Privacy Policies Missing On 77% of Web Sites

FRAMINGHAM (04/18/2000) - Web sites are increasingly informing consumers about what they will do with the personal information they collect, but 77% of the 30,000 busiest sites still don't have a stated privacy policy, according to a survey released last week.

The low rate of privacy postings is an improvement over the 1998 findings of the Federal Trade Commission, which held that 85% of the 1,400 sites surveyed collected personal data but that only 14% of them informed consumers about their data-sharing policies.

"It's a gradual improvement, and now it's up to the industry to take the next step," said Timothy Kane, director of privacy at Enonymous.com, which conducted the survey. Enonymous.com in San Diego offers privacy-related products and services.

Among the 1,000 most heavily trafficked Web sites, 63% post some type of policy, the survey said. However, many of those sites don't offer a lot of protection. The survey rated sites on a four-star system, with only 6% earning the top two ratings.

Enonymous.com's findings come amid growing debate about Internet privacy, and they suggest Web sites may be taking consumers' concerns to heart.

Oracle Corp. still doesn't have a privacy policy on its site. But since last year, it has had an "interim" notice posted that informs visitors that it's working on one. Joseph Alhadeff, senior director of global public policy at the Redwood Shores, California-based company, said Oracle is incorporating policies for various sections of its Internet site into a single statement for its main page.

"Users want to know [there's a privacy policy] when they go to a Web site," he said.

Nokia Corp. is also struggling to develop a unified privacy policy. The Nokiausa.com site has a posted policy, but the company's main home page, Nokia.com, doesn't. Nokia is formulating a global privacy policy that takes into account the legal requirements of all the countries in which it does business, a spokeswoman said.

At Newton, Massachusetts-based Cambridge SoundWorks Inc., company officials have another explanation for not having a posted privacy policy: Its site doesn't collect visitor data.

"It's an informational site to raise product awareness," said Web production manager Ann-Marie Alves.

But the company's Internet e-commerce spin-off, Hifi.com, has had a privacy posting since it launched last fall, Alves said.

Sites that don't compile visitor data have all the more reason "to put up a policy anyway," Kane said.

Though more sites are posting their policies, the statements generally don't protect consumers' interests, privacy advocates said. Kane noted that "many sites" use "slippery language" to reserve their rights to share consumer data.

"The survey accurately reflects that privacy policies are not delivering a lot of privacy," said Jason Catlett, president of watchdog group Junkbusters Corp. in Green Brook, New Jersey.

Join the newsletter!

Error: Please check your email address.

More about Federal Trade CommissionNokiaOracle

Show Comments