According to a new report from Forrester Research, Inc., 90 percent of Web sites fail to comply with basic privacy principles.
The report vehemently contradicts the findings of the Federal Trade Commission, which recently told Congress that industry self-policing is working.
Forrester feels that “most privacy policies are a joke.” It added that the vast majority of such policies, like those of the Gap, Macy’s and JC Penney, use vague terms and legalese that serve to protect companies and not individuals.
Few Follow Fair Information Guidelines
In addition, the report finds that just 10 percent of e-commerce sites adequately address the basic fair information guidelines that were established by the government and industry to protect privacy. The recent security breach of Microsoft’s Hotmail and the unintended profile usage in Amazon.com’s “Purchase Circles” underscore the problem.
Third-party Privacy Programs Not Being Used
Seal programs such as TRUSTe and BBBOnline have gained little traction, the report says. Truste has only 500 licensees and BBBOnline, which provides consumer complaint resolutions, has only 42.
Forrester adds that while e-tailers barely comply with weak privacy policies, new technology is enabling them to “collect, dissect and use even more personal visitor-behavioral data.”
Interactive Tools Become Digital Wiretappers
According the report, clever interactive tools such as Reel.com’s Mood Matcher — which helps customers find movies based on their moods — and PlanetRx’s personalized prescription filler make it possible for companies to collect “highly intrusive psychographic data that individuals would rarely provide on a standard registration form.”
In addition, Forrester said that there is growing industry pressure to share such data with “partners.” It reports that DoubleClick and BEFree already provide services such as advertising networks and affiliate programs across multiple sites. The report also indicates that there is an alarming trend among e-tailers to incorporate artificial intelligence tools into their storefronts — the same kind of tools used by government intelligence communities to covertly gather information.
Recommends FTC Take A Stronger Stand
Forrester concludes that without forceful action by the FTC, the privacy issue could easily spin out of control and hobble consumer e-commerce. The report suggests that the FTC, rather than pumping out reassuring messages to the industry, take the following steps:
Sound the warning signal early. Rather than burying its head in the sand, the FTC should be pushing companies to take bigger and faster strides toward complying with already established privacy principles.
Push for open profiles. Companies should be required to make customer profiles available to users, similar to the My CDNOW section of CDNOW. The profile should contain all partners with whom data is shared, the ability for customers to control who the information is shared with and the option to remove themselves from the list.
Pressure third party privacy firms. Because independent privacy groups like Truste and BBBOnline earn their money from e-commerce organizations, they become more of a privacy advocate for the industry — rather than for consumers. The FTC should call for a consumer-based organization to provide principles and redress.