Privacy Policies: Perception vs. Reality
New paper: “What Californians Understand About Privacy Online,” by Chris Jay Hoofnagle and Jennifer King. From the abstract:
A gulf exists between California consumers’ understanding of online rules and common business practices. For instance, Californians who shop online believe that privacy policies prohibit third-party information sharing. A majority of Californians believes that privacy policies create the right to require a website to delete personal information upon request, a general right to sue for damages, a right to be informed of security breaches, a right to assistance if identity theft occurs, and a right to access and correct data.
These findings show that California consumers overvalue the mere fact that a website has a privacy policy, and assume that websites carrying the label have strong, default rules to protect personal data. In a way, consumers interpret “privacy policy” as a quality seal that denotes adherence to some set of standards. Website operators have little incentive to correct this misperception, thus limiting the ability of the market to produce outcomes consistent with consumers’ expectations. Drawing upon earlier work, we conclude that because the term “privacy policy” has taken on a specific meaning in the minds of consumers, its use should be limited to contexts where businesses provide a set of protections that meet consumers’ expectations.
Benjamin Wright • September 4, 2008 1:47 PM
Privacy policies are governed in good part by contract law. Contract law is a two-way street. Just as banks, web administrators and software vendors can communicate to visitors/customers what they assert to be the legal terms, customers can communicate back!
In principle, contract law does not favor either businesses or customers/users. As the future of privacy law unfolds, individuals may be able to use contract law to assert their legal terms on other parties, such as search engines or advertisers. Why shouldn’t a consumer be able to broadcast what she expects to be the legal terms under which she does business? –Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html My ideas are not legal advice for any particular situation; they are just ideas for public discussion.