Minding Your Own Business: Privacy Policies in Principle and in Practice

Journal of Intellectual Property Law, Dec 1999

By Scott Killingsworth, Published on 04/19/16

Article PDF cannot be displayed. You can download it here:

https://digitalcommons.law.uga.edu/cgi/viewcontent.cgi?article=1180&context=jipl

Minding Your Own Business: Privacy Policies in Principle and in Practice

Journal of Intellectual Property Law Volume 7 | Issue 1 Article 3 March 1999 Minding Your Own Business: Privacy Policies in Principle and in Practice Scott Killingsworth Powell, Goldstein, Frazer & Murphy Follow this and additional works at: https://digitalcommons.law.uga.edu/jipl Part of the Contracts Commons, and the Intellectual Property Law Commons Recommended Citation Scott Killingsworth, Minding Your Own Business: Privacy Policies in Principle and in Practice, 7 J. Intell. Prop. L. 57 (1999). Available at: https://digitalcommons.law.uga.edu/jipl/vol7/iss1/3 This Article is brought to you for free and open access by Digital Commons @ Georgia Law. It has been accepted for inclusion in Journal of Intellectual Property Law by an authorized editor of Digital Commons @ Georgia Law. Please share how you have benefited from this access For more information, please contact . Killingsworth: Minding Your Own Business: Privacy Policies in Principle and in P MINDING YOUR OWN BUSINESS: PRIVACY POLICIES IN PRINCIPLE AND IN PRACTICE Scott Killingsworth" I. INTRODUCTION For e-commerce websites, having a privacy policy is no longer optional. Federal legislation, FTC enforcement, the European Union Privacy Directive, 1 economic coercion and consumer demand have all recently converged to create a new environment in which implementing a privacy policy is a business necessity for most, and legally advisable for all. In principle, privacy policies are simple: if your website collects individually-identifying information about visitors or customers, tell them how and why you collect the information, how it is used and to whom it is disclosed, and give them some choice in the matter. But the short history of personal privacy on the web is already replete with examples of how treacherous the execution of this simple formula can be: Internet icons like Yahoo, DoubleClick, America Online and GeoCities, and major corporations like United Airlines, have all stumbled on privacy issues. The hazards are many: first, the emerging legal rules, self-regulation models and web-community norms are all moving targets; second, though consistent in thrust, the legal rules differ in important details; and third, there is a noticeable gap between what is legal and what may be necessary to avoid a public-relations disaster. Applying these fragmented, evolving principles to a web-based business that is itself in constant flux can be like trying to thread a needle while roller skating on a boat in choppy seas. This article describes how to design a website privacy policy that will be effective both legally and in practice. It addresses specific issues that must be confronted in drafting and implementing a policy, and offers suggestions for * J.D., Yale University, 1975; B.A., Yale University, 1972. Mr. Killingsworth is Co-Chair of the Intellectual Property and Technology Group of the Atlanta and Washington firm Powell, Goldstein, Frazer & Murphy, and advises clients on licensing, strategic alliances, e-commerce and other technologyrelated business matters. He can be reached at (404) 572-6600 or at . Copyright 0 1999, V. Scott Killingsworth. All rights reserved. ' Council Directive 95/46, 1995 O.J. (L 281) 31 [hereinafter EU Privacy Directive]. Published by Digital Commons @ Georgia Law, 1999 1 Journal of Intellectual Property Law, Vol. 7, Iss. 1 [1999], Art. 3 J. INTELL. PROP.L. [Vol. 7:57 avoiding pitfalls. But we begin with context: the business pressures that make a privacy policy necessary and the legal principles that apply. II. "YOU HAVE ZERO PRIVACY ANYWAY. GET OVER IT." Scott McNealy's impulsive remark to a roomful of reporters2 could hardly be more politically incorrect, but it mirrors the perceptions of many on both sides of the privacy fence. On the one hand, some website operators have avidly exploited the Internet's special aptitude for harvesting, sifting, and remarketing information about visitors, often surreptitiously, with little if any respect for the wishes of the individuals involved. On the other, awareness of these zero-privacy practices has led many consumers to develop an abiding distrust of "the Internet,"3 with consequent misgivings about disclosing personal data or doing business online. Though concern about computers and privacy is nothing new,4 the Internet offers unique temptations both for collectors of personal information and for individuals who are asked to reveal it. A department store or mail order house may be able to deduce customer interests by tracking purchases, but on the Internet merchants can track not only what customers buy but also what else they look at and for how long. If the customer arrived at the merchant's site in the usual way, via a hyperlink from a referring site, the merchant's server logs will record the identity of the referring site, providing a source of additional clues about the customer's interests or browsing patterns. Instead of relying on hit-or-miss surveys to 2 P. Sprenger, Sun on Privacy: 'Get Over It' WIRED NEWS (Jan. 26, 1999) < http://www.wired. com/news/politics/story/17538.html>. McNealy is the Chairman and CEO of Sun Microsystems, which is both the developer of the Java programming language used to implement applets in web browsers and a member of the Online Privacy Alliance. ' Because similar personal information may be shared with a number of sites, and because there is a delay between the initial disclosure of information and the onset of such aggravations as unsolicited eelectronic mail (e-mail) messages, the exact source of the privacy invasions is often hidden from the consumer. This disconnection between cause and effect can lead to a "one bad apple" syndrome whereby the actions of a small number of irresponsible websites may be attributed to the Internet as a whole. 4 Many of the privacy concerns and principles discussed in this article can be traced to a 1973 study by the DEPARTMENT OF HEALTH, EDUCATION AND WELFARE, SECRETARY'S ADVISORY COMMITTEE ON AUTOMATED PERSONAL DATA SYSTEMS, RECORDS, COMPUTERS, AND THE RIGHTS OF CITIZENS. According to a 1992 survey, over two-thirds of Americans believed that "the present uses of computers are an actual threat to personal privacy" and that "if privacy is to be preserved, the use of computers must be sharply restricted in the future." Equifax-LouisHarrisConsumerPrivacySurvey, EQUIFAX EXECUTIVE SUMMARY 1992 14 (visited Nov. 3, 1999) <http://www.privacyexchange.org/iss/surveys/eqfx. execsum. 1992.html >. https://digitalcommons.law.uga.edu/jipl/vol7/iss1/3 2 Killingsworth: Minding Your Own Business: Privacy Policies in Principle and in P 1999] WEBSITE PRIVA CY POLICIES assess the efficiency of advertising in bringing customers to the store, web merchants can receive a database-ready audit trail detailing which customers clicked on which ads on their way to the site. Combined with personal demographic information gathered in a registration or transaction process-o (...truncated)


This is a preview of a remote PDF: https://digitalcommons.law.uga.edu/cgi/viewcontent.cgi?article=1180&context=jipl
Article home page: https://digitalcommons.law.uga.edu/jipl/vol7/iss1/3

Scott Killingsworth. Minding Your Own Business: Privacy Policies in Principle and in Practice, Journal of Intellectual Property Law, 1999, Volume 7, Issue 1,