® BuscaLegis.ccj.ufsc.br
Lloyd L. Rich
Introduction
As we enter the new millennium
the World Wide Web ("WWW"), because it collects and disseminates
personal information, significantly impacts many personal privacy issues and
concerns. One major concern of privacy advocates is that when one travels the
WWW from one site to another is not the fact that they knowingly leave personal
information at particular sites but that they also leave information at sites
without their consent. The collection of personal information will continue to
expand as the WWW grows in importance and as a greater number of individuals
begin to use and purchase products and services from electronic commerce sites,
commonly referred to as "e-commerce sites". For many e-commerce sites
it may no longer really be an option to have a "privacy policy"
because in reality a privacy policy may already be obligatory or an essential
condition for successfully competing in e-commerce.
Developing and implementing a
personal privacy policy for the WWW should be a relatively straightforward
matter for those sites that collect personal information from visitors. This
policy should let the visitor know how and why the site collects the
information, how the site plans to use the information and whether this
information will be disclosed to third parties. Despite the apparent simplicity
involved in developing and implementing a privacy policy there have already
been many examples of major WWW companies, such as Yahoo, America Online and
GeoCities, and corporations, such as United Airlines, that have become
embroiled in privacy issues.
WWW privacy issue problems
emanate from a number of varied sources that include (1) uncertainties created
by the convergence of new legislation, self-regulation models and WWW standards
that are all continually evolving, (2) legislation that although it may be
consistent in its approach is often very different regarding specific details,
(3) sophisticated software products that permits the tracking and gathering of
data and the ability to include such data into customized marketing programs,
(4) an increasing commercial demand for consumer information and (5) and a gap
that may be widening between what is legal and what may be necessary to prevent
major embarrassment for an offending web site.
The complexity of privacy issues
involving databases and the WWW is further compounded because it involves a
variety of international, national and state laws, self-regulation models and
an increasingly evident consumer demand for the protection of one's personal
information. The result is that privacy law is constantly changing as the
e-commerce environment rapidly approaches a climate where it may become a
necessity, as well as legally advisable, for every Web-based business to have a
privacy policy on its site.
Establishing and implementing a
privacy policy on your site may now be obligatory if your site caters to
Europeans, children or is in an industry that regulates the collection of
information. With the passage of the "Children Online Privacy Protection
Act of 1998" ("COPPA"), which goes into effect in April 2000,
having a privacy policy has now become the reality for those sites that collect
information from children. However, even when a privacy policy is not
obligatory it may already be a necessity for e-commerce sites. This is because
of the actions of certain web site owners who have previously gained notoriety
and created unfavorable publicity by gathering personal information and
exploiting such information without any regard to an individual's wishes and
privacy.
A Web-based business requires
consumer confidence to be successful. However, even with the significant growth
of e-commerce, many consumers will still not register at web sites or transact
business on the WWW because of their concern with the privacy of their personal
information. Therefore, even though a privacy policy may not as yet be
obligatory one may be essential for attracting visitors and potential customers
to your site. This is because the posting of a privacy policy on your site should
significantly increase consumer confidence in your site and result in increased
traffic, registrations and purchasing transactions. Once you have developed and
implemented a privacy policy for your site you may further want to instill
consumer confidence by becoming a party to a "privacy seal" program
such as "TRUSTe" or "BBBOnLine"; these are e-commerce
counterparts to the more familiar consumer seal programs such as Good
Housekeeping and Underwriters' Laboratories.
Preparing a Privacy Policy
A FTC report, "Public
Workshop on Consumer Privacy on the Global Information Infrastructure"
(1997), stated that an effective WWW privacy policy must (1) identify the party
collecting the information, (2) state how that party intends to use the information,
(3) state how a visitor to a particular web site could limit the disclosure of
information, (4) provide consumer choice with respect to how the collector of
the information could use or disclose the information, and (5) provide consumer
access to any information that has been collected. At present, except for the
recent passage of COPPA, the FTC's review of WWW privacy has not as yet
resulted in formal regulatory action but instead has relied on consumer
education on one-hand and self-regulation and policing by trade associations,
individual companies and the Internet industry on the other. The FTC's ultimate
response will probably depend upon the success of these "informal"
privacy policy approaches.
Therefore, if you decide to adopt
a privacy policy for your web site or already have an existing one you should
make certain that it was or will be done correctly. Many of you may now be
asking if there is a standardized privacy policy that you could copy and use on
your web site or if you could generate a customized privacy policy by utilizing
the resources of the Direct Marketing Association or a "privacy seal"
program. The simple answer is "of course you can". However, as with
all such approaches the privacy policy you would create will only be a generic
policy rather than a policy that specifically addressed the requirements of
your business model and the activities taking place on your web site.
The more effective way to
establish a privacy policy is to make certain that it specifically addresses
all the important issues, including any special legal requirements that may be
applicable to your business. Therefore, the privacy policy you develop and
implement for your Web-based business must be tailored to your company's
specific business requirements, your visitor's privacy concerns and be written
in such a manner that it "works" for your web site's targeted
audience.
Preparing, implementing and
maintaining a functional privacy policy for your company's web site is a
company-wide activity that in order to be successful must involve the buy-in
and cooperation from the general management, product development, marketing and
sales, information services and Web design, and legal constituencies of your
company. The process for creating a privacy policy is not really very different
than it would be for any other business policy developed for your company. The
process should include (1) conducting an audit of what you are currently doing,
(2) evaluating your objectives, (3) formulating and preparing your company
privacy policies, (4) preparing the design for incorporating the privacy policy
on your web site, (5) implementing the privacy policy and (6) establishing
maintenance procedures to ensure the on-going functionality of the privacy
policy.
The second part of this article
will discuss specific guidelines for preparing and implementing your company's
WWW privacy policy as well as the specific requirements mandated by COPPA that
will effect the design of your site and the services that are targeted toward
the children who may visit your site.
Retirado de: http://www.publaw.com