Online Privacy Policies (original) (raw)
Related papers
Causes and consequences of consumer online privacy concern
International Journal of Service Industry Management, 2007
Purpose -Past research on internet privacy has examined various aspects of privacy regulation and consumer privacy concerns. The purpose of this paper is to develop a conceptual model that links anteceding environmental factors with the resulting consumer responses using the power-responsibility equilibrium perspective. Design/methodology/approach -An online survey of 182 net shoppers was conducted whereby respondents were asked to recall a recent web site registration that required them to provide personal information online. Findings -The results indicate that robust perceived business policies and governmental regulation reduce consumer privacy concern. More interestingly, the data show that a perceived lack of business policy or governmental regulation will result in consumers attempting to regain power balance through a variety of responses. As predicted, increased concern resulted in higher power-enhancing responses such as the fabrication of personal information, use of privacy-enhancing technologies and refusal to purchase. Practical implications -To reduce consumer privacy concern and subsequent negative responses, organizations need to pay close attention to their privacy policies through greater self-regulation, third-party accreditation and to ensure the presence of compliance mechanisms that support and check the marketing and collection activities of their organization and related parties. Regulators can reduce consumer concern by further defining and improving the legal framework for protecting consumer privacy on the internet. In addition, governments should consider overseeing third-party privacy accreditation as well as firm and industry self-regulation. Finally, to improve consumer perceptions of privacy protection, enhanced regulatory privacy protection should be communicated to the public along with a response outlet for privacy concerns so that consumers know that they should report privacy-related complaints to a regulatory agency. Originality/value -The paper examines how business policies and regulation influence consumer online privacy concern, and the resulting consequences on internet user behavior.
Information Technology & People, 2004
Many authors have identified fears about a lack of personal privacy online as a major disincentive to the take-up of e-commerce by private consumers. The publication of a privacy policy is encouraged by information and communications technology industry groups such as the Online Privacy Alliance, and by online certification bodies such as TRUSTe. Privacy policies are taken to reassure the wary, and thereby to overcome the disincentive to trade. This paper offers an account of an ongoing research project into the practical measures taken by organisations to publish their online privacy policies. Late in 2000, a total of 113 disparate web sites were identified that included some kind of explicit privacy policy and the visibility and content of the policy was analysed. The primary research into privacy policies is set in context by relating it to a discussion of the nature and role of trustworthiness in online relationships. This highlights a number of issues that need further attention on the part of some of the organisations in the survey.
36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the, 2003
We present findings from a longitudinal, empirical study of online privacy policies. Our research found that although online privacy policies have improved in quality and effectiveness since 2000, they still fall well short of the level of privacy assurance desired by consumers. This study has identified broad areas of deficiency in existing online privacy policies, and offers a solution in the form of an holistic framework for the development, factors and content of online privacy policies for organizations. Our study adds to existing theory in this area and, more immediately, will assist businesses concerned about the effect of privacy issues on consumer web usage.
Deficiencies in online privacy policies : factors and policy recommendations
2010
Online service providers (OSPs) such as Google, Yahoo!, and Amazon provide customized features that do not behave as conventional experience goods. Absent familiar metaphors, unraveling the full. scope and implications of attendant privacy hazards requires technical knowledge, creating information asymmetries for casual users. While a number of information asymmetries are proximately rooted in the substantive content of OSP privacy policies, the lack of countervailing standards guidelines can be traced to systemic failures on the part of privacy regulating institutions. In particular, the EU Data Protection Directive (EU-DPD) and the US Safe Harbor Agreement (US-SHA) are based on comprehensive norms, but do not provide pragmatic guidelines for addressing emerging privacy hazards in a timely manner. The dearth of substantive privacy standards for behavioral advertising and emerging location-based services highlight these gaps. To explore this problem, the privacy policies of ten large OSPs were evaluated in terms of strategies for complying with the EU-DPD and US-SHA and in terms of their role as tools for enabling informed decision-making. Analysis of these policies shows that OSPs do little more than comply with the black letter of the EU-DPD and US-SHA. Tacit data collection is an illustrative instance. OSP privacy policies satisfice by acknowledging the nominal mechanisms behind tacit data collection supporting services that "enhance and customize the user experience," but these metaphors do not sufficiently elaborate the privacy implications necessary for the user to make informed choices. In contrast, privacy advocates prefer "privacy and surveillance" metaphors that draw users attention away from the immediate gratification of customized services. Although OSPs do bear some responsibility, neither the EU-DPD nor the US-SHA provide the guidance or incentives necessary to develop more substantive privacy standards. In light of these deficiencies, this work identifies an alternative, collaborative approach to the design of privacy standards. OSPs often obscure emerging privacy hazards in favor of promoting innovative services. Privacy advocates err on the other side, giving primacy to "surveillance" metaphors and obscuring the utility of information based services. Rather than forcing users to unravel the conflicting metaphors, collaborative approaches focus on surfacing shared concerns. The collaborative approach presented here attempts to create a forum in which OSPs, advertisers, regulators, This thesis concludes two years in the Technology and Policy Program (TPP) focusing on online privacy policy. I am indebted to the Advanced Network Architecture (ANA) group, in particular my advisor, Dr. David Clark, for advice and direction. Dr. Clark provided excellent advice, insights, and references as this work developed from a simple survey of privacy policies into what is hopefully a contribution to the literature on privacy regulation. Dr. Clark patiently helped me unravel many of the interesting issues in this work. I would also like to thank Dr. Frank Field for support as the TA for ESD.1O and for allowing me to tack thesis topic feedback and discussion onto the end of TA meetings. In addition to the support of the ANA, I would also like to thank Daniel Weitzner and the Decentralized Information Group for their early support and feedback on this project. I would also like to thank Jim Rice and Mahender Singh of the Center for Transportation and Logistics for supporting my first year in TPP.
The Quality of Online Privacy Policies
Journal of Database Management, 2000
Privacy concerns and practices, especially those dealing with the acquisition and use of consumer personal information by corporations, are at the forefront of business and social issues associated with the information age. This research examines the privacy policies of large U.S. companies to assess the substance and quality of their stated information practices. Six factors are identified that indicate the extent to which a firm is dependent upon consumer personal information, and therefore more likely to develop high quality privacy statements. The study's findings provide practical and theoretical implications for information privacy issues, particularly for consumers who need to determine whether or not to disclose their personal identifying information to firms. The results illustrate the complexity involved in managing personal private information.
Information & Management, 2006
Privacy concerns and practices, especially those dealing with the acquisition and use of consumer personal information, are at the forefront of global business and social issues associated with the information age. Our research examined the privacy policies of the Fortune 500 to assess the substance and content of their stated information practices and the degree to which they adhered to the fair information practices (FIP).
Understanding Privacy Policies: Content, Self-Regulation, and Markets
SSRN Electronic Journal, 2000
The current regulatory approach to consumer information privacy is based on a "notice and choice" self-regulation model, but commentators disagree on its impact. I conduct a comprehensive empirical analysis of 261 privacy policies across seven markets and measure the extent to which they comply with the self-regulatory guidelines of the Federal Trade Commission (FTC), US-EU Safe Harbor Agreement, and others. I track terms involving notice, data collection, sharing, enforcement, security, and other practices, and create a measure of substantive protections. The average policy complies with 39% of the FTC guidelines issued in 2012, and there is no evidence that firms have updated their policies in response to these guidelines. Terms that require firms to bear costs or constrain their behavior are less likely to be included. Protections vary widely across markets, however: Adult sites offer the clearest notice of practices and report less data collection and sharing than other sites, while cloud computing firms report more extensively on data security practices. Overall, the results suggest that privacy policies are being shaped as much by market forces as by the current regulatory regime.
New Media & Society, 2007
Several surveys attest to growing public concerns regarding privacy, aggravated by the diffusion of information technologies. A policy of self-regulation that allows individual companies to implement self-designed privacy statements is prevalent in the United States.These statements rarely provide specific privacy guarantees that personal information will be kept confidential. This study provides a discourse analysis of such privacy statements to determine their overall efficacy as a policy measure.The in-depth analysis of privacy statements revealed that they offer little protection to the consumer, instead serving to authorize business practices which allow companies to profit from consumer data. Using public good theory as a foundation, policy implications are discussed.
Examining Internet Privacy Policies Within the Context of User Privacy Values
IEEE Transactions on Engineering Management, 2005
Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.
Privacy, fair information practices and the fortune 500
ACM SIGMIS Database, 2005
Prior studies used Web surveys to analyze the content of online information privacy policies and to assess whether or not the policies comply with a standard known as the Fair Information Practices. One assumption of these studies is that the main role of a privacy policy is to protect the consumer by communicating a firm's information practices. This paper employs Habermas's Theory of Communicative Action to uncover the much more complex and multifaceted roles that privacy policies actually play in a social context. Overall, the study's findings offer insights into the reflective nature of information privacy policies, specifically their role in social interactions among companies, consumers and government regulators.