On-Line Privacy

by Lawrence Rosen

A privacy policy is a statement made by a web site owner that it will use your private information only for certain stated purposes. You are expected to review the privacy policies of the web sites you visit and to avoid those web sites that won't safeguard your private information according to your preferences.

Failure by web site owners to comply with their own published privacy policy may be actionable under the law, for example, as negligence or fraud. Gross recklessness or intentional misrepresentation regarding privacy promises also may result in a web site owner having to pay substantial punitive damages.

Most of us ignore on-line privacy, though. In our interactions on the Internet, for example, we no longer even bother to read the “Privacy Policy” statement that is a link on almost every page. We either assume that data about us is not being collected and disseminated by the web site owner without our express approval, or we no longer care that our private information is being shared.

As for me, I had concluded that the battle for my privacy was lost because I didn't have the energy any more to do what it takes to secure it. I stopped reading privacy policies. I even ignored the notices from my banks giving me the option to prevent the sharing of private financial data they held about me. (I bet the vast majority of readers of this article are just like me in this regard!) There is so much data gathering and sharing going on that protecting privacy seems to be impossible to worry about.

Then a friend of mine brought the P3P standard to my attention. Promulgated by the World Wide Web Consortium (W3C), the “Platform for Privacy Policy” standard empowers users to control their on-line privacy in a simple and effective way.

Danny Weitzner, the technology and society domain leader of W3C and the chairman of the P3P committee, described the new standard this way in his testimony before the United States Senate Committee on Commerce, Science and Transportation:

W3C and its members became concerned about privacy on the Web because people won't use the Web to its full potential if they have to face such uncertainty. The majority of users are perfectly willing to share some information on the Web. At the same time, basic human dignity demands that we have meaningful control over which information we chose to expose to the public. Our goal is to include in the basic infrastructure of the Web the building blocks of tools that can provide each user this basic control.

All you have to do for P3P to work is to instruct your browser to check whether web sites you visit support the P3P standard. You can elect to avoid those that do not support the standard, or you simply can be more vigilant about sharing your personal information with such web sites.

Your browser automatically retrieves, from P3P-enabled web sites, machine-readable XML information that encapsulates the web site's privacy policy. Thus your browser can determine whether the web site owner promises to safeguard your private information or whether it shares your information with others.

You can set your browser to refuse to visit, or you can refuse to share data with, web sites that don't satisfy your privacy preferences.

You no longer will have to read lengthy (and boring) privacy policies on each web site you visit. Instead, software built into your web browser, plugins or other tools can enforce your privacy rights automatically and effectively by exchanging XML data with the web site before you even get there.

Many of the major proprietary software companies, including Microsoft of course, participated in the W3C P3P committee. The resulting standard also has been supported by consumer-focused organizations, including the Electronic Frontier Foundation.

Our privacy rights have become so fundamental to us that they usually are taken for granted. But privacy must be hard won through diligence. The software tools we create have the potential to help us secure our privacy rights—and the P3P standard is one kind of software tool that does just that.

Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.

email: lrosen@rosenlaw.com

Lawrence Rosen is an attorney in private practice in Redwood City, California (www.rosenlaw.com). He is also executive director and general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).

Load Disqus comments

Firstwave Cloud