Welcome to WebmasterWorld Guest from 3.80.60.248

Forum Moderators: buckworks

Message Too Old, No Replies

What privacy statements for e-commerce are obligatory in 2015

     
2:01 am on Jul 21, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member whitey is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 28, 2005
posts:3072
votes: 27


Here's a fast forward from a lot of old posts here on Webmasterworld regarding privacy policies which are getting out-dated.

Lot's has changed in more recent times. Social plugin's, login data, remarketing, use of data, geo data, cookies, SSL requirements with affiliates etc etc.

Can we get some good Q & A going on what's in , what's out, what's changed, and reference points for e-commerce websites.

Maybe a good start is to name the best resource for a privacy statement template that's user friendly. Then review and open up some discussion. Thoughts ?
2:14 am on July 21, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9033
votes: 752


None will be "user friendly" and you start with the old ones... take nothing out, just add in all the new stuff (and if EU area, probably an advisory on use of cookies and site tracking, and they have to OPT IN to allow those...) and go from there.

Also might be helpful to remind all that the governments of nearly all internet connected powers have their own survelliance and monitoring techniques, which you do ot use, but cannot shield the visitor from (NSA, FBI, the equivalents in UK, France, Germany, Iran, China, Brazil and on and on...) And the user need be aware that their own ISP is tracking their internet usage, though you, again, have no control over that behavior.

Some of that is over the top.... but then again, maybe not so much.

You can only deal with the privacy concerns regarding YOUR site/activity with the user. That's all you have control over. If your user is surfing with JS enabled, their activity on your site will be reported to a third party.... somewhere.
8:12 am on July 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member whitey is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 28, 2005
posts:3072
votes: 27


Is an address an obligatory contact requirement, or will an email contact be enough for most jurisdictions ?
7:21 pm on July 22, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3451
votes: 61


Will also vary between sole traders and limited liability companies
8:21 pm on July 22, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9033
votes: 752


Ultimately7, your jurisdiction counts first, then all the others.

Privacy, I believe, makes no difference to what type of business one might be as privacy is between that entity and the USER (who is not a business). In most countries privacy of the individual will trump the privacy of a business/entity, unless that individual has to give up certain privacy just to participate. (See FB and others in that regard)
12:57 am on July 24, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member whitey is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 28, 2005
posts:3072
votes: 27


I just came across this good read, triggered from our discussions and found it immensely enlightening. Thought I'd publish it here as a helpful resource to anyone who could benefit from it. It covers :

- Major global trends observed
- Best practices observed
- Authorities who participated globally

Any comments ?

Australian Privacy Commissioner, Timothy Pilgrim, said the results of the sweep were mixed with 83% of the sites having one or more issues in the following areas: 'easy to find', 'easy to read', 'contacts for further information', relevance and length.

'It is a concern that nearly 50% of website privacy policies were difficult to read. On average, policies were over 2,600 words long. In my view, this is just too long for people to read through. Many policies were also complex, making it difficult for most people to understand what they are signing up to,' Mr Pilgrim said.

'We did see some instances where organisations provided both a simplified and full policy to assist their customers to understand what will happen to their personal information. This attempt to use 'layered' privacy policies is encouraging.'



Major global trends observed

•Participants found too many websites with no privacy policy whatsoever. Among the total 2,186 websites and mobile apps examined, 23% had no privacy policy available. A greater proportion of large organisations typically had privacy policies on their websites, in comparison to small and medium-sized organisations.

•One-third of policies raised concerns with respect to the relevance of the information provided. In some cases, sites would make brief over-generalised statements about privacy while offering no details on how organisations were collecting and using customer information. Many policies used 'boilerplate' language which did not take into account the relevant privacy jurisdiction. Too often, there was limited information on how organisations were collecting, using and disclosing personal information as it related to their business model.

•Approximately 33% of privacy policies viewed raised concerns with respect to their readability. Many of these policies quoted directly from applicable legislation. In doing so, these policies provide limited benefit to the average consumer seeking a clear and concise explanation of how their information is being collected and used.

•Mobile app privacy policies lagged behind those found on traditional websites. 92% of mobile apps reviewed in the sweep raised one or more concerns with respect to how they present information about their privacy practice, and 54% had no privacy policy at all. In some cases, organisations simply provided links to privacy policies for their websites which did not specifically address the collection and use of information within apps.


Best practices observed

•Many organisations had privacy policies that were easily accessible, simple to read, and contrained privacy-related information that consumers would be interested to know, which demonstrates that it is possible to create transparent privacy polices.

•Many described what information is collected, for what purposes it is used, and with whom it is shared.

•Some of the best examples observed during the sweep were policies that made efforts to present the information in a way that was easily understandable and readable to the average person. This was accomplished through the use of plain language; clear and concise explanations; and the use of headers, short paragraphs, FAQs, and tables, among other methods.

•A majority of organisations (80%) ensured that their privacy policy included contact information for the particular individual with responsibility for privacy practices within that organisation. Providing more than one option for contacting that individual (eg mail, toll-free number and/or e-mail) is a thoughtful way of ensuring there are no barriers to contacting an organisation about its privacy practices.

•Some policies observed had been tailored for mobile apps and sites, going beyond simply providing a hyperlink to an organisation's existing website privacy policy. Recognising that explaining privacy practices can be difficult on a mobile platform with a small screen. Organisations are encouraged to find innovative ways of conveying their privacy policies on mobile devices.


Authorities who participated
•Office of the Australian Information Commissioner
•Office of the Privacy Commissioner of Canada
•Information and Privacy Commissioner of British Columbia
•Data Protection Inspectorate, Estonia
•Office of the Data Protection Ombudsman, Finland
•Commission Nationale de l'Informatique et des Libertés, France
•Federal Data Protection Commission, Germany
•Data Protection Commissioner of Berlin
•Data Protection Commissioner of Rhineland-Palatinate (Rheinland-Pfalz)
•Data Protection Supervisory Authority of Bavaria
•Data Protection Commissioner of Hesse
•Data Protection Commissioner of Brandenburg
•Office of the Privacy Commissioner for Personal Data, Hong Kong
•Office of the Data Protection Commissioner, Ireland
•Office for Personal Data Protection, Macao
•Office of the Privacy Commissioner, New Zealand
•Data Protection Authority, Norway
•Information Commissioner's Office, United Kingdom
•Federal Trade Commission, United States

[oaic.gov.au...]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members