Industry Self-Regulation

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Seal Programs

In an effort to forestall further government regulation, Internet companies were an early proponent of industry self-regulation and continue to encourage non-governmental oversight of online privacy. To that end, non-profit privacy seal programs, such as Truste and BBB Online, have emerged as industry accepted “auditors” of online data collection practices. Web sites voluntarily apply for a “seal” approving their privacy policies, agree to be subject to audit by the seal program and pay a licensing fee. However the seal programs have been strongly criticized in the wake of numerous privacy lawsuits alleging deceptive data collection practices, notwithstanding the appearance of a seal of approval.

P3P

The World Wide Web Consortium has endorsed a technology-based solution to managing user privacy. The Platform for Privacy Preferences (“P3P”) allows Web site operators to convey their data practices to consumers in standardized machine-readable code. Consumers, in turn, can use P3P User Agents (Web browsers or browser plug-ins) to interpret the code and compare it to their own privacy preferences. P3P User Agents warn users when a Web site’s P3Pexpressed data practices do not match the users’ privacy settings. Currently, Microsoft Internet Explorer 6.0 tops the list of User Agents, with about one third of Internet users. Because a P3P Privacy Policy includes representations and options such as choice-of-law provisions, legal review of the code-based policies is recommended. Without a P3P Privacy Policy in place, a site’s cookies could be blocked or impaired by Internet Explorer.