site privacy statements and seals
This page looks at privacy trust marks (also known as
web seals). It also considers the policy statements that
appear on some sites to identify the site operator's stance
It covers -
page is supplemented by a more detailed profile
about trustmark principles, research and schemes.
In practice privacy is often 'negotiated' on a site
by site basis by individual consumers. That negotiation
principle of informed consent (users of a site can choose
to provide information)
uneveness of national privacy legislation
absence of international privacy protocols (for example
there is no direct equivalent of the Berne Convention
harmonising national copyright
It relies on
formal privacy statements (which range from a general
indication that the operator recognises that privacy is
an issue to detailed contractual undertakings or exclusions
from the provisions of national law) and trust marks.
Three starting points for considering the nature of trust
in cyberspace are the detailed 1999 report
from the US National Academy of Sciences on Trust In
Cyberspace, the Informed Consent Online project
at Washington University and the 2001 Stanford Persuasive
Technology Laboratory report
on factors that affect credibility.
In essence, the privacy statement on a site is founded
on the principle of informed consent: individuals are
free to provide information about themselves on the basis
that they're aware of how the information is used (including
scope for verification/correction of that data). Not all
data identifies individuals - on this site for example
the level of detail may vary.
In principle statements should encompass
information is being collected, in particular data that
identifies an individual or that through profiling
might be used to identify an individual
it used, including provision to third parties
it is stored (and disposed of)
for correction of personal information
highlighted practical concerns regarding the shape of
privacy statements at the end of this page. Research into
the practice of of site owners suggests that some fail
to meet commitments in the statements, that some statements
are barely intelligible and that that statements are sometimes
The 2003 Americans & Online Privacy: The System
is Broken study (PDF)
for example argues that
of US adults who use the internet at home incorrectly
will not share their personal information with other
websites or companies
of adults who use the internet at home say privacy policies
are "easy to understand" but 66% of those
won't share data
believe that laws requiring use of a standard format
for online privacy statements are highly desirable.
As we've suggested in our Consumers guide
and the profile on
Trustmarks, a seal or trustmark is an advisory, rather
than a guarantee of performance.
It is an indicator that the site operator has agreed to
be bound by a code of practice, although the binding is
often weak and certification problematic.
Some observers, for example, have criticised the process
through which seals are acquired, in particular schemes
based on self-assessment. Critics argue that self-assessment
is inherently open to abuse by the unscrupulous or merely
Others note the poor performance of certifying bodies,
including prominent seal issuers such as TRUSTe,
characterised as slow to respond to consumer concerns
about abuses or lacking the resources to monitor compliance
with their rules and ensure that the trustmark is removed
from a site that breaches those rules. Three examples
are Natalie Regoli's 2002 Indecent Exposures in an
Electronic Regime paper (PDF)
and Jennifer Sweeney's 2001 Can The Internet Really
Police Itself? Self-governance and the 1998 Children's
Online Privacy Protection Act paper.
Still others note the plethora of competing trustmark
bodies, ranging from those that a restricted to a particular
jurisdiction to those with global ambitions and a presence
in all major markets. Our basic inventory of e-business
trustmarks is here.
The longterm viability of several of those marks is poor,
as they have not
substantial endorsement by regulatory bodies
a significant market share among retailers, service
providers and other commercial entities
appropriate credibility among a sufficiently large number
of consumers (whether individuals or businesses), either
in differentiation from competitors or for trustmarks
enough to enjoy economies of scale in marketing and
perspective is provided in Web Seals: A Review of Online
Privacy Programs, a 2000 report
by the Office of the Information & Privacy Commissioner
in Ontario and the Australian Federal Privacy Commissioner,
and by Anna Nöteberg's 1999 dissertation (PDF)
Trusting the Web? Web Assurance Seals for an Improved
Electronic Commerce Environment. The 2003 paper
Your Privacy is Assured - Of Being Invaded: Web Sites
With & Without Privacy Seals by Robert LaRose
& Nora Rifon noted that
is perhaps ironic that the Web sites that seek to publicize
their concern for consumer privacy by displaying privacy
seals were actually more likely to intrude on privacy,
at least in terms of the amount of personal information
that they requested from consumers. And, aside from
a greater tendency to deposit cookies, the unsealed
sites were no more likely to invade users’ physical
privacy through involuntary intrusions on their computers.
Naïve consumers who view seals as a form
of privacy protection may thus be disappointed.
highlighted other research regarding trustmarks in the
for this page.
For a vision, which we find unconvincing, that consumers
will embrace trustmarks and then seek "lovemarks"
see the interview
with Saatchi & Saatchi's Kevin Roberts. In practice it
is likely that major brands such as IBM, Amazon.com, ColesMyer,
Dell or LandsEnd have sufficient credibility (and recognition
among consumers) to obviate the need for trustmarks.
In practice there are five concerns about privacy statements
they are disregarded by the site operator
can't be readily found by a visitor to a site
can't be readily accessed and copied by most users for
study or later reference (eg comprise several pages
of text that is presented within a small box on a page
and cannot be printed)
written in legalese and/or formatted to minimise use
(eg very fine print,
all upper case, no subheadings or paragraphs)
a useful demonstration of some of the practical issues
study by the US Privacy Rights Clearinghouse (PRC),
a consumer advocacy body. Lost in the Fine Print: Readability
of Financial Privacy Notices examines business compliance
with new legislation - the Financial Services Modernization
Act (Gramm-Leach-Bliley Act) - that requires financial
institutions to send consumers yearly notices on how their
personal financial data is used.
The legislation has been strongly supported by consumers,
consistent with the range of studies suggesting that people
like to know what data's being collected and how it's
handled. It has also gained broad supported from industry,
particularly from those banks that perceive there's a
competitive advantage in demonstrating best practice in
the collection, use and disposal of personal data. Provisions
in the legislation permitting data sharing between all
entities under a corporate umbrella were an added incentive
for the major financial groups.
By the end of June 2001 every account holder in every
US financial institution was to receive a notice, under
the new legislation, concerning the protection of their
personal financial information. Most observers expect
that institutions will still provide data to third parties,
as that will be only be restricted if consumers actively
opt out (ie formally notify the bank, credit union or
other financial body).
Most of the notices were included with monthly account
statements. That is a traditional delivery mechanism:
in Australia financial service providers frequently notify
changed terms & conditions in fine print with such
statements or an accompanying glossy leaflet, most of
which are reportedly thrown away unread.
That's been a concern to bodies such as the Australian
Competition & Consumer Commission (ACCC)
and Financial Services Consumer Policy Centre (FSCPC)
at the University of New South Wales.
The PRC study examined the clarity of 17 financial privacy
notices from major financial institutions. It is backed
up by an information sheet
as an aid for consumers assessing other notices.
The notices are supposed to be written in a 'clear and
conspicuous' style with language that is 'reasonably understandable,'
a term which is not defined. Overall, the study found
that the privacy notices failed basic readability
tests and would not be readily understood by most US consumers.
The notices did not meet current US state readability
requirements for other financial documents, such as insurance
policies. We consider that readability is likely to be
even lower when the information is presented online.
The PRC study offers a useful encapsulation of key recommendations
for increasing the readability of privacy documents.
In line with work noted in our Accessibility guide,
it suggests that institutions should -
information in a clear and concise way
short explanatory sentences or bullet lists
concrete everyday words
the active voice
plain-language headings to assist navigation
boldface for key words
a typeface and type size that are easy to read
wide margins and enough line spacing.
US Federal Trade Commission, along with other regulators,
has held organisations to commitments about privacy made
on their site. One example is the PetCo settlement noted
in discussion elsewhere on this site regarding corporate
data losses through hacking and misplacement of unencrypted
electronic customer records.
Ari Melber commented in 2008 that privacy problems regarding
social network services,
such as Facebook,
is to -
that users can make informed choices. Taking a page
from the consumer protection movement, Congress could
simply require social networking sites to display their
broadcasting reach prominently when new users post information.
Just as the government requires standardized nutrition
labels on packaged food, a privacy label would reveal
the "ingredients" of social networking. For
example, the label might tell users: "The photos
you are about to post will become Facebook's property
and be visible to 150,000 people--click here to control
your privacy settings."
This disclosure requirement would push Facebook to catch
up with its customers. After all, users disclose tons
of information about themselves. Why shouldn't the company
open up a bit, too?
next page (the media