitration practices, respectively). Consider, for example, the following clauses from the Couchsurfing (updated on 10 September 2018) and Vivino ToS (updated on 16 September 2015), which require an arbitration process that is to be held outside the consumer’s domicile under the rules of an external decision-making body:

You and Couchsurfing agree that you will notify each other of any dispute within thirty (30) days of when it arises, that you will attempt informal resolution prior to any demand for arbitration, that any arbitration will occur in San Francisco, California and that arbitration will be conducted confidentially by a single arbitrator in accordance with the Rules of the American Arbitration Association. (IDs: outside_domicile, extralegal_rules).

Any dispute arising from or relating to the subject matter of these Terms of Use shall be finally settled by arbitration in New York County, New York, using the English language in accordance with the Arbitration Rules and Procedures of JAMS then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Arbitration Rules and Procedures of JAMS. (IDs: arb_obligatory, outside_domicile, extralegal_rules).

Notably, while the former clause continues to be present in the service provider’s ToS effective at the time of this writing (last updated on 30 June 2020), the current Vivino terms (last updated on 23 September 2020) contain no reference to arbitration whatsoever.

Consumers’ access to justice in the situations illustrated above is hindered on different grounds. Firstly, where arbitration becomes the first, and sometimes only, route for dispute resolution, ADR fails to extend both parties’ avenues to justice beyond traditional courts, but rather serves to constrain them.⁴⁷ Secondly, by requiring consumers to submit their claim in a jurisdiction other than that of their domicile, the clauses place a disproportionate burden on the consumer.⁴⁸ Thirdly, where the clause provides that the case would be judged under the rules of an external governing body, consumers may be unknowingly waiving their rights to the protection granted by the law of their country. For these reasons, terms providing for mandatory arbitration were considered potentially unfair in the CLAUDETTE project, while terms relating to the application of extralegal rules or establishing the place of arbitration outside consumer’s domicile were deemed clearly unfair.

On a positive note, the two most problematic practices, assessed as clearly unfair, were identified in less than 50% of documents across all studied sectors. The relative numbers were highest in the communication tools sector, in which 40% of ToS referred to extralegal rules and 20% of documents to the place of arbitration outside the consumer’s domicile. Interestingly, contracts in the travel, accommodation, and service intermediaries sector were no longer the least unbalanced ones, even though the relative numbers in this sector were still comparatively low (14.29% for extralegal rules and 7.14% for the place of arbitration outside the consumer’s domicile). Instead, the incidence of arbitration clauses was lowest in Web search and analytics, where none of the most problematic practices was found.

Conclusions

The rise of artificial intelligence in digital markets exacerbates the asymmetry of power and information between traders, equipped with potent algorithms, and consumers as weaker parties. AI systems, however, need not be a tool that only large businesses can deploy. Rather, technological opportunities can also be seized by consumer protection actors and act as a counterweight to economic power structures. In particular, as we show, AI can be used to automatically analyse extensive textual documents which consumers are continuously faced with, without having the skills or training needed to process them. Moreover, the datasets developed for such systems can be a source of valuable insights about the practices of online traders, while the systems themselves can be helpful in monitoring practices over time.

In this paper, we presented CLAUDETTE as an example of AI-powered system premised on the public interest and designed to automatically detect and classify unfair terms in business-to-consumer contracts. On the basis of prior research on digital consumer markets, as well as an examination of recent legislative developments at the EU level, we analysed a corpus of 100 ToS, collected under the CLAUDETTE project, with an eye on five categories of (potentially) unfair clauses which merit greater monitoring, i.e., limitation of liability, unilateral change, termination, content moderation, and alternative dispute resolution. We grouped the 100 contracts in nine market sectors, i.e., e-commerce; productivity tools and business management; Web search and analytics; communication tools; travel, accommodation, and service intermediaries; health and well-being; gaming and entertainment; social networks and online dating; and content-sharing platforms. This allowed us to investigate and discuss patterns of unfair practices and their distribution across market sectors. Attention is drawn to broadly framed liability exclusions and unilateral change clauses, to unilateral termination and content removal clauses which do not state reasons for such actions, and to clauses stating that disputes should exclusively be settled by way of arbitration. We provided examples of clearly and potentially unfair clauses and found that many of those randomly selected, problematic formulations continue to be present in the service providers’ current terms.

As concerns the limitation of liability, we retrieved 629 (potentially) unfair clauses from the entire dataset. Such clauses were present in 98 out of 100 ToS, across all the analysed market sectors. Under this category, we identified six classes of clauses limiting and/or excluding liability for damage on the basis of (i) liability theories, (ii) causal link, (iii) kind of damage, (iv) standard of care, (v) cause, and (vi) compensation amount. Within each class, we distinguished a variety of potentially unfair practices, mapping different questionable circumstances under which ToS reduce or exclude the provider’s liability. The most common practice concerns general and nonspecific limitation and/or exclusion of liability (19.62%), followed by liability limitation for third-party actions (11.60%), for any damage (9.28%), and for interruption and/or the unavailability of the service (8.15%). In contrast, among the less frequent were limitations relating to cases of gross negligence (0.19%), intentional offences and/or damages, and physical and personal injury (1.08%). From a sectoral perspective, it is notable that clauses that introduce a general and nonspecific limitation and/or exclusion of liability were most frequent within the analysed dataset and were found in 100% of contracts in four out of nine market sectors, i.e., e-commerce, productivity tools and business management, communication tools, and content sharing platforms. Similarly, clauses limiting liability by causal link were present in 100% of documents in four out of nine analysed sectors, i.e., productivity tools and business management, Web search and analytics, communication tools, and content sharing platforms. With regard to clauses limiting the liability by kind, the most frequent were those related to broad categories of loss and to data preservation. In the first case, their incidence is highest in the productivity tools and business management sector, being present in 100% of contracts, followed by e-commerce and Web search and analytics. Clauses meant to limit the provider’s liability with regard to data preservation were mostly present in productivity tools and business management, being found in the 100% of ToS, and content sharing platforms, where they have been detected in 90.9% of ToS. Apart from their distribution, it should be remarked that these clauses were present in all the analysed sectors.

As regards contract modification, the most common practice concerned the ability to unilaterally change the contract without giving reasons (59.60% of all unilateral change practices). Clauses of this kind were found in 100% of documents in five out of nine sectors. Specifically, this was the case for e-commerce, productivity tools and business management, Web search and analytics, health and well-being, and content sharing platforms. This partly corresponds with the findings on unilateral contract termination with no mention of reasons. While these clauses amounted to only 15% of all unilateral-termination practices, in Web search and analytics and in health and well-being they were present in 75% and 71.43% of documents, respectively. A high occurrence of terms allowing contract modification and even termination without notice can be especially problematic in latter area, in which vital interests of consumers can be at stake.

Our analysis further shows that references to content removal at trader’s sole discretion were relatively frequent across most sectors, as demonstrated by the presence of such clauses in more than 50% of contracts in seven out of nine sectors. The corresponding numbers were especially high for gaming and entertainment and in social networks and dating (65% and 64.7% of documents, respectively). The prominent position of gaming and entertainment is noteworthy, as consumers of these services often develop their content via in-app purchases promoted by providers. Moreover, it is problematic that practice occurred frequently in social networks ToS, considering the role these platforms have come to play as vital social outlets.

On a positive note, we observe that the two most problematic practices concerning arbitration—relating to the application of extralegal rules and the place of arbitration outside the consumer’s domicile—were identified in less than 50% of documents across all the sectors studied. This suggests that clarification of the fairness standard in this area, both through the grey list in the Annex to the UCTD and through subsequent case law, may have positively affected the development of the market practice, at least for EU users.

Finally, an interesting finding concerns the travel, accommodation, and service intermediaries sector, in which (potentially) unfair terms appeared relatively less frequently. Consistently lower numbers for such contracts in our corpus beg the question whether the latter are indeed more balanced, at least as regards the types of clauses studied in our project. This hypothesis could be a subject of the future research.

Overall, our study demonstrates that online systems for the automated analysis of textual documents can offer valuable insights into the practices of online traders and can help in giving these practices a legal qualification. In this regard, as noted above, the issue of unfair contract terms is exacerbated in online consumer environments by terms contained in privacy policies that serve to authorize a pervasive collection and AI processing of personal data. Thus, given the promising results obtained in the analysis of Terms of Service, the scope of the CLAUDETTE project has been expanded to also cover the automated analysis of privacy policies (Contissa et al., 2018a). Preliminary results show that AI systems can bring significant added value in this domain, by facilitating the identification of unclear clauses, potentially “problematic” processing clauses and insufficiently informative clauses (Contissa et al., 2018b). Specific patterns of unlawfulness emerging in the privacy policies landscape can equally be explored in the future work.

Despite intense legislative and policy debates on data-driven services and technologies, the potential of consumer-empowering technologies is yet to gain due recognition at the EU level. In particular, the proposal on an AI Regulation seeks to support the development of human-centred AI, but displays a narrow understanding of the associated public interest. The proposed Digital Services Act, in turn, places restrictive conditions on access to platform data by vetted researchers, allowing such access “for the sole purpose of conducting research that contributes to the identification and understanding of systemic risks.” The interests of consumers are, in general, largely overlooked in the proposals, which are meant to shape an overarching EU vision on platforms and AI. If technology is to deliver any real countervailing power to weaker parties in digital markets, consumer-empowering AI must explicitly be recognized as part of EU policy and be accordingly met with support.