The FTC just announced its agenda for its upcoming privacy-related conference, aptly named, PrivacyCon. The FTC hails the event as a first-of-its-kind conference “regarding important consumer privacy and security issues by leading academics from universities and think tanks from around the world.”
But despite the FTC’s examination of the issue, online privacy is still a highly misunderstood (and highly abused) concept in online transactions. Having counseled hundreds of clients on privacy-related issues for the past fifteen years, I can tell you this: The laws (or lack of laws) related to online privacy aren’t going to change anytime soon. Before I tell you why nothing is going to change, consider the following:
Consumers have a poor understanding of privacy policies—usually because they don’t read them.
Privacy seals don’t mean as much as consumers (and companies) think they mean.
Privacy seals purport to certify that the owner of a website complies with certain minimum levels of online privacy and security. But how much do you really know about what it takes to get a “privacy seal”? For that matter, how do you know whether a website displaying a privacy seal actually complies with the seal’s minimum requirements? Here’s a scary (but true) revelation: Some site owners display privacy seals without taking any steps whatsoever to comply with any required privacy procedures. (Yes, it’s trademark infringement, but unfortunately, it happens.)
On the flip side, consumers don’t usually make decisions to divulge their personal information based solely on the presence or absence of a privacy seal. Case in point: Think about the websites from which you regularly buy things. Do those sites even have privacy seals? (Don’t look until you venture a guess). In my case, the first three sites I thought of did NOT have privacy seals—but I buy stuff from those sites all the time, and will continue to do so. My point is this: If companies think that the presence of a privacy seal will be a game-changer for their online sales, then they are sorely misguided. Reputation-building activities, like improved customer service and support, will always pay higher dividends than privacy seals.
Online privacy-related laws will always have exceptions enabling sufficiently initiated companies to circumvent the spirit and purpose of the law. So while I applaud the government’s efforts in confronting the pervasive online privacy problem, I don’t expect to see too many changes any time soon. Indeed, changes won’t come until we stop looking at the privacy problem from a (mostly) intellectual perspective, and start addressing the issue from a business-oriented perspective.
Until then, assume nothing is private.