Although businesses are required to have privacy policies posted on their Web sites, the statements, drafted by lawyers, are rarely read by consumers. After at least a year of research, including a series of privacy roundtables, the Federal Trade Commission (FTC) has concluded that in significant ways, privacy policies “are broken,” Maneesha Mithal, an FTC associate director, told attendees at a recent conference on the issue, sponsored by the Online Trust Alliance.
To fix the problem, the FTC wants to make privacy statements shorter and more understandable and to focus on growing consumer concerns about online data sharing, she said. A simple statement could tell users whether data would be shared with data brokers or marketers, for example.
Preferably, such notices would be available on a Web site near the data to be shared, she said. In many cases, when a consumer wants to make an online purchase, for example, “they aren’t going to spend 10 minutes reading a policy” first.
But at least one speaker was skeptical of a quick fix, noting that online data sharing is complex and constantly evolving. For example, it can be difficult to be sure what happens among all of the third parties, as was evident in a recent controversy involving the third-party sharing of user Web browser data obtained through flash-based cookies.
(To finish reading "Directing Privacy Policies at Consumers" from the January issue of Security Management, click here.)