The House of Representatives recently introduced a bill (pdf here) that, if passed, would significantly change the game of privacy regulation. The bill requires notice to and, in some cases, consent of an individual prior to the collection and disclosure of certain personal information related to that individual.
This bill will raise the bar for all businesses, whether on-line or off-line. It also promises to harmonize the US regulation with the higher EU standard.
However, one of the limits of this proposed bill is that it stresses the importance of privacy policies and privacy notices, while both the Internet industry and consumer groups seem to agree that privacy policies are ineffective since very few people read them and even fewer can understand their content.
You raise a good point. The proposed bill includes a list of 15 points which need to be addressed in the privacy policy... And, some of the points might require multiple paragraphs of explanation. For example, one paragraph requires disclosure of "the specific purposes for which the" information is collected. Companies may collect different information for different purposes. So, the explanation of what is collected and why could itself be very long and difficult for people to follow. And that's just one of the 15 things that need to be disclosed! On the other hand, if you don't tell people what information is collected, how can they make an informed choice?
ReplyDelete*Note - I am an attorney. However, the opinions stated herein are my own and not those of the firm and nothing herein is intended to constitute legal advice to anyone nor to create any kind of attorney-client relationship with anyone.
@ Emily -- This is exactly the reason why it is so hard to come up with something better than notices. Notices have become ubiquitous in all kind of consumer protection regulation (think about warnings in tort law, or in Prospectus documents filed with the SEC). So, until we are able to come up with a more effective tool to inform consumers and obtain "informed" consent, we are pretty much forced to rely on notices. Yet, it is necessary that such notices are at least written in plain language and not buried or hidden in some matrioshka-page of the website. And it seems to me that this transparence aspect will progressively become the real issue.
ReplyDelete