Talk:Privacy policy

From Wikipedia, the free encyclopedia

Contents 1 New Article 2 Legally binding? 3 Goverment sites 4 Misc 5 Seeking Good and Bad terms for analysing privacy policies 6 Is information associated with your computer "personal information"

[edit] New Article

I've changed this entire article. See the message left on Gabriel Kent's talk page. —OvenFresh☺ 23:10, 28 Dec 2004 (UTC)

[edit] Legally binding?

I was wondering whether privacy policies are actually legally binding. I noticed that my added description of P3P was changed from a guarantee to an offer. I assumed that the point of privacy policies is that they give users additional legal rights, or took them away where relevant, to get out of the uncertainty of implied law. If this is so, it ought to be mentioned in some form or other. --BigBlueFish 10:28, 22 November 2005 (UTC)

I think you are right - in that the privacy policy will often form part of the terms and conditions and therefore be part of any contract, and also that it might form the basis for any permission for the purpose of privacy laws. I made the change of wording because it fitted better with what the browser is doing. I think common sense suggests that you can't guarantee that an unknown website will be honest about its intended or de facto privacy policy. This is one of the main criticisms of P3P. So I agree with you, but I didn't think the word guarantee was quite accurate in that context. It merits more discussion in the article. zzuuzz ^(talk) 16:35, 22 November 2005 (UTC)

Agreed... Although I accept the new wording, it should be noted in this case that privacy policies are guarantees of a sort; legal ones, that is. The theoretical point of P3P is that should someone provide a false privacy policy and you used the site because of it, the site owners could be sued under the Data Protection Act. It's the fact that this kind of legal retribution is only really relevant to big cases that makes it a poor logical guarantee. As you might be able to tell, I'm not a lawyer! Hopefully somebody will be able to approach this in correct terms for the article; I'm leaving it alone for now --BigBlueFish 19:24, 22 November 2005 (UTC)

[edit] Goverment sites

Are goverment sites required to have a privacy policy? —The preceding unsigned comment was added by Frap (talk • contribs) .

It surely depends on the government. Broadly speaking, in Europe, if personal data is going to be processed then the individual has certain rights to be notified about the purposes it will be used for. This does not usually include IP address (web browsing logs), because they are not usually related to the individual. However if personal information is being gathered then the individual should be notified. The Privacy Policy is the most common means of doing this, but equally valid is to let them know at the point of data entry. In Europe, to the best of my knowledge, there is no additional requirement for government sites. -- zzuuzz ^(talk) 22:48, 23 June 2006 (UTC)

[edit] Misc

A privacy policy might talk about e-mail spam, mailing-lists, opt-in/opt-out, if use SSL, logs, data retention, links to other sites, etc...? -- Frap

In my experience, a privacy policy is highly unlikely to mention spam. It is common to mention whether details will be passed to third parties, and/or used for marketing. And to provide information about opt-outs (in some cases this is a legal requirement). Logs and data retention will normally be covered - but not always SSL. Cookies are also mentioned often. -- zzuuzz ^(talk) 22:50, 23 June 2006 (UTC)

[edit] Seeking Good and Bad terms for analysing privacy policies

Considering most privacy policies are fairly lengthy, and take at least a good few minutes to read. Many policies are not easilly comprehendable, and require some thought.

A feature I saw in the NetCaptor browser, called "privacy policy checker" seemed like a good attempt at providing a quicker method to determine the overall quality of a privacy policy from the user's point of view; ie, if the site would respect or abuse personal data.

As NetCaptor is now quite out-dated, and no longer actively developed, I'm planning to create an extension for Mozilla Firefox to analyse a site's privacy policy. The approach used by NetCaptor was to highlight the good and bad terms on the privacy policy page of a site, to give the user an overall idea of the quality of the policy at a glance.

• Firstly is this a good approach? - Are there better (more accurate) ways of analysing a privacy policy?
• Secondly, if term-matching is a good approach, how or where would I get a list of good and bad terms for privacy policies?

Obviously I could use the data from NetCaptor, but I'm concerned about copyright issues, and the data being out-dated; I'd rather do a good job than just slap something together. Any thoughts would be appreciated. -- Lee Carré 02:34, 15 May 2007 (UTC)

[edit] Is information associated with your computer "personal information"

Observe the following cleverness in the Adobe Flash Terms of Service:

14.4 Settings Manager. Use of the Web Players, specifically the Flash Player, will enable the Software to store certain user settings as a local shared object on a your Computer. These settings are not associated with you, but allow you to configure certain settings within the Flash Player...

This statement "not associated with you" seems to indicate a telling loophole in virtually any privacy policy currently in existence. A policy could assure you that there are some limits on how personally identifiable information/personal information will be shared, but it or any other program can put information outside of the "accounts" on the PC (registry, windows directory, top-level directories etc), and then it isn't personal? Wnt (talk) 15:14, 5 February 2008 (UTC)