YOUR PRIVACY IS ASSURED—OF BEING
INVADED:
WEB SITES
WITH AND WITHOUT PRIVACY SEALS
Robert LaRose, Ph.D
Department of Telecommunication
Nora Rifon, Ph.D.
Department of Advertising
rifon@msu.edu
ABSTRACT
Concerns
about consumer privacy are a leading reason for non-participation in electronic
commerce and other on-line activities. Privacy seals were developed as means of
addressing those concerns through industry self-regulation. Their purpose is to
assure consumers that certain basic privacy standards are being met by the Web
sites they visit and two leading seal authorities, TRUSTe
and BBBOnLine have emerged. The present research
assessed whether the two seal authorities delivered what they promise and
compared the privacy protection practices of sites that participate in the two
programs with non-participating sites. Privacy
policy statements were interpreted as a form of persuasive communication that
attempts to minimize the risks of providing personal information while
emphasizing the benefits of personal disclosure. Seal bearing sites were compared with a
sample of comparable sites to determine if the privacy practices of unsealed
sites differed. There were few differences in the privacy practices between
seal authorities: TRUSTe and BBBOnLine
participants offered about the same degree of privacy protection assurances and
were equally invasive with regard to the amount of personal information they
requested. However, unsealed sites offered nearly equal privacy assurances and
were significantly less invasive than
the sealed sites with respect to the amount of personal information requested.
However, seal program participants did provide superior access to information
and assurances of data security. Suggestions for the improvement of voluntary
privacy seal programs are offered.
KEYWORDS
Internet, privacy, seals,
content analysis
1. INTRODUCTION
Privacy remains an important issue on the
Internet. Two-thirds of Internet users
are concerned with the confidentiality of the Internet (NTIA, 2002; Cranor, Reagle & Ackerman,
1999; Hoffman, Novak & Peralta, 1999, Pew Research, 2000) and an equal
number see the Internet as a threat to their privacy (Cole, 2001). Privacy
threats may lower participation in commercial and social activities on line
(Pew Research, 2000) and are of particular concern to new users and women (Pew
Research, 2000) and to African-Americans (NTIA, 2000). Non-users see the
Internet as a privacy threat (Cole, 2001; NTIA, 2002), suggesting that on-line
privacy invasion is a deterrent to non-users as well.
These concerns may be well-founded. A
content analysis of leading e-commerce sites by the Federal Trade Commission
found that only 20 percent met the agency’s standards (FTC, 2000). These guidelines entail disclosure of privacy
policies, providing consumers choice and consent, access to their data, and
security of the data that is collected. Independent studies have revealed
continuing gaps in on-line privacy practices (Culnan,
1999; 2000; Miyazaki & Fernandez, 2000; Miyazaki & Krishnamurthy, 2002).
To
address the on-line privacy problem, fair practice standards are sought (FTC,
2000; Milne & Rohm, 2000). For
consumers, clear explanations of information practices are a first step toward
making a conscious decision to participate in a web site’s information
practices (Han & Maclaurin, 2002). The on-line
public also demands third party verification (Harris Interactive, 2002). The problem for Web site proprietors is how
to inform consumers without losing consumer trust and prompting avoidance
behavior.
Elsewhere,
notably the European Union (CEC, 1995), there are strong legal protections for
consumers. These include the right to control the release of information to
third parties and to inspect and correct private information. However, government regulation has not
proven to be an effective approach in the
Instead,
consumers, the Federal Trade Commission and industry leaders alike are all
hopeful that voluntary third party seal programs will provide a self-regulatory
solution. Several alternative seal programs have emerged, including TRUSTe, BBBOnLine, and HON. However,
the Internet user’s desire for convenience or pleasure may overwhelm rational
concerns about privacy. E-commerce sites in particular are laden with features
that seem calculated to overwhelm the consumer self-control and trigger
impulsive behavior (cf. LaRose, 2001). The complexity and mixed messages (cf. Anton &
Earp., 2001) of privacy disclosure statements and
unfamiliarity with privacy self-protection techniques are further barriers to
the effectiveness of privacy notifications. While users may be concerned about
privacy, they may not understand on-line privacy disclosures, be unable to
implement their own privacy protections, or be motivated by the blandishments
of Web site proprietors to ignore their own privacy concerns. Most Internet users routinely divulge
personal information in return for access to “free” information or for the
perceived benefits of having information personalized for them (Pastore, 1999a). The
promised rewards of incentive programs, coupons, discounts, and prizes may also
motivate disclosures (Pastore, 1999b) and a trade-off
between privacy and convenience is thought to be the crux of the on-line
privacy issue (O’Neill, 2001). Customer relationship management—the science of
building an exchange between Web site visitor and Web
site customer—may also subvert privacy concerns (Luo,
2002).
The purpose of the present paper is to compare
sites bearing the seals of the two leading privacy seal authorities with each
other and with a comparable control group of sites. It updates and improves
upon recent research comparing sealed and unsealed sites (i.e., Miyazaki et
al., 2002) by expanding the sample size: the small (n=20) cell sizes in prior
research may have lacked the power to detect distinctions between sealed and
unsealed sites. In addition to assessing compliance with voluntary privacy
guidelines as did past studies (Culnan, 1999; 2000;
Miyazaki & Fernandez, 2000; Miyazaki & Krishnamurthy, 2002), the present
research examines the consumer communication characteristics of privacy policy
statements.
2. A Comparative Analysis of Web site Privacy policies
2.1 Privacy Policy or Persuasion Attempt?
Thus,
the content of privacy policies and the use of privacy seals may be viewed as a
persuasion attempt on the part of Web site proprietors. Proprietors may use privacy policy statements
to persuade visitors to voluntarily disclose personal information necessary to
complete transactions or to ignore involuntary monitoring activities conducted
by the proprietor.
This
balancing of risks and rewards is consistent with a theory of privacy (Foddy, 1984) that describes competition between the desire to
avoid personal disclosures and the desire to set up exchange relationships for
mutual benefit (e.g. to complete an e-commerce transaction), to obtain desired
stimulation (e.g. to register for an online game), or to compare oneself with
others (e.g. to enter a chat room). Generally, the decision to make a
disclosure depends upon the closeness of the relationship, the risk to benefit
ratio involved in the disclosure, the situation, and reciprocity (Rosenfeld,
2000). Thus, Web site proprietors might influence the disclosure decision by building
a close on-going relationship, minimizing the perceived risks of disclosure
with their privacy practices, emphasizing the benefits of disclosure, creating
private situations with secure Web links, and reciprocating with additional
information, services and completed transactions when personal disclosures are
made. In privacy theory, deception
(e.g. using false on-line identities), equivocation (e.g. filling in ambiguous
address information), and hints (e.g., providing incomplete information) are
alternatives to full disclosure, strategies that are mirrored in the on-line
context (Sheehan & Hoy, 1999). We site proprietors would like to persuade
visitors to avoid these practices.
In this light, privacy seals may be seen as a
persuasion tool. For those who are not highly involved in privacy issues, they
are an attempt at persuasion through the use of peripheral cues that are easily
recognizable, familiar and attractive. Familiar sources that are viewed as credible, that is, trustworthy,
attractive and with expertise (Petty, Cacioppo &
Schumann, 1983; Atkin & Block, 1983) are used
heuristically to assess the meaning of the message. Thus, source credibility closely parallels
the concept of trust in Internet research (Luo, 2002;
Chadwick, 2001) that is predicated on the familiarity of the source (built
through repeated transactions or community relationships) and institutional
affiliations (i.e. with certification services). If privacy is a
high-involvement issue, then the privacy seal links to a detailed policy that
elaborates arguments in favor of making personal disclosures.
2.1.1 Privacy Seal Practices
But
what do privacy seals actually assure? The two leading seal authorities, TRUSTe and BBBOnLine both rely on
voluntary compliance with privacy policy standards consistent with the FTC’s
guidelines (disclosure, choice, and data security). There are differences. TRUSTe emphasizes procedures to assure the accuracy of
information. BBBOnLine prohibits the release of
personal information to third parties for marketing purposes even if consent is
obtained and requires “opt in” privacy for health, financial, political
preference, religious and other highly personal information. Both engage in
ongoing monitoring. TRUSTe
conducts periodic privacy policy reviews, CPA audits of privacy policies, and
“seeding” of private information to check compliance (TRUSTe,
2002). BBBOnLine monitors through random checks. Both
offer on-line verification of their privacy seals so that consumers can “click
through” the seal to verify the legitimacy of the seal.
Both
offer consumer complaint resolution although BBBOnLine’s,
modeled on the Better Business Bureau approach, is considered superior by some
(PerfectlyPrivate, 2003). BBBOnLine
posts consumer complaints online and also the follow-ups to those complaints,
with the threat of reporting violators to the FTC withdrawing their seal if the
complaints are not satisfactorily resolved. TRUSTe
requires that the consumer refer the complaint to the site and wait up to 30
days before submitting a complaint to the seal authority. TRUSTe
does not publish a record of complaints or their resolution (TRUSTe, 2002).
In
practice, the seal assurance programs have been less than perfect (PerfectlyPrivate, 2003). TRUSTe
was embarrassed to find it had violated its own standards by using
(unwittingly, it claimed) a third party to track identifiable information on
its own site. Two TRUSTe seal holders were found to
be forwarding personal information to a marketing company and while TRUSTe vowed to investigate and the transfer was eventually
terminated, the authority never published the result of its investigation. TRUSTe also failed to pursue complaints against Microsoft
and RealNetworks on the premise that software
glitches had inadvertently caused the breaches. Both authorities have been
criticized for granting seals to companies who were under investigation by the
FTC (GeoCities in the case of TRUSTe,
Equifax in the case of BBBOnLine).
2.1.2 Examining Privacy Policies
Prior
content analysis research (Culnan, 1999; 2000;
Miyazaki & Fernandez, 2000; Miyazaki & Krishnamurthy, 2002) examined
privacy seals from the perspective of the FTC guidelines and found gradual
improvement in complying with those guidelines. However, compliance with the
letter of the code authorities and FTC guidelines does not necessarily mean
compliance with the spirit of consumer protection. The context in which the seals are presented
and the text of privacy policies might present mixed messages to the consumer,
on the one hand warning about the dangers of yielding private information, on
the other hand arguing that these concerns are unimportant or offset by other
factors. The purpose of the present
study is to examine the seals as an act of persuasive communication as well as
an artifact of voluntary self-regulation. That is, we examine how privacy seals
may be part of a persuasive exchange process in which they serve as inducements
to make disclosures of personal information.
From
this perspective, it is important to consider the context in which the seals
appear. For example, when seals appear
prominently on the home page, next to the text of the privacy policy, and again
on pages where personal information is requested, that could represent an
invitation to forego reading of the text of the privacy policy and rely on the
presence of the seal alone to assure privacy. In so doing, is the Web site
proprietor “arguing” to low involvement visitors that they needn’t delve into
privacy policies too deeply? Overall, is the appearance of the seal a “smoke
screen” to obscure privacy intrusion?
And
if visitors delve more deeply, are revelations about privacy intrusions
countermanded by verbal arguments that stress the trustworthiness of the site?
Or do they remind visitors of the rewards for compliance, or the negative
consequences of failure to comply. For
example, statements affirming the proprietor’s concern for the visitor’s
privacy might be a verbalization of the same superficial trustworthiness
“argument” that the seals themselves represent. Reminders of the additional
services available when personal information is provided – or the ones that
will be withheld if the information is not forthcoming—are attempts to convince
the visitor of the benefits of supplying personal information.
In analyzing privacy policies from the
consumer’s perspective, distinctions between differing dimensions of privacy
should be recognized. Lee and LaRose (1994) synthesized
previous studies of privacy dimensions: Physical privacy, or solitude, is the
freedom from the undesired observation and intrusion on one’s senses or person.
Informational privacy, or anonymity, is control over the release of personal
data. Reserve, or psychological privacy, is control over personal information
to protect one’s thoughts and emotions. Intimacy, or interactional
privacy, is relevant to small group relationships as it preserves meaningful
communication among group members. The first two are especially pertinent here.
Informational privacy relates to voluntary disclosures of personal information,
the types of disclosures routinely requested during Web site registration
procedures. Conventionally, physical privacy relates to intrusions on one’s
person by unwanted sights and sounds or unwanted observation, such as the ring
of a doorbell or telephone. In the information age that extends to intrusion
upon one’s computer, including unwanted files, including cookies and
unsolicited email.
2.1.3 Research Questions
We
formulate these issues into the following research questions: 1. Is the there a
difference between sealed and unsealed Web sites in their degree of information disclosures
they request and their intrusiveness? 2. Do sealed and unsealed sites vary with
respect to their privacy practices? 3. Are there differences in requested
disclosures, intrusiveness, and privacy practices between seal authorities? 4. Are
disclosures and invasions related to the presence of verbal arguments in favor
of disclosure?
2.2 Research Methods
A
content analysis of 200 Web sites was conducted to compare sites with TRUSTe and BBBOnLine seals with similar
sites that did not participate in the leading privacy seal programs.
2.2.1 Sampling
Fifty
sites each were drawn at random from among the 1389 TRUSTe
(www.truste.org) sites and the 747 BBBOnLine (www.bbbonline.org) sites listed at the
time of the study. Comparison sites were drawn randomly from a list of the 4449
most visited Web sites supplied courtesy of NetRatings
(www.netratings.com). BBBOnLine and TRUSTe sites drawn
from the NetRatings sample were replaced. Adult sites
and business-to-business web sites were excluded from the samples.
2.2.2 Operational Definitions
Content
categories were built from prior studies (e.g., Culnan,
1999; 2000; Miyazaki & Fernandez, 2000; Miyazaki & Krishnamurthy, 2002)
to reflect the basic FTC guidelines of notice, choice, access and
security. Notice included statements
about general privacy assurances, what information was collected, how
information was collected, how the information would be used, and child
protection. Choice entailed statements
about conditions under which consumers could be recontacted
or have their information shared with third parties. Suggestions for privacy
protection were also noted. Access
included provisions for consumers to review or correct the information the site
collected and to file a complaint.
Security related to protecting information during transmission and
subsequent storage and whether an admission about the basic insecurity of
Internet communication was present.
Consistent
with the objectives of the present study, additional items relating to consumer
communication and persuasion, such as the location and prominence of seal icons
and the inclusion of statements about the benefits of information disclosure
were added. The position of the link
to the privacy policy page, whether the link is tagged with the word “privacy”,
its font size relative to the remainder of the home page, and whether the privacy
seal was visible on the main page was coded. On the privacy policy page the
position of privacy seal, the presence of site navigation and advertisements
was noted.
The
types of information requested of the consumer were recorded, including user
name, personal password, last name, e-mail address, street address, telephone
number, fax number, credit card number, social security number, demographics,
and personal interests. A disclosure index was computed by counting the number
of items of personal information requested by each site for voluntary
disclosure (mean = 4.47, S.D. = 2.39, range 0-9). For this purpose, demographic
and personal interest requests were treated as a single item even if multiple
requests were made in those categories.
An intrusiveness
index was computed by totaling the number of involuntary privacy invasions
(e.g. leaving cookies, recording IP information, sending email) each site
admitted to in its privacy policy (mean= 4.48, S.D. = 2.52, range= 0-10). Likewise,
a benefits index was computed by totaling the number of benefits of information
disclosure mentioned in the privacy statement (mean= 1.31, S.D. = 1.16, range
0-4).
2.2.3 Procedure
The
coding guide was pretested and modified to improve
reliability and coders were trained in its use. Coders were provided with a
spreadsheet containing the categories shown in Table 1 and a codebook
describing the definitions of each item. To help coders identify key components
of privacy policies, keywords were suggested (e.g. “children” when seeking
policy statements about child protection policies). Ten coders were divided
into teams of two, and each team member reviewed all of the Web sites assigned
to their team. Any responses that
differed between the two were then reviewed by the coders as a team and a
mutually agreed upon code was determined by referring back to the coding guide.
2.2.4 Data Analysis
The
results of content analysis were entered into the Statistical Package for the
Social Sciences, version 10.1 (SPSS, 2000) for statistical analysis. Comparisons
between sites registered with the two seal authorities and between sealed and
unsealed sites were performed using chi-square analysis. The attributes
analyzed at each site (e.g. the presence or absence of a privacy seal on the
page containing the privacy policy statement) were dichotomized, resulting in a
series of 2x2 tables. Two sets of
chi-squares were computed, one contrasted BBBOnLine
registered sites with TRUSTe sites. The other
compared unsealed sites with those bearing seals, combining sites from the two
seal authorities. On items where
attributes of privacy policies were compared, only those sites that had
policies posted were included (n=183). Fifteen of the “control group” sites but
also one each of the BBBOnLine and TRUSTe sites had no privacy policies available. Pearson
product-moment correlations were computed between indices of intrusiveness,
invasiveness, and stated benefits.
2.2 Results
The
results of content analysis are shown in Table 1. With respect to the amount of
information requested (intrusiveness), unsealed sites were significantly less likely to request last names (65%
of unsealed sites vs 78% for sealed sites), e-mail
addresses (75% vs 87%), or credit card numbers (27% vs 49%). There was only one significant difference between
sites participating in privacy seal programs and those not participating with
respect to the privacy violations that were acknowledged: nonparticipating
(unsealed) sites were more likely (77.6%) to acknowledge the placement of
cookies than sealed sites, taken as a group (64.2%).
Table 1. Content Analysis
Results
|
Item |
No Seal N=100 |
BBB OnLine N=50 |
TRUSTe N=50 |
|
1. INFORMATION
REQUESTED: |
|
|
|
|
User Name/Screen Name |
31.0 |
34.0 |
50.0 |
|
Personal Password |
47.0 |
46.0 |
68.0* |
|
Last Name |
65.0** |
82.0 |
74.0 |
|
E-mail address |
75.0** |
88.0 |
86.0 |
|
Street Address |
53.0 |
70.0 |
58.0 |
|
Telephone Number |
37.0 |
56.0 |
44.0 |
|
Fax Number |
1.0 |
8.0 |
2.0 |
|
Credit Card Number |
27.0** |
50.0 |
48.0 |
|
Social Security Number |
7.0 |
6.0 |
10.0 |
|
Demographics |
26.0 |
28.0 |
32.0 |
|
Interests |
3.0 |
4.0 |
2.0 |
|
2. OPTIONS FOR USING INFORMATION |
|
|
|
|
For alerts |
36.0 |
36.0 |
34.0 |
|
For market research |
7.0 |
2.0 |
4.0 |
|
For third Parties |
11.0 |
10.0 |
12.0 |
|
3. PRIVACY POLICY PRESENTATION |
|
|
|
|
Privacy policy linked from main menu |
10.6** |
22.4 |
18.4 |
|
Link tagged with "Privacy" |
83.5 |
91.8 |
91.8 |
|
Normal font size used |
39.3 |
38.8 |
40.8 |
|
Privacy seal visible on front page |
1.2** |
73.5 |
63.3 |
|
Seal visible on policy page |
2.4** |
73.5 |
93.8 |
|
Site Navigation Visible |
74.1 |
65.3 |
77.6 |
|
Ads Visible |
27.1 |
16.3 |
28.6 |
|
4. NOTICE |
|
|
|
|
Notice of Types of Information Collected |
80.0** |
98.0 |
98.0 |
|
Notice of How Collected: |
71.8** |
83.7 |
87.8 |
|
IP
Information |
45.9 |
20.4 |
59.2* |
|
Site
Registration |
68.2 |
67.3 |
83.7 |
|
Leaves Own
Cookies |
77.6** |
57.1 |
71.4 |
|
Tracks
In-Site Navigation |
32.9 |
18.4 |
24.5 |
|
Uses Web Beacons |
11.8 |
16.3 |
8.2 |
|
Third party
cookies |
37.6 |
24.5 |
30.6 |
|
Specifies Use of Data… |
|
|
|
|
To Send
email |
69.4 |
83.7 |
67.3 |
|
For
Marketing |
56.4 |
51.0 |
46.9 |
|
Target ads |
35.3 |
30.6 |
30.6 |
|
5. BENEFITS OF DISCLOSURES DESCRIBED? |
47.1 |
63.3 |
53.1 |
|
General Assurance |
74.1 |
93.9 |
67.3 |
|
Service Access |
36.5 |
34.7 |
46.9 |
|
Saves time |
15.3 |
24.5 |
24.5 |
|
Customization |
21.2 |
28.6 |
36.7 |
|
Alerts Offered |
43.5 |
44.9 |
46.9 |
|
Child Protection |
43.5 |
49.0 |
36.7 |
|
6. ARE CHOICES OFFERED? |
|
|
|
|
Recontact Choice |
41.2 |
55.1 |
51.0 |
|
Privacy Protection Suggestions Offered: |
17.6** |
28.6 |
36.7 |
|
Cookie control |
28.2 |
28.6 |
46.9 |
|
Choose to refuse |
20.0 |
28.6 |
16.3 |
|
Protection Information Links Shown |
9.4** |
30.6 |
20.4 |
|
Third Party Disclosure Options |
57.6 |
61.2 |
63.3 |
|
Aggregate Only |
34.1 |
38.8 |
46.9 |
|
Disclosure Choice |
35.3 |
40.8 |
36.7 |
|
Review Policy |
32.9** |
73.5 |
59.2 |
|
Corrections Policy |
41.2** |
85.7 |
87.8 |
|
Complaint Procedure |
57.6** |
87.8 |
85.7 |
|
7. SITE SECURITY |
|
|
|
|
Transmission Security |
31.8** |
73.5 |
49.0* |
|
Site Security |
41.2** |
77.6 |
71.4 |
|
Insecurity Statement |
20.0 |
8.2 |
24.5* |
Note: Table entries are percents based on the number of sites in each
category.
* Indicates significant differences between BBBOnLine
and TRUSTe sites Pearson chi-square p
< .05.
**Indicates
significant differences between sealed and unsealed sites, Pearson chi-square, p < .05.
Regarding
the consumer communication characteristics, unsealed sites were far less likely
to include their privacy statement as an option on their main navigation bar (10.6%)
than were sites with privacy seals (20.4%). The presence of a link tagged with
the word “privacy” was highly likely at both sealed (83.5%) and unsealed
(91.8%) sites that had privacy policies. About three-fifths of all sites used
smaller than normal fonts for the privacy links, however. Participants in seal
programs usually displayed their seals on their front pages (73.5% of BBBOnLine sites, 63.3% of TRUSTe
sites) or on the privacy policy page (73.5% and 93.8%, note that two of the
control group sites participated in seal programs other than the two leading ones).
However, potential distractions were also present. About three-fourths (72.7%) of
all sites with privacy policies had their main navigation bars on the privacy
policy page and a fourth (24.6%) carried ads on those pages.
Comparing
the content of privacy policies, unsealed sites and were less likely to include
statements about the types (80% vs 98%) and methods (7.18%
vs 85.8%) of information collection.
Consumer protection information was also somewhat lacking, the unsealed sites
were less likely (17.6% vs 32.6%) to offer specific
suggestions about how consumers could protect their own privacy and seldom
posted links to privacy protection links compared to sites participating in the
two leading seal programs (9.4% vs 25.4%). The
non-participating Web sites were also far less likely to state policies for
reviewing (32.9% vs 66.3%) and correcting erroneous
information (41.2% vs 86.8%), provided fewer
assurances of security of data during transmission (31.8% vs
66.2%) and after (41.2% vs 79.5%) receipt of the
information by the site’s proprietor, and were less likely to have a formal
complaint procedure (57.6% vs 86.8%).
Substantial
numbers of sites used privacy policies to point out the benefits of providing
personal information or ignoring the consequences of privacy invasion, and here
there were no significant differences between sealed and unsealed sites. Over
three-fourths (77.6%) of all sites with privacy policies offered comforting
general assurances of concern about consumer privacy (and many of these are
prominently displayed in the opening paragraph of the policy). About half (47%)
of all sites with privacy policies made some reference to the benefits of
information disclosure, specifically including access to service (38.8%), time
savings (20.2%), customization (27.3%), and the alerts about new products or
services (44.8%).
Comparing
TRUSTe sites and BBBOnLine
sites, there were few differences. TRUSTe sites were
more likely (68%) than BBBOnLine sites (46%) to request
personal passwords, or to acknowledge that they recorded IP information (59.2% vs 20.4%). Sites with TRUSTe
seals were less likely (49% vs 73.5%) to assure
security during transmission and were more likely (24.5% vs
8.2%) to issue “insecurity statements” to the effect that no transaction
completed over the Internet could be regarded as completely secure.
Comparing
the occurrence of statements about the benefits of information disclosure, the
number of arguments made favoring disclosure were unrelated to the amount of
personal information requested (intrusiveness, r = -.098), but was
moderately correlated to intrusiveness, as indicated by the number of different
ways in which privacy was invaded (invasiveness, r = .506, p
< .001).
2.3 Discussion
It
is perhaps ironic that the Web sites that seek to publicize their concern for
consumer privacy by displaying privacy seals were actually more likely to
intrude on privacy, at least in terms of the amount of personal information
that they requested from consumers. And, aside from a greater tendency to
deposit cookies, the unsealed sites were no more likely to invade users’
physical privacy through involuntary intrusions on their computers. Naïve consumers who view seals as a form of
privacy protection may thus be disappointed.
From
the perspective of compliance with FTC guidelines, both sealed and unsealed
sites were about equal in their assurances, with two key exceptions: sites participating in privacy seal programs were
more likely to offer assurances about the security of information both as it is
collected and after it is collected. And, unsealed sites were less likely to
reveal how data is collected.
How
effective were the seal authorities in encouraging compliance with FTC
guidelines for notice, choice, access, and security? BBBOnLine
sites were more likely to make assurances about secure transmission of
information than TRUSTe sites. However, compliance
with the guidelines was somewhat less than perfect in all key aspects. For
example, while almost all of the seal program participants provided notice of
the types of information collected, about an eighth did not reveal how
information is collected, offer to correct errors, or maintain a complaint
procedure. And, while most sealed (but also unsealed) sites informed consumers
of their choices, many did not really offer any choice other than leaving the
site or foregoing service.
Of course, the seal authorities themselves
make no promises about the levels of privacy offered by the sites bearing their
seals. They only promise that disclosures about privacy practices will be
monitored for accuracy and consumer complaints about privacy practices will be
responded to. Judged on these, their own terms, the seal authorities were
effective in that nearly all the sites bearing their seals of approval provided
expected information about notice, choices, access, and security. Compliance
was not perfect in any of these key respects, but this perhaps points to the
complexity, ambiguity, and lack of standardization in privacy statements as
much as the effectiveness of their enforcement. For example, a site that makes
no explicit reference to a consumer complaint policy might point out that it
collects no personal information and therefore needs no such policy or that its
customer service policy covers the requirement.
Are the FTC guidelines sufficient? Judged
against the stricter standards of the European Community’s privacy directive
(CEC, 1995), for example, neither seal program participants nor non-participants
offer adequate protections. Only a tenth offered an option to restrict release
of personal information to third parties on the information collection forms
themselves and a sixth of the sites analyzed (16.5%) stated that they reserved
the right to pass consumer information to third parties for marketing purposes.
Moreover,
it appears that certain Web site proprietors are pursuing something of a hidden
agenda in their privacy policy statements as well as the manifest agenda of the
FTC. While complying with the guidelines in “confessing” their privacy
invasions, many Web site proprietors use the opportunity to convince consumers
to make voluntary disclosures and to submit to involuntary forms of privacy
invasion. The present study found a sizable correlation between the
intrusiveness of Web sites, defined in terms of the number of different ways
they obtained and re-used consumer information, and the number of persuasive
arguments about the benefits of disclosure that were offered (e.g., to obtain
free or customized information) to justify the privacy invasion. This could
mean that Web proprietors are trying to diminish the perception of privacy
risks by offering counterarguments about the benefits of personal disclosures. Distraction is another issue,
the majority of sites with privacy policies had the main site navigation bar
visible along side the policy statement and about a quarter carried ads on
their privacy policy pages.
Assuming
that the statements made by sealed sites are true, and that the silence of
unsealed sites on certain issues at unsealed sites leaves consumers vulnerable,
what comfort is offered by a privacy seal? Visitors to sealed sites receive
superior assurances mainly in handling privacy complaints, including the
ability to review and correct erroneous information and having an established
complaint procedure. Sites with seals also take greater note of data security,
both during the consumer’s transaction and after.
The present results fall short of a definitive evaluation of privacy seals, of course. We also need to know whether the information is in fact more accurate at sealed than unsealed sites, whether they are more responsive to consumer complaints, and whether consumers are persuaded by the seals or even take much note of them. However, based on the current research we might begin to question whether the seal programs as currently constituted are useful for the consumer. Perhaps motivated by the same Federal Trade Commission guidelines that underlie the recom