Hitmetrix - User behavior analytics & recording

Update: Study Shows Gains in Net Privacy

Industry advocates were encouraged last week by preliminary findings from a new study on Internet privacy showing that most Web sites post some kind of online privacy statement regarding their use of consumers' personal information.

A study conducted a year ago by the Federal Trade Commission found virtually no privacy policies posted on the majority of commercial Web sites. Although the key findings of both studies can hardly be compared because of how differently they were conducted, the Georgetown University 1999 Internet Privacy Policy Survey makes it clear that in less than one year major companies doing business online have at least begun to engage consumers on the privacy issue.

The study, which looked at 364 commercial Web sites drawing 99 percent of the Web's traffic, found that 92.9 percent collect some type of personal information and that 65.7 percent warned that they were collecting data about their visitors.

FTC chairman Robert Pitofsky commended the Internet business community on its efforts, noting that they “deserve considerable credit for making progress over the last year.” He hinted in published reports that the numbers indicate self-regulation is working and new Internet privacy laws may not be necessary. The FTC will use the study to help complete its report to Congress on whether it needs to regulate online privacy.

H. Robert Wientzen, president/CEO of the Direct Marketing Association, said the report shows that the business world is capable of overseeing its actions even though there is more work ahead.

“We do have some things to do,” Wientzen said, “but the progress is quite notable.”

Leading consumer groups expressed serious concern at the report's revelation that less than 10 percent of all sites are abiding by the five critical guidelines called for by the FTC, the Clinton administration and leading privacy advocates.

Jerry Berman, executive director of the Center for Democracy and Technology, Washington, said some degree of legislation is still needed.

“I think the self-regulatory efforts that are being made deserve credit for moving numbers up,” Berman said, but he argued that all parties still need to “come together and develop the mix of self-regulation, regulation, technical tools and education to provide privacy protections across the Net.”

At the European Union's Delegation Commission to the United States, Gerard De Graaf, first secretary of trade to the United States, said the European community still will be looking at how the FTC eventually goes about enforcing posted policies in the United States because of the international issues involved relating to “safe harbor” agreements. “Overall, there appears to clear improvement,” he said. “It shows that industry is working hard. Hopefully, industry will accelerate its work.”

At the Electronic Privacy Information Center, Washington, executive director Marc Rotenberg was more direct. He discounted online privacy policies as “digital fine print” that mean nothing.

Wientzen characterized those still calling for Internet regulation based on the report's shortcomings as being predisposed to a particular point of view rather than an accurate assessment of the facts.

“The reality is that this is good news,” he said. “It demonstrates that self regulation can do the job.”

The study was conducted by Dr. Mary Culnan at Georgetown's McDonough School of Business. It was supported by the FTC and paid for by several companies and trade associations, including IBM, America Online, Microsoft, Compac and Ebay.

The survey's advisers included input from a diverse advisory group made up of leading consumer and privacy organizations, companies and trade associations. A random sampling of online sites was used for the study that were pulled from a Dun & Bradstreet pool of 7,500 of the most visited commercial Web sites bearing a .com URL address. Sexually oriented adult Web sites were excluded.

The study took place in January.

Of 364 commercial Web sites visited:

9.5% post comprehensive privacy policies.

65.7% post a privacy statement detailing at least one type of privacy disclosure.

36.3% post both types of disclosures.

92.9% collect “personally identifying information.”

56.9% collected at least one type of demographic information.

56.5% collected both personal identifying and demographic information.

Related Posts