|
 ABSTRACT
Numerous studies over the past ten years have shown that concern for personal privacy is a major impediment to the growth of e-commerce. These concerns are so serious that most if not all consumer watchdog groups have called for some form of privacy protection for Internet users. In response, many nations around the world, including all European Union nations, Canada, Japan, and Australia, have enacted national legislation establishing mandatory safeguards for personal privacy. However, recent evidence indicates that Web sites might not be adhering to the requirements of this legislation. The goal of this study is to examine the posted privacy policies of Web sites, and compare these statements to the legal mandates under which the Web sites operate. We harvested all available P3P (Platform for Privacy Preferences Protocol) documents from the 100,000 most popular Web sites (over 3,000 full policies, and another 3,000 compact policies). This allows us to undertake an automated analysis of adherence to legal mandates on Web sites that most impact the average Internet user. Our findings show that Web sites generally do not even claim to follow all the privacy-protection mandates in their legal jurisdiction (we do not examine actual practice, only posted policies). Furthermore, this general statement appears to be true for every jurisdiction with privacy laws and any significant number of P3P policies, including European Union nations, Canada, Australia, and Web sites in the USA Safe Harbor program.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Adkinson, W. F., Eisenach, J. A., and Lenard, T. M. 2002. Privacy Online: A Report on the Information Practices and Policies of Commercial Web Site. The Progress and Freedom Foundation.
|
 |
2
|
|
| |
3
|
Annie I. Anton , Julia B. Eart , Matthew W. Vail , Neha Jain , Carrie M. Gheen , Jack M. Frink, HIPAA's Effect on Web Site Privacy Policies, IEEE Security and Privacy, v.5 n.1, p.45-52, January 2007
[doi> 10.1109/MSP.2007.7]
|
| |
4
|
Asia-Pacific Economic Cooperation. 2004. APEC Privacy Framework.
|
| |
5
|
Australia Office of Legislative Drafting and Publishing. 1988. Privacy Act 119.
|
| |
6
|
|
| |
7
|
Black, H. 2005. On-line data brokers. http://www.privcom.gc.ca/legislation/let/let_051118_e.asp.
|
| |
8
|
Bowie, N. E. and Jamal, K. 2006. Privacy rights on the Internet: Self-regulation or government regulation. Bus. Ethics Quar. 16, 3.
|
| |
9
|
|
| |
10
|
Canadian Public Works and Government Services. 2000. Personal Information Protection and Electronic Documents Act.
|
| |
11
|
Cohen, J. 1988. Statistical Power Analysis for the Behavioral Sciences 2nd Ed. Lawrence Earlbaum Associates, Hillsdale, NJ.
|
| |
12
|
Copas, J. and Jackson, D. 2004. A bound for publication bias based on the fraction of unpublished studies. Biometrics 60, 146--153.
|
| |
13
|
Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J. M., Schunter, M., Stampley, D. A., and Wenning, R. 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. http://www.w3.org/TR/P3P11/.
|
| |
14
|
Lorrie Faith Cranor , Serge Egelman , Steve Sheng , Aleecia M. McDonald , Abdur Chowdhury, P3P deployment on websites, Electronic Commerce Research and Applications, v.7 n.3, p.274-293, November, 2008
[doi> 10.1016/j.elerap.2008.04.003]
|
| |
15
|
Cranor, L., Langheinrich, M., and Marchioni, M. 2002. A P3P Preference Exchange Language 1.0 (APPEL 1.0). http://www.w3.org/TR/P3P-preferences/.
|
| |
16
|
Cranor, L. F., Byers, S., and Kormann, D. 2003. An analysis of P3P deployment on commercial, government, and children's Web sites as of May 2003. Federal Trade Commission Workshop on Technologies for Protecting Personal Information, AT&T Tech. rep.
|
| |
17
|
|
| |
18
|
Cranor, L. F., Marchiori, M., Presler-Marshall, M., and Reagle, J. M. 2002. The Platform for Privacy Preferences 1.0 Specification. http://www.w3.org/TR/P3P/.
|
| |
19
|
|
| |
20
|
Earp, J. B., Anton, A. I., Aiman-Smith, L., and Stufflebeam, W. 2005. Examining Internet privacy policies within the context of user privacy values. IEEE Trans. Eng. Manag. 52, 2, 227--237.
|
| |
21
|
Serge Egelman , Lorrie Faith Cranor , Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet, August 13-16, 2006, Fredericton, New Brunswick, Canada
[doi> 10.1145/1151454.1151492]
|
| |
22
|
European Parliament. 1995. Directive 95/46/EC the protection of individuals with regard to the processing of personal data and on the free movement of such data. Union, Official J. L 281.
|
| |
23
|
Française, C. R. 2006. Comission Nationale De L'Informatique Et Des Libertes. http://www.cnil.fr/index.php?id=4.
|
| |
24
|
Julia Gideon , Lorrie Cranor , Serge Egelman , Alessandro Acquisti, Power strips, prophylactics, and privacy, oh my!, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
[doi> 10.1145/1143120.1143137]
|
| |
25
|
Hasselblad, V. and Hedges, L. V. 1995. Meta-analysis of screening and diagnostic tests. Psych. Bull. 117, 1, 167--178.
|
| |
26
|
Hogben, G. 2002. A Technical Analysis Of Problems With P3P V1.0 And Possible Solutions. Joint Research Centre.
|
| |
27
|
|
| |
28
|
Jamal, K., Maier, M., and Sunder, S. 2003. Privacy in e-commerce: Development of reporting standards, disclosure, and assurance services in an unregulated market. J. Account. Res. 41, 2, 285--309.
|
| |
29
|
|
| |
30
|
Karat, C., Brodie, C., and Karat, M. 2003. Views of Privacy: Business Drivers, Strategy and Directions, IBM Research.
|
| |
31
|
Lawson, P. and Vicq, J. 2006. On the data trail: How detailed information about you gets into the hands of organizations with whom you have no relationship. The Canadian Internet Policy and Public Interest Clinic.
|
| |
32
|
Lipsey, M. W. and Wilson, D. B. 2001. Practical Meta-Analysis. Sage Publications, Thousand Oaks, CA.
|
| |
33
|
Markel, M. 2006. Safe Harbor and Privacy Protection: A looming issue for IT Professionals. IEEE Trans. Prof. Comm. 49, 1, 1--11.
|
| |
34
|
OECD. 1980. OECD Guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html.
|
| |
35
|
Rajan, M. T. S. 2002. The Past and Future of Privacy in Russia. Rev. Cent. East Europ. Law 27, 4, 625--638.
|
| |
36
|
Ian K. Reay , Patricia Beatty , Scott Dick , James Miller, A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.151-164, April 2007
[doi> 10.1109/TDSC.2007.1004]
|
| |
37
|
Rice, J. A. 2007. Mathematical Statistics and Data Analysis. Thompson/Brooks/Cole, Belmont, CA.
|
| |
38
|
Safe Harbor Program. 2007. http://www.export.gov/safeharbor/doc_safeharbor_index.asp.
|
| |
39
|
Seligy, J. L. and Lawson, P. 2006. Compliance with Canadian data protection laws: Are retailers measuring up? The Canadian Internet Policy and Public Interest Clinic.
|
| |
40
|
Sheng, S. and Cranor, L. 2006. An evaluation of the effect of US financial privacy legislation through the analysis of privacy policies. I/S: A J. Law Policy Inform. Soc. 2, 3, 943--979.
|
| |
41
|
|
| |
42
|
Swedish Data Inspection Board. 1998. The Personal Data Act of Sweden.
|
| |
43
|
U.S. Federal Trade Commission. 1996. Health Insurance Portability and Accountability Act.
|
| |
44
|
U.S. Federal Trade Commission. 1998. Children's Online Privacy Protection Act.
|
| |
45
|
U.S. Federal Trade Commission. 1999. Gramm-Leach-Bliley Act.
|
| |
46
|
U.S. Federal Trade Commission. 2004. The Fair Credit Reporting Act.
|
| |
47
|
|
| |
48
|
Wenning, R. and Cranor L. 2006. The platform for privacy preferences (P3P) project. http://www.w3.org/P3P/.
|
REVIEW
"Giannakis Antoniou : Reviewer"
Many Internet users are under the impression that the privacy policy of a company-represented by the Platform for Privacy Preferences Project (P3P) protocol-is an accurate and legal statement. This is not always correct. This paper follows a
more...
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
K.4