E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Freedom.net

Posted on April 1, 2000

      "Read the privacy policy." Consumer advocates never tire of repeating it. Journalists use it to wrap up the latest report of personal-data-jacking. Faced with long, difficult tracts of legalese, many web users have relied on privacy programs like TRUSTe to do the digging for them. Millions put their faith (and their personal data) into sites that display the ever-present green logo. But just what does that "trustmark" guarantee? In our first in a series on consumer privacy, we'll look closely at TRUSTe, and help you sort through those pages of promises, because, yes, you really should read the privacy policy. Is TRUSTe Trustworthy?

      TRUSTe's bright green seal resides on the vast majority of the Web's most visited sites, including eBay, Yahoo, and eToys. Prominently displayed at the top of the privacy policies it certifies, the TRUSTe seal has becomes one of the most recognizable symbols online. The seal's "click to verify" feature makes it seem as incontrovertible as the "click to verify" digital certificate for secure credit card transactions that web users have also learned to check for. The opening statements in most policies may also give users a false sense of security. Many believe that it's unnecessary to go through the policy, as it has already been verified by "an independent third-party privacy watchdog." But watch that wording. TRUSTe is not a consumer advocacy group.

      TRUSTe was created by Internet industry leaders in response to efforts by the Electronic Privacy Information Center (EPIC) and other consumer advocacy organizations to get the government to intervene on the Internet privacy issue. TRUSTe was an attempt by the industry to convince the government that self-regulation works. Its operations are bankrolled by the 750 companies that bear the TRUSTe seal, some of which TRUSTe has been pressed to investigate. Numerous high-profile privacy breaches involving sponsors or licensees Microsoft, Geocities, Deja.com and RealNetworks have demonstrated TRUSTe's inability to stand up for consumer rights. It these cases, TRUSTe stopped short of revoking its seal because the group had no legal jurisdiction to do so. Its trustmark only covers the privacy policy of a company's Web site, not the policies of software applications distributed on those sites, nor company decisions about what to do with users' personal information. As Lori Fena, Chair of TRUSTe's Board of Directors confirmed in a recent segment of 60 Minutes, the seal does not mean that a licensee is not sharing or selling personal information, nor does it guarantee that your privacy will be protected.

      TRUSTe's seal means that the Web site has met the core tenets of the TRUSTe program: disclosure, choice, access and security. While that may be good news to casual visitors of www.aol.com, AOL's Internet Access customers cannot depend on TRUSTe to cover any misuse of their personal data. Think you're protected when you download that nifty plug-in? Again, be careful: in most cases, TRUSTe covers the site, but not the software. It's even more serious when you scour the fine print of most member policies: TRUSTe's trustmark does not protect you from ad networks and their rampant harvesting of your personal data, even if their banners appear on a TRUSTe licensee site.

      Apart from narrow jurisdictional power, TRUSTe might have other reasons to back down from punishing the corporations that pay their salaries. If TRUSTe were to revoke its seal or sue for breach of contract (two actions it was considering in the case of RealNetworks), the public relations fallout could spell disaster for the member in question. "I guarantee that the damage to the reputation of the first company that we do that to will be big," said David Steer, Communications Director at TRUSTe, in a ZDNet article about the RealJukebox fiasco.

      TRUSTe has, however, stepped up efforts to eliminate obscure or vague language in licensees' privacy policies. Indeed, this could be the reason that microsoft.com's privacy statement no longer claims to "carefully" select other companies to send you information, nor that Microsoft will respond to your complaints by using "commercially reasonable efforts", two examples cited by Consumer.net. TRUSTe also conducts periodic audits to ensure a licensee's site practices what it preaches.

Growing Skepticism

      Consumers have been taking notice of TRUSTe's woes. In a recent poll by Jupiter Communications, only 27% of those surveyed said that a third-party seal like TRUSTe would convince them that a Web site would not violate their privacy. 64% reported that they would be unlikely to trust a Website even if the site had a privacy policy posted. Experts agree with these skeptical consumers. In a recent report Forrester Research declared that "most privacy policies are a joke."

      Despite widespread public mistrust of websites and their privacy policies, the average consumer does not believe that government intervention is the answer. In fact, Jupiter Communications found that only 14% of those polled said they would be more likely to trust a web site if it were subject to government regulations.

The Solution: Do It Yourself

      If industry self-regulation doesn't work, and government regulation seems equally unappealing, then what's the solution? Education and self-empowerment offer the safest and most effective protection from online privacy abuse. There's a growing number of software tools and services available that address privacy concerns, but here too, it's buyer beware: some privacy solutions that claim to protect your personal information (most notably by having you fill out lengthy questionnaires) are really designed to benefit partner merchants. The advice in all cases remains the same: "Read the privacy policy."

      Ask the right questions when you're looking at privacy policies:

  • General:
    • Is there a privacy policy at all?
    • Is there a link to the policy from the site's homepage?
    • From the pages where personal information is requested?
    • Is the policy clearly written in plain language?

  • Your Personal Information:
    • Does it state exactly what personal information it collects, including personally identifiable information (like your name and email address) and financial information?
    • Does it list the pages or sections in which personal information is requested?
    • Do you have a choice NOT to provide this information and still get the product/service offered?
    • Does it explain what the info is used for?
    • Does it state if and with whom they share your information?
    • Does it give reason for sharing?
    • Can you opt-in (choose to participate) or opt-out (choose not to participate) of information-sharing?
    • Can you change your mind at a later date about the release of your personal information?
    • Does it disclose how personal info is stored, and what safeguards are in place to protect it from accidental release or malicious attacks?
    • Does the site collect information from children? If so, what are their practices for obtaining verifiable parental consent before collecting information from children?
    • Is there a clearly stated method to contact the site for more information?

  • Technology:
    • Does the site use "cookies"?
    • What is recorded on them, and will the site still work with cookies disabled?
    • Does it allow third parties (such as ad networks) to also place cookies on your computer?
    • How are they used?
    • Does it state what is done with web log files and the IP addresses they store?
    • If the site offers downloadable applications, does the company make a privacy policy available for their product?
    • Is there information about personal data collection in the End User Agreement?

  • Verify on the site:
    • Is the mechanism to opt-in or opt-out easy to find and easy to use?
    • Does the company answer privacy inquiries quickly and forthrightly?

      E-CommerceALERT note: Visit PrivaGate.com for links to important privacy protection sites.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.