Despite concern voiced by some Internet users that their privacy is not being adequately protected when they surf and shop online, Web site privacy notices, with their micro-font, epic length and droning legalese, have done little to reassure them.
Europe may be leading the way in making online privacy notices more palatable, thanks to a European Union plan that proponents hope will spread worldwide. The E.U.’s committee on data privacy, also known as the Article 29 Working Party, issued a guidance on corporate privacy notices late last year, calling for layered, easy to read privacy statements.
The guidance, which is not mandatory, is beginning to take hold as companies such as Microsoft Corp. and Proctor & Gamble Co. have already rolled out revamped notices. Privacy statements are considered crucial in telling Internet users how their personal information will be used by companies. They explain whether data can be sold to third parties, for instance, and what the users’ rights are in accessing or correcting data.
The working party coordinated with privacy experts and corporate leaders to call for layered privacy notices in which information is presented in three tiers: short, condensed and full. Each layer should contain certain relevant information, such as the full name of the Web site controller and the purpose for processing information, and users can click through from the short notice to the full notice, depending on their level of interest.
The plan calls for using straightforward, easy to understand language and authors of the guidance say that although the information is provided in a more succinct form the privacy statements should still be complete. These sort of multilayered notices are also being examined by the Organization for Economic Cooperation and Development (OECD) and Asia Pacific Economic Cooperation (APEC), and advocates hope they will become the global standard for communicating privacy online.
It may help that some of the first companies to adopt layered notices, such as Microsoft and IBM Corp., are global concerns that seek to offer consistent information across their various online properties.
Microsoft, for example, has already launched the layered privacy notices on its MSN sites in France, Germany, Belgium, Spain, the Netherlands and the U.K. and has plans to roll them out on other global sites, according to Peter Fleischer, Microsoft’s director of regulatory affairs. IBM has layered notices on its European sites, as well as on its main U.S. property.
But reader-friendly privacy notices are still relatively rare and it may take a while to compel companies to follow the new guidelines.
Proponents of the new notices argue that they are key to fostering a sense of trust in online business, as well as making citizens fully aware of their online rights.
The U.S. and other countries have the same sort of concerns around improving online privacy, but consensus on a solution seems harder to come by.
“In Europe, unlike the U.S., the regulators have been focusing on the harmonization of privacy notices for many years,” Fleischer said.
The U.S. still has to negotiate a consensus with the various stakeholders, such as corporations, regulators and privacy groups, he added.
That said, certain U.S. groups such as financial services regulators are studying the layered notices and advocates hope that the standards will soon cover the worldwide Web.
“The layered notice is so compelling, it’s inevitable they will be rolled out further,” Fleischer said.