While it’s clear that our current American president has no privacy, Web privacy in America is quickly boiling down to two competing proposed standards: the Platform for Privacy Preferences (P3P) and the Open Profiling Standard (OPS). Microsoft and Netscape have each endorsed both technologies. Designed to allow individual users to determine how much personal information they disclose to Web sites, both technologies were developed in response to the American government’s policy of industry self-regulation with regard to personal privacy on the Internet.
On May 19, 1998, the World Wide Web Consortium (W3C) released its P3P working draft. P3P enables Web publishers to declare data-collection policies while allowing users to control the amount of personal information they disclose.
When a user visits a P3P-enabled Web site, the site’s data collection and privacy policies are displayed in the user’s browser. Based on the browser’s settings, the Web site automatically logs the user’s privacy preferences regarding what information can be gathered, whether the site is allowed to track the user’s activity, and whether the site is allowed to share the user’s information with third-parties. Each preference is negotiated between the user and the site.
For example, you visit a site that requires users to allow the host server to exchange personal information with third-parties. You’ve set your privacy preferences to disallow this activity. The site could refuse to admit you unless you agree to its terms and conditions or it could offer an alternative proposal. You may decide to allow certain sites to access a username and password you specify, and you might even allow some subscription-based sites access to your personal buying habits, based on what the site offers in exchange for your personal information.
Privacy advocates contend that P3P and similar systems (such as OPS) cater too much to marketers whose sole interest is in amassing the personal information of as many users as possible for resale to advertisers and other third-parties. Users who demand anonymity will simply be turned away at the door, some privacy experts say.
In the European Union (EU), however, the approach to protecting personal privacy is much different. European countries advocate—and in many cases have implemented—laws to protect personal privacy online. The European Union has flatly rejected both P3P and OPS technologies for use in Europe as inadequate. A June 1998 report released by the European Union states that both technologies possibly violate the EU’s Data Protection Directive which requires marketers to obtain individual permission before collecting demographic, marketing, or personal information.
The European Union’s Data Protection Directive, based on the idea that personal privacy is a fundamental human right, was passed into law in 1995 and became effective on October 25, 1998. The directive requires that European citizens be told for what purposes their personal information will be used when it is collected. Europeans have guaranteed the right to access information about themselves, are allowed to correct false or misleading information, and must be given notice and opportunity to opt-out of an information transfer to a third-party.
In early October 1998, the Global Internet Liberty Campaign released a study, Privacy and Human Rights: An International Survey of Privacy Laws and Practice, finding that more than forty countries have enacted, or are preparing, personal privacy protection laws. In some cases, especially in Eastern Europe and Central America, the laws are designed to remedy past human rights abuses. In other cases, like Canada, the laws are intended to stimulate ecommerce.
For American marketers, the section of the law causing the most concern is Article 25. Article 25 of the directive allows personal information about European citizens to flow to any of the fifteen member countries of the European Union. Information flow to a non-European Union country is permitted only if the non-European recipient country has “adequate” data protection. If adequate data protections are not present, any European Union member can embargo the information. Because the United States lacks a comprehensive personal privacy policy, most observers agree that data protections in the United States fail to meet the European Union’s adequacy standards.
President Clinton’s recent dilemma has probably only served to reinforce European beliefs that American privacy policies are “inadequate.”
0 responses. Comments closed for this article.