  |
|
|
||||
|
||||
Does Law Matter? Informational Privacy and Online Compliance in Israeli Web Sites
Michael Birnhack Buchmann Faculty of Law, Tel Aviv University Niva Elkin-Koren University of Haifa - Faculty of Law August 18, 2009 Abstract: Does law matter in the information environment? What can we learn from the experience of applying a particular legal regime to the online environment? Informational privacy (or, in European terms, data protection) provides an excellent illustration of the challenges faced by regulators who seek to secure rights and shape the behavior of online players. A comprehensive study of Israeli websites' compliance with information privacy regulation during 2003 and 2006 provides insight into some of these challenges. The study examined the Information Privacy Practices of 1386 active Israeli websites, i.e. the extent to which these sites comply with applicable legal requirements related to information privacy, and their other privacy-related practices. Information Practices were explored on three levels: first, we examined the legal requirements which apply to each Information Practice under current Israeli law (legal analysis); second, we analyzed the declared privacy policies posted on each website were analyzed; and third, we studied the actual Information Practices executed by each website as to data security. The findings show that Israeli websites perform poorly and have a low level of compliance with the legal requirements. Most websites do not provide privacy protection to users at the level required by the law. Websites routinely collect personal data from users, although the practice of collecting data is slightly lower among commercial and organizational websites than in other categories. Among public and private sector websites compliance was relatively low, from 16% to 22% of the websites that collect personal data gave users some sort of notice. The popular and sensitive websites, commercially owned by large corporations, had substantially better levels of compliance, while the most popular websites had the lowest number of violations. The overall picture that emerges from the findings is one in which the law seems to have only a relatively minor role in shaping users' 'privacy experience' online, with other forces and factors clearly at play. The findings may further suggest that information privacy regulation is most effective with commercial enterprises, which are better able to acquire legal advice and respond to potential legal liability. It is less effective with small enterprises and/or individual users who operate websites, because they usually cannot afford the somewhat sophisticated legal counsel that is required for establishing and maintaining a data protection policy. This is a troublesome conclusion, given the increasing threats to the privacy of users, in the Web 2.0 environment. Subsequently, the research findings' suggest that data protection regulation may not create one legal measure that fits all. Regulating the online behavior of various players may require different regulatory measures.
Keywords: privacy, data protection, information, informational privacy, user generated content, israel Working Paper SeriesDate posted: August 20, 2009 ; Last revised: October 05, 2009Suggested CitationContact Information
|
|
||||||||||||||
© 2009 Social Science Electronic Publishing, Inc. All Rights Reserved. Terms of Use Privacy Policy
This page was served by apollo2 in 0.281 seconds.
Download
Facebook
Twitter
Digg
Del.icio.us
CiteULike
