The privacy policy problem, Part 3: Opting out of opting out

A look at opt-out policies in general, and one in particular

In my most recent two columns, I've been discussing privacy policies. Today I want to look at some of the issues that can occur when you work with other organizations whose policies may differ from yours.

One of the sites I investigated where interested parties could fill in a form to request information included some information on opting out of receiving junk e-mail and other unsolicited marketing materials from itself, its business partners, and anyone to whom it chose to sell enquirers’ names.

The Privacy Policy included the following information:

E-mail Opt-out Options: Each marketing e-mail We send includes instructions and an opt-out link.

Refusing Cookies: Subject to the section below pertaining to cookies and Web bugs, you have the ability to prohibit being served an advertisement based on cookie technology. We utilize reputable third-party vendors to serve advertisements. If however, you are not comfortable with cookies, you can adjust the settings within your browser to further prohibit being served a cookie. Please see the browser’s instructions to perform this task.

The National Advertising Initiative (NAI) has developed an opt-out tool with the express purpose of allowing consumers to "opt-out" of the targeted advertising delivered by its member networks. You can visit the NAI opt-out page and opt-out of this cookie tracking

Other Options: If you would like to opt-out of Our promotional marketing, and would like to contact Us, please send Us an e-mail at privacy@ .com

Most people in the security field with whom I have discussed the issue argue strongly against opting-out as an acceptable form of control over the abuse of personally identifiable information. The European Coalition Against Unsolicited Commercial Email (EuroCAUCE) has a succinct explanation of the arguments; here is my summary of the issues:

  • Opt-out schemes cannot cope with the sheer scale of spamming. Spreading e-mail addresses from one spammer to another inevitably outraces attempts to react to each new source after the fact.
  • It is impossible to ensure that permanent do-not-spam lists are consulted by spammers.
  • There is no mechanism for supervision of compliance efforts.
  • There are no enforcement mechanisms to prevent abuse.

Join the newsletter!

Error: Please check your email address.

Tags privacy

Show Comments

Market Place