A privacy policy? Who needs a privacy policy? Privacy is a mess. You’re building an online business, and you figure you have to have a privacy policy. But why? Is “because everyone else has one” a good enough reason? Ever wonder what you really need to know about privacy law? I mean … what you have to comply with as a business operating in an online environment?
Here, then, the first of several Frequently Asked Questions about privacy policies. Or to be more precise, here now some practical answers on privacy practices:
FAQ #1: Can I simply post a privacy policy and forget about it? Short Answer: No. Longer Answer: No, because as between posted statements and actual compliance, actual compliance is what’s required.
In today’s podcast, we discuss the Federal Trade Commission’s recently issued privacy proposals. My guest is Karen Neuman, a founding partner of St. Ledger-Roty Neuman & Olson LLP, a Washington, DC law firm that focuses on regulation of information technologies and communications law, including privacy & data security, mobile communications, the Internet, media, telecommunications and related transactional matters.
At the core of the new privacy proposal is the idea that the current system of self-regulation does not provide enough consumer protection. Basically, from the FTC’s perspective, people do not pay enough attention to the data-collecting activities of websites and not enough companies are up-front about the data they do collect from visitors to their sites. The FTC says that while many companies detail their data collection through privacy policies, consumers bear too much of a burden in having to sort through such long, legalistic documents.
Among other proposals, the FTC’s new framework would require a “Do Not Track” option, much like the one we currently have to avoid telemarketers. “Do Not Track” would essentially prevent companies from tracking things like your browsing history and buying habits, making it much more difficult for them to target consumers with personalized ads. The proposal also aims to have companies incorporate more consumer protection into their business practices through simpler, more transparent options and by allowing consumers more access to the data being collected about them. The FTC issued its proposed rules just last week, and requested public comment from both businesses and the public.
Please click play on the audio player below to hear the podcast.
What is the legal significance of a website’s privacy policy?
That question lingers when reviewing such policies for legal compliance and for consistency with a company’s actual practices. Problem is, lawsuits involving claims of breaches of privacy policies have failed even in cases of clear and egregious violations by the service provider, where there was an absence of a showing of actual damages.
Eric Goldman cites a number of cases in his blog, including a prominent class action in 2005 against Jet Blue Airlines for voluntarily turning over passenger names to a government contractor, in clear violation of the airline’s stated privacy policy. Policies commonly permit the service provider to disclose information in response to a government demand. Yet, Jet Blue won dismissal despite any such disclosure right in its policy.
Last week, Facebook joined the social media craze of “checking in,” with its new service called Places. The move indicates an increasingly popular trend, pioneered by services like Four Square. Whether at a famous historical landmark or their local Starbucks, people use location check-ins to let friends know where they are and earn badges for covering more ground.
Some think the next phase in the check in revolution is coming soon to a couch near you. Entertainment could be the next big thing that draws users to check in and share what they’re doing with others. Services like GetGlue, Miso, and Philo encourage you to share what you’re watching and engage with people doing the same. Besides the social networking incentive to interact with fellow fans of your favorite shows, these applications offer tokens and badges for every time you keep up with the Kardashians or tune in to see what Snooki will do next on Jersey Shore.
Spend any time on the Internet and – like the naif in the ‘Casablanca’ gambling room dumbfounded when the wheel comes up 22-black twice in a row – one’s bound to ask, ‘Say, are you sure this place is honest?’
This sort of thing seems oddly hilarious and at the same time naïve in the same way as the fool in Casablanca, in whose defense one could at least say it was a different time. Last I checked, there was no giant sign over the entrance to the internet saying “tread warily here”, although Felten’s point about the sensitivity of individuals to words being written about them is hardly a new concept. Just one small point of reference: I handle a fair amount of pre-publication review of publications for libel (i.e. in advance of actual publication), and one thing I usually drill into my publishing clients is being somewhat sensitive to the litigatory likelihood of the person about whom words are being published.
I’m not saying shy away from controversial journalism, and it’s advice that probably did not compel the muckracking vision of Woodward and Bernstein or the “American Century” mantra of Henry Luce. Nonetheless, don’t ask a libel lawyer for advice unless you’re willing at least to consider whom you’re writing about if one of your goals is simply to avoid getting sued.
Publishers are worried about cookies, specifically talk of regulatory action on the privacy front. What’s the story here?
A Privacy Policy might typically say something like this:
“A ‘cookie’ is a small text file on your computer’s hard drive that our Web site uses to collect information about how you use our site. The cookie transmits this information back to our Web site each time you visit a page on our site, thus allowing us to identify our most popular pages, features and data.”
To someone not working for an ad agency or at a publisher or for, say, Google, reading these terms, what they might read could be summarized like this: “Software … embedded in my computer … I have no choice … it stays there forever and ever … it will watch my every move and report back to its masters and possibly the government … my wife might find out.”
What does it mean to give up privacy? Adam Cohen wrote last week in the NY Times about the demise of “locational privacy”: your right – presumably it’s a “right” – to keep a lid on who knows where you are. Cohen’s onto something bigger than just a rant against modern technology. The problem with modern technology is that we tend to like modern technology!
I watched the great television show “Madmen” last week, about life in a Madison Avenue advertising shop in the early 1960s. No cell phones, no computers, no electronic building entry devices assigned to individual users, no EZ Passes, and probably very few credit cards. Ad man Don Draper visits his various mistresses without concern that his wife might try to reach him on his cell phone. Or for that matter, as Cohen writes, any worry that he might simply be lugging around his own personal tracking device: “If your phone is on, even if you are not on a call, you may be able to be found (and perhaps picked up) at any hour of the day or night.”
