Thank you for sharing!

Your article was successfully shared with the contacts you provided.
On the Internet, a promise is a promise. That much was made clear recently after the Federal Trade Commission settled a complaint against the Gateway Learning Corp., the sellers of “Hooked on Phonics.” The FTC charged Gateway Learning with violating its own Web site privacy policywhen it rented consumer information to direct marketers. [FOOTNOTE 1] In its privacy policy, Gateway Learning promised that it would not sharepersonal information about its customers with other entities: “We do notsell, rent, or loan any personally identifiable information regarding ourconsumers with any third party unless we receive explicit consent.” Another statement assured Gateway Learning customers that “We do notprovide any personally identifiable information about children under 13 years ofage to any third party for any purpose whatsoever.” Gateway Learning’s privacy policy also promised customers that if itsinformation sharing practices changed, then it would give them a chance to”opt-out” of having their information shared. Yet, despite these explicit promises, Gateway Learning in April 2003 beganrenting personal information provided by its customers — including their names,addresses, phone numbers, age ranges and genders of their children — to directmarketers for mailings and telemarketing calls. Two months later, Gateway Learning revised its privacy policy to say that”from time to time” it would provide personal information to”reputable companies” whose products or services its customers mayfind interesting. Even after making this revision, Gateway Learning continued to rent the personalinformation collected under the previous will-not-share privacy policy withoutcontacting those customers to inform them about Gateway Learning’s revisedpolicy. Generally, federal law does not require Web site owners to have or post privacypolicies. An exception to this rule applies to sites that target children under13. Those sites fall under the complex purview of the Children’s Online PrivacyProtection Act. However, once a site does post a privacy policy, it must abide by the terms ofthat policy. This means that if a company’s policy explains that it collectsconsumer information, but promises not to share it, that company can’t shareunless the consumer agrees. Companies that fail to abide by the terms of theirown privacy policy can be charged with deceptive business practices under�5 of the FTC Act. So it was for Gateway Learning. In its settlement with Gateway Learning, the FTC included four provisions toaddress the company’s misdeeds. First, the settlement bars Gateway Learning frommaking future misrepresentations about how it will use data it collects fromconsumers. Second, the agreement also prohibits Gateway Learning from sharingany personal information collected from customers on its site under the earlierwill-not-share privacy policy, unless it first gets their express affirmative”opt-in” consent. Third, Gateway Learning cannot apply future materialchanges to its privacy policy retroactively without customers’ consent. Finally,the settlement required Gateway Learning to forfeit the $4,608 it earned fromrenting its customers’ information. PRIVACY POLICIES EXPOSED Although arguably resolved, the Gateway Learning case still raises importantquestions about the current prevalence of deceptive personal information sharingpractices online. Do Web site owners protect customer information as promised intheir privacy policies? The answer is unclear. In a comparative study of privacy policies published inJanuary, Michigan State University professors Robert LaRose and Nora Rifon foundthat most Web site privacy policies did not have consumers’ best interests atheart. [FOOTNOTE 2] To the contrary, most privacy policies often contained soothing assurances aboutconsumer privacy with implicit threats that services will be withheld unlesspersonal information is disclosed. Based on their findings, the researchersconcluded that Web site owners were using privacy policies not just to informthe Internet public, but also to persuade visitors to give up personalinformation and ignore lax privacy protection measures that could harm themlater on. Additionally, studies by the FTC examining content of leading commercial Websites have also found that only 20 percent met the regulatory agency’sstandards. All this comes at a time when consumers remain seriously concerned about theirprivacy. Fear of undue privacy invasions is the leading cause keeping new usersfrom participating in electronic commerce. Research conducted by the PewInternet and American Life Project showed that 84 percent of Internet users wereconcerned about the confidentiality of their information online, and 94 percentwanted privacy violators punished. [FOOTNOTE 3] These figures should serve as a wake-up call. Self-regulation has worked to getus this far. But how many more privacy invasions will consumers tolerate beforeCongress enacts strict rules regulating the content of online privacy policies? Regrettably, continued privacy violations by a few irresponsible Web site ownersmay bring an end to the age of industry self-regulation, and escort a new era ofgovernmentally imposed guidelines. All site owners should take consumer privacy seriously. Here are five keyingredients to include in a privacy statement that not only comply with theletter of the law, but with the spirit of consumer protection: � Use plain English.When reviewing a company’s privacy policy,consumers expect clear explanations about information sharing practices. This isthe first step toward making a conscious decision to participate in a Web site’sinteractive activities. � Respect consumer choice.Most Web sites make broad assurances thatthe information they collect will be kept confidential. However, companies thatgive consumers easy access to the personal data collected, coupled with simpleprocedures for editing or removing it, can go a long way in earning consumertrust. � Go outside.Use of third-party compliance verification programs is agood way to catch inadvertent disclosures early, gain valuable expertise andmaintain the integrity of existing procedures. � Don’t advertise.A surprising number of Web sites post advertisingand other distracting graphics on the pages containing privacy statements.Selling merchandise on the same page that a company is trying to informcustomers about its information sharing practices may be viewed as tactless, andoffer little return for the indiscretion. � Post warnings.Above all, keep consumers informed about the risks. Ifa privacy policy is drafted in a way that tries to convince consumers todisclose personal information, then it should also include explicit warningsabout the threats of identity theft, spam, and credit card fraud when disclosingtoo much sensitive information online. The challenge for Web site owners here ishow to educate consumers without prompting avoidance behavior. Ultimately, the best way to ensure the Internet reaches its full potential is bybalancing privacy protections with sound business practices that bolsterconsumer confidence. Harry A. Valetk, a former trial attorney with the U.S. Department ofJustice and an adjunct assistant professor at the Bernard M. Baruch College,Zicklin School of Business, is the director of privacy online for theEntertainment Software Rating Board. ::::FOOTNOTES:::: FN1At www.ftc.gov/opa/2004/07/gateway.htm (last visited on Aug. 23, 2004). FN2Robert LaRose and Nora Rifon, “Your Privacy Is Assured – Of BeingInvaded: Web Sites With and Without Privacy Seals,” at www.msu.edu/~larose/es2003post.htm (last visited on Aug. 23, 2004). FN3Susannah Fox, “Trust and Privacy Online: Why Americans Want to Rewritethe Rules,” The Pew Internet and American Life Project, at www.pewinternet.org/pdfs/PIP_Trust_Privacy_Report.pdf (last visited on Aug. 23, 2004).

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.