Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
5Activity
0 of .
Results for:
No results containing your search query
P. 1
Privacy Policy Primer

Privacy Policy Primer

Ratings: (0)|Views: 1,989 |Likes:
Published by Kurt Edelbrock
A primer on Federal Trade Commission principles and best practices for privacy policies.
A primer on Federal Trade Commission principles and best practices for privacy policies.

More info:

Published by: Kurt Edelbrock on Oct 14, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/21/2010

pdf

text

original

 
I.
Summary of Relevant Best Practices
Most statistical research regarding consumer attitudes toward onlineprivacy were completed before the beginning of the new millennium. The resultsare what you might expect: the Federal Trade Commission in 1999 reports that92 percent of consumers are concerned about the misuse of their personalinformation online, and 76 percent fear privacy intrusions on the Internet.
1
Datafurther suggested that there would be $18 billion in lost e-commerce revenue by 2002 because of privacy concerns.
2
However, this research was conducted duringa different era of online privacy. The main concern then was tracking cookies embedded deep into the code of a webpage; they acted like a sponge on the seafloor, passively but completely absorbing intimate details from oblivious users.The user information was then complied and usually sold to the highest bidder.
3
 Today, however, the issue is control over information that is voluntarily andactively shared by users. See, for instance, the recent uptick in news andcommentary about the evolution of Facebook privacy controls.
4
Consumersincreasingly expect fine-tuned and nuanced control over the information they 
Privacy Policy Recommendations1 of 7
1
Federal Trade Commission, S
ELF
-
REGULATION AND
P
RIVACY 
O
NLINE
:
 
 A 
 
EPORT TO
C
ONGRESS
, July 1999 [hereinafter “1999 FTC Report”]. Available online at http://www.ftc.gov/os/1999/07/privacy99.pdf.
2
1999 FTC Report, supra.
3
Grant Gross,
 Privacy Groups File FTC Complaint on Behavioral Advertising 
, PCWorld, April 8, 2010(“Online advertising platform providers are able to sell user data in real time, then the bidder can add itsown data about the user . . . “). Available online athttp://www.pcworld.com/article/193789/ privacy_groups_file_ftc_complaint_on_behavioral_advertising.html.
4
 
 See
Jenna Wortham,
 Facebook Glitch Brings New Privacy Worries
, T
HE
N
EW 
 Y 
ORK 
T
IMES
,
 
May 5, 2010. Available online athttp://www.nytimes.com/2010/05/06/technology/internet/06facebook.html.
 
2
share online
5
, and that expectation should factor into any privacy policy analysisas an overarching principle.Since the late 1990s, the Federal Trade Commission has held a series of forums, roundtables, and hearings on the topic of consumer privacy online. In1998, the Commission released a key report that highlighted four guidingprinciples in crafting privacy policies: notice, choice, access, and security.
6
Theseprinciples are not new to government policy; instead, they stem from a meta-analysis of a variety of seminal governmental reports and non-governmentalinformation privacy codes, both foreign and domestic. The principles were firstsummarized in this form by a U.S. Department of Health, Education, and Welfarereport in 1973
7
, and have been incorporated into privacy policy doctrine by theTrade Commission in 1998
8
and 2001
9
. The remainder of this section explains indetail the Commission’s fair information principles outlined above.
a.Notice
Notice requires organizations to disclose their privacy practices toconsumers
before
any information is actually collected.
The Commissionexpects privacy policies to be binding and enforceable: organizations mustPrivacy Policy Memo
2 of 7 10/14/10
5
Barbara Ortutay,
 Study finds young do care about online privacy
, T
HE
 A 
SSOCIATED
P
RESS
,
 
 April15, 2010. Available online at http://www.msnbc.msn.com/id/36561309.
6
 
 See,
 
generally
Federal Trade Commission, S
ELF
-R 
EGULATION AND
P
RIVACY 
O
NLINE
:
 
 A 
 
EPORT TO
C
ONGRESS
, June 1998. [hereinafter “1998 FTC report”] Available online athttp://www.ftc.gov/reports/privacy3/priv-23a.pdf .
7
Department of Health, Education, and Welfare, R 
ECORDS
,
 
C
OMPUTERS AND THE
IGHTS OF
C
ITIZENS
, July 1973. Available online at http://aspe.hhs.gov/datacncl/1973privacy/tocprefacemembers.htm.
8
1998 FTC report, supra, at n. 1.
9
Federal Trade Commission, P
RIVACY 
O
NLINE
:
 
F
 AIR 
I
NFORMATION
P
RACTICES IN THE
E
LECTRONIC
M
 ARKETPLACE
, May 2000. Available online at http://www.ftc.gov/reports/privacy2000/privacy2000.pdf.
10
 
In practice, it occasionally may not be possible to notify the user first: many third-party analytics applications collect usage information before a user could view the privacy policy. TheFTC has not yetaddressed this issue.
 
3
comply with their privacy policies such that they refrain from using personalinformation in any way that is not explicitly mentioned.
11
Notice is the mostessential principle expounded by the Commission: without it, the other principlesare rendered ineffective because consumers lose the ability to make an informeddecision about precisely how their information is used.
12
Notice requires a laundry list of disclosures to users about the data and theentities that collect it. Here are the relevant inquires as laid out by theCommission in their 1998 report:
 Who is collecting the data?
 What data is collected?
How is the data being collected?
 What is the collected data being used for?
Is any third-party receiving the collected data?
 What happens if the user chooses not to provide the requested data?In order for notices to be effective, the policy document or other relevantinformation must be placed in a clear and conspicuous manner in a prominentlocation on both the home page of the website as well as any other page whereinformation is collected.
13
The document should be clear in identifying thepurposes for which data are to be used. While the organization is free to makelater changes, such freedom also implies that the changes are not arbitrary orincompatible with the original purpose.
14
If changes create inconsistent policiesthat are applied to the original document, it may undermine consumerconfidence in the rest of the policy.
15
Privacy Policy Memo
3 of 7 10/14/10
11
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980),para. 10.
12
1998 FTC report, pg. 7.
 
13
OECD Guidelines, para. 9.
14
OECD Guidelines, Explanatory Memorandum, para. 54.
15
FTC 2000 Report, pg. 26.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->