not a great deal in my opinion as no one ever reads them anyway. Unless you are an msn editorial staff member, then you read every tiny little thing and make the websites change it so they will display your ads. But they are not users as such

I doubt many apart from them actually read it.

So, what happens if a website posts an inaccurate privacy policy?

What happens if a website violates its own privacy policy?

This is a GREAT question
On another forum the mod is an attorney
hope he'll read it; without charging us :)

zilch. Who really reads them; they are all copied from each other any way:). IMO, they go by looks alone: if the site looks cheesy, no email.

The point is not if it was copied from another site
or if it is never looked at but:

So, what happens if a website posts an inaccurate privacy policy?
What happens if a website violates its own privacy policy?

Those two questions have some values; mostly the second one.

On another forum the mod is an attorney

So is this one, but we won't be dishing out free legal advice here I'm afraid. It's not appropriate, and causes all manner of legal issues for the foums owners.

Personally I find it quite important, but I'm probably particular about that kind of thing. It definitely makes a difference to me.

For the more average visitor, I wonder whether having a visible link to one actually makes a difference, whether or not it's actually read?

For the real estate a privacy policy takes up on a site, isn't it worth having one just in case?

Of course I understand and agree with you
My quest is not for legal advice per se
But more generally speaking
if this could even become a legal issue?
<<<
What happens if a website violates its own privacy policy?
>>>

IMO, I would think it would depend on if the violation was either ethical or criminal. For example, a web site states it will not sell your email address but does. I would consider that more of an ethical violation which probably has little recourse. However, if they USE you private information, especially credit cards, for gain, that would be criminal and probably fall under identity theft. Of course, that leads to a jurisdictional issue.

The other option is if the site is "certified" in some sense like "Truste" [truste.org ] or something. Then you would have some recourse through that company.

I know myself, I put up a privacy policy for two reasons: on e-commerce sites to reassure users their information won't be used, and to cover by a*s since I cannot always control what a client might do. I do know if I was contacted by a person claiming one of my clients violated some terms of service, if it was legitimate, I would probably terminate their service. As for legal recourse, we’re such a litigation happy society, I am sure there is a lawyer out there willing to take your money to pursue the web site.

[edited by: Marshall at 6:00 pm (utc) on May 18, 2007]

I do not know if any "Web Privacy" laws exist
However I would with a certain degree of certitude state that our laws are not evolving in direct proportion with the WWW growth.

Back to your email example, IMO this should be reprehensible:
If I entrust you with my email address upon reading your articles of privacy
And then if I am deceived I shall be legally compensated for your wrong doing

Whether or not anyone reads them is really unimportant. That your privacy policy is publicly posted and accurate is important. Anyone who values their data will read these. For example, a common one I see in various places,

"example.com often shares information with third party companies that provide services and products that may be of benefit to you"

Anyone who proceeds on a site like this deserves all the spam they get. :-)

I would be surprised if more than a small percentage read them and would also suggest that a large percentage of your average user doesn't even know what it is. Most users are not going to make a decision to provide information based on privacy policy and those that do would be foolish IMO.

One website that I maintain sells their products through a third-party website and this third party has no privacy policy posted, yet people buy stuff through them with their credit cards.

To hijack this thread a bit, what happens if a site changes their privacy policy after you've given them your info? Or some visitor claims (wrongly) that your privacy policy was much more restrictive when they signed up and you changed it later?

In the UK, and probably in other EU states, if you process data in other than the way you told the users you would, eg in your privacy policy, then you have broken the law and there are sanctions.

Rgds

Damon

borntobeweb has a good "devil advocate" point

DamonHD makes my day; too bad we do not implement such a system

I am in the U.S and I have a familly member mktg dr in one of the very major ad company (FR), she deals a lot with web I will ask her and report

People who actually do care about a privacy policy are the ones who worry me.

I get people who are concerned with such things now and again. As it turns out they end up having much more serious issues then the matter at hand, such as anger issues which have been placed on various things like solicitors, blocked caller id's, having messages which don't accept calls from blocked numbers etc. among other things including problems with the products they receive.

Hmm, I care because I already get 10,000+ SPAMs per day, and until I blocked it, up to 6 inches of junk paper mail every day. I've dropped my fax line too becuase it only received junk.

That's why *I* care about privacy (policies).

You should see my lack of anger management when my data is doled out carelessly...

Rgds

Damon

Its potential power and importance might in light of a few posts be disregarded due to some web owners/developers not foreseeing its role and as such treating it as “petty cash”

DammonHD,

It's funny you mentioned the junk faxes. That is actually a crime in the US. I use to receive them all the time and I too unpluged my fax machine. Of course, the sender always used a fake sender ID. Anyway, I once did call the "800" number on the fax to complain and the company said that they hired another company to send the faxes and have no control over them. FYI - I was a Police Chief at the time, so I called the attorney general office of PA. They told me there was nothing they could do about it unless I provided the identification of the sender. In other words, even if there is some violation, and in this case of an actual law, the people who are responsible to enforce them are not going to do a thing. Believe me, I know.

Hi,

Which is why EU data-protection law has this one reasonably right, making it a crime to mishandle data higher up the food chain, eg sell it without permission, long before it can get to the scum who SPAM you.

For example, by signing up with the mail preference service, companies using direct mail are obliged to screen mailing lists with it, else they can be shown to be careless with (mishandling) personal data. And thus it and the fax and telephone preference services do normally work reasonably well. Not quite well enough for me to keep the fax line, but OK.

Rgds

Damon

rocknbil

Whether or not anyone reads them is really unimportant. That your privacy policy is publicly posted and accurate is important. Anyone who values their data will read these.

I agree, but what is the point in reading them if they're just unenforceable marketing-speak?

ispy

People who actually do care about a privacy policy are the ones who worry me.

The truth is that I don't really care that much. As an information receiver, I usually don't have a privacy policy. Half the time, I hardly tell people what I'll do with the information at all, although I treat it respectfully anyway.

But, if a privacy policy is binding and/or enforceable in some way, then webmasters should pay attention to what they're saying and making sure it is accurate.

As an information giver, I don't care alot either. Almost every time I read a privacy policy, it's 10 minutes of reading to see that the information will be shared with whomever, whenever they feel like it.

That leads me to believe that privacy policies in general are put up as liability shield. (Not P3P, as that has some technical uses.)

But if there's no recourse for someone who violates their own privacy policy, that's just one more reason for me not to read them.

Back to the Privacy Policy

In many instances we hear “educate the users”
This applies in many ways, some posters mentioned:
Who’s reading those? Who really cares? Does it matter?
Among us there are developers working for their own good and developers working for clients, I run a small business that encompasses pretty much everything tied to corpo ID with emphasizes on web dev. As such I always develop in conjunction with my client a Privacy Policy, and speaking of education I do my best to make sure that while participating in developing their policy he/she understands that he/she ought to live by its words (The policy) as such it does the trick; it educates and makes the web owner thinking in terms of being responsible.

Where am I going with this? Well if we do our best to educate also the web owner those policies could have a real impact on privacy protection behavior.

There is one very important reason for having clear privacy policies on your client's website...

...a few months down the line your client will realise there are lots of email addresses etc. which have been collected in the course of business and will want you to build them something to spam them all. With the privacy policy to point you, you can refuse without offending.

VVV, Good point!
Glad to read that we are moving in the direction of defending the privacy policy.

Shouldn't you want to try to define what it is and what it does?

I'm sure it can be useful as a client training tool. There are lots of other ways to go about client training, though.

There is no “one size fits all definition” each policy is built upon specific needs
However for example email privacy and protection is indeed a prime topic.
Imagine that no policy is set: As suggested by vincevincevince after a while a decent amount of emails might have been collected thus triggering a call to mass spam/email/mktg
With a policy: the web owner is fully aware of its responsibility and risks, he/she has a decent opt-in opt-out system in place and each user is made aware of the privacy policy while registering.

What really matters is (Before going live) to clearly define the user experience, what is the user responsibility, what is the owner responsibility, foresee with the owner how he/she intends to use collected marketing data. Draw a line in between acceptable mailing and on the spamming edge unacceptable mailing.

Weight benefits and drawback
Set the policy
Clearly make it accessible
Obey by it
In the long run it will become very much of a benefit to the user and web owner

Since this is in the "General" section rather than "Ecommerce," I'll throw in an affiliate consideration. Some affiliate programs require a privacy statement, and their TOS may even give some specific language that needs to be included. The usual purpose is to make it clear that the customer is the merchant's customer rather than the affiliate's, and that any information gathering is done by the merchant. This is a policy I want to have easily seen on my site, so that anyone with a problem knows to go to the merchant with it - not me.

thanks everybody

I would be surprised if more than a small percentage read them and would also suggest that a large percentage of your average user doesn't even know what it is. Most users are not going to make a decision to provide information based on privacy policy and those that do would be foolish IMO.

Although I have to agree on this.

Anirudh

I think people are going to have to LEARN VERY FAST how to guard their privacy. "ID theft" is an expensive and fast-growing crime. General data misuses is a serious issue too.

Rgds

Damon

if you specify your e-mail address and data on a site then this company/site has to prevent the loss, misuse and alteration of data used by them. That is the main thing after all.