P1: c-146Everett-Church
Everett-Chruch-1 WL040/Bidgoli-Vol III-Ch-08 July 11, 2003 11:46 Char Count= 0
CONCLUSION 105Trustmarks
There are several independent, industry-sponsored orga-
nizations that will certify a company’s privacy policy to
improve consumer perceptions. Upon certification, they
permit sites to use their “seal of approval,” sometimes
referred to as a trustmark, to demonstrate to the public
their commitment to privacy concerns. The most popu-
lar privacy seal programs—TRUSTe, BBBOnline, and CPA
WebTrust—certify the validity of the policies on many
thousands of Web sites. The growing use of these trust-
marks does seem to be having an effect: an August 1999
study found that 69 percent of Internet users said that
they recognize the TRUSTe seal, the most widely adopted
of the privacy seal programs.
Seal programs verify that a Web site’s privacy policy
covers certain privacy topics (like the use of cookies and
sharing data with third-party marketers). The seals do not
set any specific quality standards, benchmarks, or spe-
cific data handling practices, however. As such, a com-
pany’s site could, theoretically, earn a seal for making the
required disclosures, even if in the course of the disclo-
sure it reserves for itself the right to make whatever use
of personal information it sees fit. This has been one of
the criticisms leveled at the seal programs, as has their
dependence on licensing fees from those entities they are
asked to police.Federal Trade Commission
Under their broad legislative mandate to proscribe decep-
tive and unfair trade practices, the FTC began reviewing
online marketing practices back in 1996. Soon the FTC’s
investigators were uncovering evidence of some egregious
behavior by a few online marketers. Major corporations
quickly distanced themselves from the bad actors but ac-
knowledged that privacy was a growing concern for online
consumers and promised the FTC that the industry would
do better at policing itself.
After numerous public controversies over well-known
corporations continuing to abuse consumer privacy, and
despite repeated pledges to adhere to standards promul-
gated and policed by the industry itself, surveys have con-
tinued to show that consumer perceptions of the potential
for privacy abuses by online marketers continues to be a
factor in consumer hesitance to embrace Internet com-
merce fully. In response, the FTC has sought on numerous
occasions to assist companies in adopting practices that
are more conducive to consumer confidence. These efforts
have focused on the well-worn mantra: notice, choice, ac-
cess, and security.
In December 1999, the FTC convened an Advisory
Committee on Online Access and Security (ACOAS) to
provide advice and recommendations to the agency re-
garding implementation of these basic fair information
practices. The committee, consisting of representatives
from the online industry, trade groups, academia, and
privacy advocates, sought to provide guidance on how
to solve the last two elements of fair information prac-
tices: access and security. Their report outlines many of
the problems with setting universal standards for access
and security, and in the end the committee came to few
conclusions (FTC ACOAS, 2000).Some six years after first looking into online privacy
issues, the FTC is still warning online companies that if
they do not clean up their act, stricter measures might be
required. During the intervening years, however, the FTC
has not been completely idle. In 1998, the FTC reached a
settlement with GeoCities, a personal Web site hosting ser-
vice, over charges that it misrepresented how user infor-
mation would be used and engaged in deceptive practices
relating to its collection of information from children.
Part of the settlement required GeoCities (now owned by
Yahoo!) to post, “a clear and prominent Privacy Notice,
telling consumers what information is being collected and
for what purpose, to whom it will be disclosed, and how
consumers can access and remove the information.” The
notice, or a link to it, was required on the Web site’s home
page and on every page where information was collected
(FTC, 1998).
In 1999, the FTC issued regulations implementing the
Children’s Online Privacy Protection Act, which requires
online businesses to seek permission from parents be-
fore gathering personally identifiable information from
children under age 13. It has since brought several en-
forcement actions to punish Web sites that have ignored
those regulations (FTC, 2003). In recent years, the FTC
has filed numerous actions against Internet-based fraud-
ulent schemes, get-rich-quick scams, and quack medical
remedies promoted via e-mail and on the Web. In 2000,
the FTC intervened in the bankruptcy sale of a customer
list belonging to defunct online toy retailer Toysmart.com.
The basis of the action was to prevent the list from being
used in any way inconsistent with the privacy policy under
which it was gathered (FTC, 2000). In 2001, the FTC set-
tled with pharmaceutical firm Eli Lilly and Company over
an e-mail that improperly disclosed the e-mail addresses
of hundreds of users of a prescription reminder service at
the Web site Prozac.com, in violation of the site’s privacy
policy (FTC, 2002).
The FTC has steadfastly refused to seek greater leg-
islative authority than its already broad mandate under
the Federal Trade Act to police unfair or deceptive trade
practices. The agency has threatened the industry that it
will indeed seek more specific privacy-oriented enforce-
ment authority if companies do not improve their self-
regulatory efforts. It must also be noted that the FTC is
just one governmental authority with the ability to prose-
cute privacy violations: Most state attorneys general have
state versions of the Federal Trade Act that enable them
to seek remedies similar to those available to the FTC.
Indeed, attorneys general in Michigan, Washington,
California, and Massachusetts have all been active in un-
dertaking privacy-related enforcement actions, and the
National Association of Attorneys General (2001) has held
many seminars on investigating and prosecuting Internet
privacy matters.CONCLUSION
Consumers and businesses alike are grappling with the
complex privacy concerns that the Internet era has
brought to the fore. This chapter is a necessarily brief
overview of the privacy landscape. Indeed, entire books
can—and have–been written about the ways Internet