12.6 Voluntary privacy standards

Previous page
Table of content
Next page

12.6    Voluntary privacy standards

Given the current situation on the Internet and WWW, many people have the feeling that their privacy is silently going away. In this situation, there are two classes of people:

  • On the one hand, there are people who argue that government regulation is needed.

  • On the other hand, there are people who argue that industry- regulated privacy standards are needed ( mainly because government regulation tends to be too rigid, too costly to implement, and more difficult to repeal).

Industry-regulated privacy standards look particularly promising . Without-government regulation, however, these privacy standards will always be voluntary. The most important voluntary privacy standards refer to privacy seals and P3P. They are briefly overviewed and discussed next .

12.6.1    Privacy seals

In short, the idea of a privacy seal is to have an independent organization or company act as a trusted party that looks at the privacy practices of a Web site and decides whether the site conforms to a given set of criteria. Only if the site conforms to the criteria, is it allowed to display the corresponding privacy seal. The criteria differ in details. Most of them, however, require that a privacy policy be posted, and that ”according to this policy ”consumers be informed about the personal information that is being collected and how it will be used. As of this writing, there are two privacy seals that are widely deployed on the WWW: BBBOnLine and TRUSTe. In addition, there is an increasingly large number of privacy seals and programs that compete for market share. [29]

12.6.1.1    BBBOnLine

In the U.S., the Council of Better Business Bureaus has a long tradition serving as a standard-bearer for reliability and as a vehicle for consumer complaints. More recently, the Council of Better Business Bureaus founded a subsidiary named BBBOnLine [30] to promote trust and confidence on the Internet. BBBOnline, in turn , launched the BBBOnline Privacy seal and the corresponding privacy program.

12.6.1.2    TRUSTe

According to its Web site, [31] TRUSTe is an independent, nonprofit organization dedicated to establishing a trusting environment where users can feel comfortable dealing with companies on the Internet. The organization was founded in 1997 by the Electronic Frontier Foundation (EFF [32] ) and the CommerceNet Consortium. [33]

The privacy seal of TRUSTe is also known as trustmark [19]. It is awarded to Web sites that adhere to established privacy principles and agree to comply with TRUSTe s oversight and consumer resolution process. A displayed trustmark signifies to online users ˜ ˜that the Web site will openly share, at a minimum, what personal information is being gathered, how it will be used, with whom it will be shared, and whether the user has an option to control its dissemination . Based on such disclosure, users can make informed decisions about whether or not to release their personally identifiable information (e.g. credit-card numbers ) to the Web site.

12.6.2    P3P

In addition to the increasingly large number of privacy seals, the W3C launched the Platform for Privacy Preferences Project (P3P [34] ) to provide a platform for trusted and informed online interactions [20]. The idea is that a Web site may publish and make available a privacy statement in a format that is readable and understandable by a browser. The browser, in turn, can be configured to automatically decide whether it agrees with the privacy statement, and whether it wants to provide information to the Web site accordingly . To make this possible, P3P provides a formal language that the browser and Web site can use to talk to each another. As such, P3P is conceptually similar to PICS as discussed in Section 14.3. (in fact, P3P can also be seen as an outgrowth of PICS). There is some industry support for P3P. Most importantly, Microsoft Internet Explorer version 6.0 provides limited support for P3P. [35]

In spite of the fact that P3P provides an interesting technology that is also being adapted by the industry, it remains a voluntary privacy standard that is difficult to enforce. How do you, for example, enforce that all Web sites publish P3P statements, that the sites play by the rules, and that the P3P statements they publish correspond to the truth? Note that anybody can claim (in a P3P statement or using another language) that he or she plays by the rules. The difficult question is to decide whether this claim is justified. P3P is not particularly helpful in making this decision.

[29] Two examples are the Gold Privacy Seal ( http://www.goldprivacyseal.com ) and the site Guardian Privacy Seal ( http://www.siteguardian.org/guardian.nsf/sealinfo!OpenPage ).

[30] http://www.bbbonline.com

[31] http://www.truste.org

[32] http://www.eff.org

[33] http://www.commercenet.com

[34] http://www.w3.org/P3P

[35] Microsoft Internet Explorer s P3P implementation is controlled through the Privacy tab of the Internet Options control panel. Support is limited, because it mainly addresses the use of cookies.



Previous page
Table of content
Next page
Security Technologies for the World Wide Web
Security Technologies for the World Wide Web, Second Edition
ISBN: 1580533485
EAN: 2147483647
Year: 2003
Pages: 142
Authors: Rolf Oppliger
BUY ON AMAZON
Oracle Developer Forms Techniques
MySQL Clustering
Competency-Based Human Resource Management
Sap Bw: a Step By Step Guide for Bw 2.0
Junos Cookbook (Cookbooks (OReilly))
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy