Companies struggle with privacy on the Web
May 20, 1999
by Deborah Radcliff
(IDG) -- The issue of privacy both polarizes and unifies government, cyberactivists, businesses and consumers. "Privacy is something that Americans respond to very emotionally," says industry analyst Jim Balderson at Zona Research Inc. in Redwood City, Calif.
Businesses have been on a collision course with consumer privacy ever since businesspeople realized the Internet's enormous marketing potential. "You have zero privacy. Get over it," Sun Microsystems Inc. CEO Scott McNealy told a crowd at a product launch earlier this year. That statement set off a firestorm of negative publicity in publications like Wired and is frequently derided by cyberactivists.
Such blithe underestimation of consumers' privacy concerns could be costly.
For example, users revolted against America Online Inc. in July 1997 when it declared it would sell customers' names and telephone numbers to telemarketing partners. And the Federal Trade Commission fined the Web-site hosting service GeoCities for violating its own policy on how it would use its members' personal information.
"Privacy is a very strong consumer concern. Just for their own self-betterment, companies doing business on the Web should address that concern," says Lee Peeler, associate director at the FTC's division of advertising practices.
But businesses and consumer interests need not crash head-on over privacy. In fact, Tara Lemmey, executive director of the San Francisco-based Electronic Frontier Foundation (EFF), predicts businesses that protect their customers' privacy will likely grow a faithful following and blow away their competition.
Put it in writing
It starts with disclosure, Peeler says. Tell your customers how you're gathering information, what you will do with that information and how consumers can prevent misuse of their information.
One reason for that gap is time-to-market, says Thomas Tucker, president of Key Marketing Services, an Internet marketing and business hosting service in Batavia, N.Y. "The issues for my company ... revolve around what is the quickest, cheapest and safest way to order any product over the Internet," he says.
Recent FTC actions may prompt businesses to take more time to hone their privacy policies.
Peeler says the FTC is embroiled in a handful of Internet privacy cases that he wouldn't discuss. But last year, the FTC filed a deceptive practices complaint against New York-based Internet company GeoCities.
The conflict arose over how GeoCities handled its "optional" form field information (education, income, marital status, occupation and interests), which was not to be released without the member's permission. But the information was shipped to third-party marketers. In addition, the complaint said GeoCities gathered personal information about children without parental consent.
In February, GeoCities received FTC approval of its privacy policies after GeoCities agreed to beef up its privacy practices and obtain parental consent before gathering information on children.
"This was a wake-up call in terms of how seriously we must treat privacy matters," says GeoCities spokesman Bruce Zanka, who stresses that no one was harmed in that instance. "We've taken stock of our privacy practices and have our house in very good order. Now we just want to get this whole matter behind us."
Let the customer drive
"We've always had an opt-in policy — an option to say explicitly, 'I want mail,' " he says. "What drove us to being anal about this is that we do a lot of business in Europe and Japan. The European Union rules on privacy are much more stringent than here in the U.S."
In order for U.S.-based Internet businesses to work with the EU's strict data privacy laws, the U.S. Department of Commerce last month released its own set of privacy rules, according to a report in The Wall Street Journal. Those include telling EU citizens how their data will be used, allowing them to opt out of having their information sold, securing the data collected and giving EU customers access to their own data.
In addition to government intervention, two private-industry organizations have stepped in to help Web businesses with their privacy policies.
Those organizations, TrustE, which was founded in part by the EFF, and BBBOnline, a new offshoot of the Better Business Bureau, support the opt-in policy. In fact, both groups have turned privacy into profit by selling products and services designed to protect consumers and add credibility to Internet businesses. Those include:
Though many hail these services as the best available solution, some online marketers, like Tucker at Key Marketing, feel they're gimmicks to make a site look more credible. "I think a lot of online privacy issues are really mountains being made from molehills. Some people grab them and focus on their own marketing niche," he says.
If a company opts not to use an outside service like BBBOnline or TrustE, it should at least provide a link to its own privacy statements on every Web page, contends Shelley Harms, executive director of public privacy at Bell Atlantic Corp. in New York. But she found it difficult to convince her organization's 40 webmasters to give up space to put a privacy button on every page. So she gave them better training on privacy guidelines.
"General employee awareness is also important," Harms says. "You don't just talk to the technologist, you also talk to those in the company who collect information — marketing folks, order takers, data-entry operators ...."
The biggest problem with privacy policies is their length: AOL's is eight pages, and Bell Atlantic's is three. What Web-surfing consumer would want to take the time to read them all?
Enter Platform for Privacy Preferences (P3P), developed by the World Wide Web Consortium. P3P, a privacy protocol which received wide industry support at last month's Computer Freedom and Privacy conference in Washington, translates English language privacy policies into Extensible Markup Language, machine-understandable policies. Joseph Reagle, project analyst at the consortium, anticipates that P3P will start showing up in Web servers and other Web technologies by year's end.
"The user's interaction is guided by their privacy preferences, but they don't have to necessarily read the sometimes-confusing privacy practices of every site they visit," Reagle says. "For instance, the pop-up window would say, 'This merchandiser subscribes to BBBOnline or TrustE.' Or it could say, 'This site has a questionable privacy practice. Do you want to proceed?' "
Privacy groups including EFF and technology giants like IBM, Microsoft Corp. and Novell Inc. have jumped on the P3P bandwagon. Outpost.com's Starkenburg says P3P is similar in concept to today's parental-control applications.
For more than 10 years, the EFF, which last year operated on $1.1 million in private donations, has waged an education campaign to bring together business, technologists, consumers and government to find common ground on privacy. And it's not alone. Other, newer cyberrights nonprofits such as the Global Internet Liberty Campaign and the Electronic Privacy Information Center are waging similar campaigns. All hope to stave off government privacy regulations. But it may be too late.
Last month, U.S. Sen. Orrin Hatch (R-Utah) warned businesses that some form of Internet privacy legislation "appears inevitable." Two bills have been introduced. One, the Online Privacy Protection Act, would require Web-site privacy policies.
The EFF's Lemmey says she hopes Washington doesn't have to jump in. Rather, she'd like to see industry self-regulation combined with government backup in the form of enforcement only when personal freedoms such as privacy are violated. "A good balance could be struck between good business practices and potential [government] backstops for bad actors," she says.
Study: 94% of top 100 Web sites post privacy policies
RELATED IDG.net STORIES:
FTC accuses young investor site of privacy violations
Electronic Privacy Information Center
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.