5 Worst Legal Policy Failures of Fortune 500s and The Takeaway

Different companies have different ways of acquiring new customers. Some update old content for a ranking boost, others set up an affiliate program. But there are also those that profit from their competitors’ legal fails.

Every once in a while, another major company from the Fortune 500 club loses its customers due to a change in their legal policy, especially when such a change threatens to affect consumer rights.

These are the 5 examples of huge legal policy fails of Fortune 500s and the lessons that growing companies should take away from them.



Until its first legal policy fail, the note-taking app Evernote was a leader in the idea-capturing niche. Millions of loyal customers used it to write down, organize, and share their personal thoughts. But, as soon as the company announced that these thoughts were no longer private, the app’s status was radically changed.

From the business viewpoint, Evernote’s idea to utilize their users’ private content for machine learning purposes was actually pretty smart. If it wasn’t so outrageous in terms of consumer rights, this strategy would earn them thorough insight into their users’ needs and help them improve customer experience.

Still, such a change was unacceptable from the customer’s viewpoint, and Evernote’s CEO was compelled to address the users and promise them to complete the privacy of their personal content. The new policy lasted for no longer than two days before it was made compliant with the app’s initial data protection law.



One of the companies that made a profit from its competitor’s legal policy fail was Pheed, a teen-driven social network that provides an interesting, but a little-known alternative to Facebook, Twitter, and Instagram. When Instagram made its first major mistake in 2012, Pheed was there waiting and ready.

The controversial update in Instagram’s privacy policy gave this company the right not only to use its users’ private content but also to sell it to others. Understandably, the public backlash was immediate and relentless – Mashable published this news under the title “Instagram Will Basically Sign Your Life Away”.

Even though the update was recalled a day after, it took quite some time for the company to fully recover. Over the next couple of days, Instagram lost just enough of its users to make Pheed the ninth most downloaded social networking app on Apple’s iTunes store, just ahead of another mogul, LinkedIn.



A similar thing happened to music and video streaming service only two years ago, as Wired broke the news that users “can’t do squat about Spotify’s eerie new privacy policy”. The update was truly scary, declaring that the company would be able to go through users’ phones and collect all data.

Unlike with Evernote and Instagram, Spotify’s mistake laid in the improper use of language. The company failed to let their users know that the terms of the new update were opt-in, which nevertheless resulted in a public outcry across social media and a loss of around 75 million active users.



Snapchat failed to learn from Spotify’s mistakes, and made an identical one only a few months later, in November 2015. The update on their privacy policy was interpreted as even more brazen given the fact that, at the time, this app was the only one to offer the “disappearing content” concept to its users.

On one side, Snapchat was marketed as the only photo-sharing app that erases posts moments after they’ve been sent, which was exactly what made millions of social media goers interested in using it in the first place. On the other side, the app was now planning to record, store, even reduplicate photos.

Needless to say, the users were pretty upset by this privacy policy change. Not only was their content suddenly no longer guaranteed to disappear, but the company was also allowed to publish it without any liability for breaking their users’ privacy rights. The update was withdrawn only three days later.



With Evernote, the problem was notes. With Instagram and Snapchat, the issue was photographs. Spotify obviously wanted to go deeper into our phones, but its attempts were luckily stopped. But, what happens when a large file hosting service like Dropbox tries to do something similar?

Dropbox is not used solely by individuals. It is arguably the biggest, most popular collaboration and file storage tool on the market, trusted by thousands of companies to manage their daily operations and keep their sensitive data intact. This means terabytes and terabytes of sensitive information, all in one place.

In July 2011, Dropbox published a new privacy policy that granted the company rights to use, copy, distribute, and publicly display these files “to the extent we think is necessary for the Service”.

The users were naturally enraged and terrified until it turned out that these terms were awfully misunderstood due to terrible wording in their new policy.

The takeaway

Since all of the aforementioned cases include leading players from the first business league, we cannot but wonder how is it even possible that such big shots have managed to make rookie mistakes. What’s puzzling, even more, is that all of these legal policy fails were more or less the same.

It may be that businesses start to lose sound judgment as they grow. Perhaps Fortune 500 companies feel like they don’t have much to lose, so they gamble more. Whatever the case, their mistakes can teach the rest of us a lesson or two. Here’s what to not to do if you don’t want to repeat their missteps.

1. Don’t postpone getting a compliant privacy policy of your own

Even if you’re not in a data collecting business, your company will sooner or later have to learn how to handle its customers’ private information. This applies to virtually everyone who interacts with their customers in the online sphere, be that over a company’s website or via mobile or desktop app.

In case you still don’t have a compliant privacy policy in place, get one now. Not only can a missing privacy policy get you in trouble with the law, but it might cost you your reputation as well. The first time your customers feel like their privacy is violated, they’ll leave. The importance of this cannot be over-stressed.

2. Don’t be vague with your intentions to use customer data

Of course, data analysis is one of the best ways to learn more about your customers and improve their experience. It’s a legitimate strategy that millions of successful companies use, but it’s also a precarious ground. In order to do it properly, you need to let your customers know what your true intentions are.

If you’re planning to change your privacy policy, be transparent and upfront. Notify your customers about the new terms and conditions, but also translate them into plain language. Issue a statement that explains what these changes really mean for them, and make sure that they are clearly understood.

3. Don’t use legalese or hard-to-understand language

The best way to this is by using conversational language. If you take another look at the legal privacy policy fails listed above, you’ll see that at least three of them were caused by statements that were too formal for an average reader to understand. Avoid legalese, and keep it simple and forthright.

Experts go an extra mile to make entrepreneurship irresistible, so they often skip a few problematic, but crucial steps. The fact that nobody ever talks about the legal aspects of running a business doesn’t at all mean that these issues can be ignored.

As a matter of fact, the protection of customers’ rights and respect towards their privacy is the first and most important lesson that an aspiring entrepreneur should learn.