 |
Cybertelecom
Federal Internet Law & Policy An Educational Project |
|
Privacy Policies | |
|
|
© Cybertelecom ::See FTC Enforcement of Privacy Policies.
According to the Federal Trade Commission, Online Privacy Policies should disclose the following:
- What information is collected;
- How the information is collected;
- How the information is used;
- Whether information is disclosed to others;
- How choice, access and security are provided to consumers;
- Whether other entities are collecting information through the site (e.g., third party advertisers); and
- Who is collecting the data.
See Fair Information Practices
The FTC has developed four criteria for effective privacy programs:
- Notice - Web sites should provide consumers clear and conspicuous notice of information practices, including what information is collected, how it is collected (e.g., directly or through less obvious means such as cookies or webbugs), how the information is used, how consumers are provided Choice, Access, and Security, whether information is disclosed to other entities, and whether other entities are collecting information through the site.
- Choice - Web sites should offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice encompasses bother internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities).
- Access - Web sites should offer consumers reasonable access to the information collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information.
- Security - Web sites should take reasonable steps to protect the security of the information collected from consumers. [Privacy Online 2000 p. iii]
Privacy policies should be clear and free of contradictory or ambiguous language. When changes are made to policies, notice should be provided to individuals from whom the sites have collected material information, and affirmative opportunity to consent or opt out might be required. [Privacy Online 2000 p. 26]
Better policies are shorter. They should not be buried in a barrage of legalize, terms and conditions, which of tern are too long and incomprehensible to consumers. To be effective, privacy policies should build consumer trust.
Privacy Policy Generators can help get you started:
- DMA's Privacy Policy Generator
- Microsoft Privacy Wizard
- OECD Privacy Policy Generator
- Secure Assure Privacy Profile Wizard
- TRUSTe Privacy Statement Wizard
"B. Website Seal Programs.
"Third-party enforcement programs known as “seal programs,” provide another way to monitor company practices and enforce privacy policies. By clicking on the “seals” such as TRUSTe, BBBonline, Webtrust, and Enonymous.com on a particular website, a user is immediately linked to the site’s privacy statement. The purpose of the seal programs is to create name and sight recognition for the seals so that consumers will see them and know that they are visiting a site they can trust. Seal programs are designed to provide protection to consumers, by allowing web companies to standardize privacy policies."
- Know the Rules Use the Tools, Privacy in the Digital Age: A Resource for Internet Users, US Senate Judiciary Committee, p. 24 (n.d.)
The FTC also recognizes that enforcement is also a necessary component of any successful privacy program. In self regulation efforts, enforcement may come about contractually where sites participate in privacy seal of approval trust programs and are confronted with potential removal from that program. The government may also have a role where sites post privacy information and fail to comply with those representations, or follow other privacy practices that might otherwise be considered deceptive.
Form of the Privacy Policy:
- Consumer readable policies
- Standardized policies
- Machine readable policies (P3P)
- Full policies
- Full screen privacy policies versus mobile device small screen privacy policies
Papers
- Ashwini Rao Florian Schaub Norman Sadeh, Alessandro Acquisti, Ruogu Kang, Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online, FTC PrivacyCon 2016
- Chris Jay Hoofnagle and Jennifer M. Urban, Alan Westin's Privacy Homo Economicus, 49 Wake Forest L. Rev. 261 (2014) ("A regime of "notice and choice" largely governs U.S. Internet privacy law.' Companies, long encouraged by regulators, issue privacy policieS2 for consumers to read and act upon... In recent years, notice and choice has come under growing and sustained criticism, including criticism from regulators and businesses, in light of evidence that it may be ineffective.5 Yet it remains the central feature of U.S. privacy law. ")
- Center for Democracy and Technology, Behind the Numbers: Privacy Practices on the Web (1998)
- Georgetown Privacy Policy Survey: Report to the Federal Trade Commission (June 1999).
- Irene Pollach, What's wrong with online privacy policies? , CACM September 2007, 50(9): 103-108.