A survey of 751 popular EU and US based web sites for consumers,
including 83 based in the UK, suggests that few businesses give
users a choice about being added to their mailing lists or having
their details passed to third parties in addition to other failures
of basic privacy standards.
The findings come from Consumers International, a global
coalition of 263 consumer organisations including the UK’s
Consumers Association and National Consumer Council. The main
findings of the study reveal that existing measures put in place by
various governments to protect people's privacy is not
adequate.
The survey found that just over two thirds of sites collect some
sort of personal information and almost all of these sites asked
for details that made it easy to identify and contact the person.
The vast majority of sites gave users no choice about being on the
site's own mailing list or having their name passed on to
affiliates or third parties.
Despite tight EU data protection laws, sites within the EU were
found to be no better at telling users how they use their data than
sites based in the US. Indeed, Consumers International claims that
some of the best privacy policies were found on US sites.
The most popular US sites were more likely than the EU ones to
give users a choice about being on the company's mailing list or
having their name passed on, despite provisions in EU data
protection law which obliges EU-based sites to provide users with a
choice.
Only 10% of sites targeting children asked children to get
their parents' consent before giving personal information or to
tell their parents afterwards.
"Privacy is recognised as a fundamental human right, yet we've
found that too many companies collect a lot of unnecessary, very
personal information about their customers - and because of
inadequate implementation of existing government measures people
don't have control over their data," says Anna Fielder, Director of
the Office for Developed and Transition Economies of Consumers
International. "This widespread neglect of good privacy practice is
all the more worrying when you consider that electronic
technologies for collection of data develop so rapidly."
Consumers International is calling for policy makers at the
national and international level to take urgent action to adopt
laws, rules and procedures as necessary to ensure that:
- Users are given control over the collection, use and disclosure
of their personal information and that personal information is only
collected and held as long as necessary to fulfil the original
purpose for collecting it;
- Users can easily check, correct or delete any data a sites may
hold about them and that it is collected, stored and transmitted in
a secure manner appropriate to the sensitivity of the data;
and
- An independent oversight body is established to ensure
compliance, provide for adequate sanctions for violations and give
cheap and quick access to redress.
It adds that companies immediately need to incorporate internal
practices in line with all existing legislation and guidelines
regarding privacy of personal data.
The report by Consumers International provides a five-point plan
for people to protect themselves from misuse of private information
in e-commerce. The plan is:
- Limit disclosure of your personal information.
- Set up a separate e-mail account for e-commerce
activities.
- Reject cookies planted in your computer by intrusive
businesses.
- Consider using an internet privacy tool which allows you to
surf anonymously.
- Learn about your legal rights and be prepared to use them.
