Nexus Stalkers:Privacy policy
From Nexus Stalkers
A privacy policy is a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer's data. The exact contents of a privacy policy will depend upon the applicable law and may need to address the requirements of multiple countries or jurisdictions. While there is no universal guidance for the content of specific privacy policies, a number of organizations provide example forms or online wizards.
Contents |
[edit] Development of Privacy Policies
In 1995 the European Union introduced the Data Protection Directive for its member states. As a result, many organizations doing business within the EU began to draft policies to comply with this Directive. In the same year the Federal Trade Commission published the Fair Information Principles, which provided a set of non-binding governing principles for the commercial use of personal information. While not mandating policy, these principles provided guidance of the developing concerns of how to draft privacy policies.
[edit] Fair Information Practice
The four critical issues identified in Fair Information Principles are:
- Notice – data collectors must disclose their information practices before collecting personal information from consumers.
- Choice – consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided.
- Access – consumers should be able to view and contest the accuracy and completeness of data collected about them.
- Security – data collectors must take reasonable steps to assure that information collected from consumers is accurate and secure from unauthorized use.
In addition the Principles discuss the need for enforcement mechanisms to impose sanctions for noncompliance with fair information practices.
[edit] Online Privacy Certification Programs
Online Certification or “Seal” programs are an example of industry self regulation of privacy policies. Seal programs usually require implementation fair information practices as determined by the Certification program and may require continued compliance monitoring. TRUSTe, the first online privacy seal program, included more than 1,800 members by 2007. CDT Guide to Online Privacy, Center for Democracy and Technology, 2009. Other Online Seal programs include the Better Business Bureau Assurance on the Internet BBB Seal Program BBBOnLine, Inc., Etrust, and Webtrust Seal Program.
[edit] Technical Implementation of Privacy Policies
Some websites also define their privacy policies using P3P or Internet Content Rating Association (ICRA), allowing browsers to automatically assess the level of privacy offered by the site. However, these technical solutions do not guarantee websites actually follows the claimed privacy policies. They also require users to have a minimum level of technical knowledge to configure their own browser privacy settings: Softsteel Solutions “The Platform for Privacy Preferences Project (P3P)”. These automated privacy policies have not been popular either with websites or their users CyLab Privacy Interest Group, 2006 Privacy Policy Trends Report, January, 2007.
[edit] Criticism
Many critics have attacked the efficacy and legitimacy of privacy policies found on the Internet. Concerns exist about the effectiveness of industry-regulated privacy policies. For example, a 2000 FTC report Privacy Online: Fair Information Practices in the Electronic Marketplace found that while the vast majority of website surveyed had some manner of privacy disclosure, most did not meet the standard set in the FTC Principles. In addition, many organizations reserve the express right to unilaterally change the terms of their policies. In June 2009 the EFF website TOSback began tracking such changes on 56 popular internet services, including the monitoring the privacy policies of Amazon, Google and Facebook Millis, Elinor, “EFF tracking policy changes at Google, Facebook and others”, Cnet Digital News, June 2009.
There are also questions about whether consumers understand privacy policies and whether they help consumers make more informed decisions. A 2002 report from the Stanford Persuasive Technology Lab contended that a website’s visual designs had more influence than the website’s privacy policy when consumers assessed the website’s credibility Fogg, B. J. “How Do People Evaluate a Web Site's Credibility? (abstract)” BJ, Stanford Persuasive Technology Lab, November 2002. Stanford Web Credibility Project. A 2007 study by Carnegie Mellon University claimed “when not presented with prominent privacy information...” consumers were “likely to make purchases from the vendor with the lowest price, regardless of that site's privacy policies Acquisti, Alessandro and Janice Tsai, Serge Egelman, Lorrie Cranor, ”The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study”, Carnegie Mellon University, 2007. ”However, the same study contends where privacy information is clearly presented, consumers prefer retailers who better protect their privacy and may “pay a premium to purchase from more privacy protective websites.” Furthermore, a 2007 Berkeley study found that “75% of consumers think as long as a site has a privacy policy it means it won’t share data with third parties,” confusing the existence of a privacy policy with extensive privacy protection Gorell, Robert. “Do Consumers Care About Online Privacy?”, October, 2007, a study by Chris Hoofnagle, UC-Berkley’s Bolt School of Law. Samuelson Law, Technology & Public Policy Clinic.
Critics also question if consumers even read privacy policies or can understand what they read. A 2001 study by the Privacy Leadership Initiative claimed only 3% of consumers read privacy policies carefully, and 64% briefly glanced at, or never read, privacy policies Goldman, Eric. “On My Mind: The Privacy Hoax”, October, 2002. One possible issue is length and complexity of policies. According to a 2008 Carnegie Mellon study the average length of a privacy policy is 2,500 words, the research and requires an average 10 minutes to read. The study cited that “Privacy policies are hard to read” and, as a result, “read infrequently” Out-Law News. “Average privacy policy takes 10 minutes to read, research finds”, Out-Law.com, July 2008.
