The Future of Privacy Policies: A Privacy Nutrition Label Filled with Fair Information Practices

36 Pages Posted: 10 Jun 2009 Last revised: 7 Aug 2009

See all articles by Corey Ciocchetti

Corey Ciocchetti

University of Denver - Daniels College of Business - Department of Business Ethics & Legal Studies

Date Written: June 1, 2009

Abstract

E-commerce continues to blossom as evidenced by online retail sales in excess of $33 billion over the first quarter 2008. This growth helps spur the staggering economy but also magnifies the serious threats surrounding personally identifying information (PII) submitted during e-commerce transactions. The most common threats, such as identity theft and aggregated data files, do the most damage when companies are careless (i.e., losing laptops filled with unencrypted data) or callous (selling data on the open market) with the PII they collect. The first line of defense against these threats is the electronic privacy policy. In theory, privacy policies are supposed to force companies to analyze and strengthen their privacy practices and then provide Web surfers with a detailed picture of what happens to their information upon submission. Privacy policies are most effective when Web site visitors can locate, read and comprehend their terms. Armed with this knowledge, individuals are supposed to make accurate privacy assessments before submitting information online. Problematically, contemporary privacy policies fail to live up to their promise because they are posted inconspicuously, purposefully vague and filled with legalese. This inaccessibility leads Web surfers to ignore privacy practices completely while they continue to submit PII blindly.

Privacy policies can be effective if companies clearly and conspicuously discuss how their privacy terms relate to fair information practices (FIPs). FIPs are widely agreed upon guidelines covering the most important areas of the data trade - PII collection, use, storage and dissemination. The Federal Trade Commission has designated the five core FIPs to be notice, choice, access, integrity and enforcement. This article argues that a standardized privacy nutrition label - similar to the labels required by the Nutrition Labeling and Education Act - posted conspicuously on all e-commerce homepages can increase policy effectiveness. These federally mandated labels require companies to discuss their privacy practices in relation to each Key FIP. Although companies need not adopt specific policy terms or run their practices through a governmental clearinghouse, they must honestly disclose their practices. This is true of even the most unpopular practices such as external PII dissemination. Over time, consumers will become aware of these standardized labels, begin to understand FIPs, differentiate between privacy-protective and privacy-invasive practices and make better decisions before submitting PII.

Keywords: online privacy, privacy policies, e-commerce law

Suggested Citation

Ciocchetti, Corey, The Future of Privacy Policies: A Privacy Nutrition Label Filled with Fair Information Practices (June 1, 2009). John Marshall Journal of Computer and Information Law, Vol. 26, No. 1, pp. 1-46, 2009. Available at SSRN: https://ssrn.com/abstract=1417136

Corey Ciocchetti (Contact Author)

University of Denver - Daniels College of Business - Department of Business Ethics & Legal Studies ( email )

2101 S. University Blvd
Denver, CO 80208-8921
United States

HOME PAGE: http://www.coreyspeaks.com

Register to save articles to
your library

Register

Paper statistics

Downloads
159
rank
178,270
Abstract Views
2,363
PlumX Metrics