[LINK] ITNews: 'Content providers ... "hostile" privacy policies'

Roger Clarke Roger.Clarke at xamax.com.au
Tue Mar 22 13:04:26 AEDT 2011 

[Comments embedded.]

Content providers slammed for "hostile" privacy policies
By John Hilvert
IT News
Mar 22, 2011 6:27 AM (6 hours ago)
http://www.itnews.com.au/News/251900,content-providers-slammed-for-hostile-privacy-policies.aspx

Parliament should draw "line in the sand".

Long-time privacy advocate Dr Roger Clarke has called for tough new 
laws to rein in "hostile" terms and conditions used by international 
internet content giants like Facebook and Google.

Speaking before the Joint Select Committee on Cybersafety, Clarke 
branded the business models of the internet and social media 
companies "consumer-hostile" and exploitative of "people and their 
data".

Clarke - who runs the Xamax business consultancy and chairs the 
Australian Privacy Foundation - appeared before the committee in a 
private capacity.

He called on content service providers to "clarify" terms and 
conditions of use, including how much personal data could be used by 
a provider "for their own purposes".

Clarke also said that information on privacy settings - and the 
extent of user control over them - should be concisely tabled and 
clearly visible to consumers.

"They [the likes of Facebook and Google] have privacy policy 
statements but they are difficult to find," he said.

"Those documents also change over time. In many cases, there is no 
track [record] kept of what changes occurred when."

Clarke called for "baselines" for privacy and disclosure to be 
established, backed by enforcement tools like "regulatory action" and 
"quick and efficient access to judicial warrants", which could be 
used to force oversight.

"International corporations that [provide] services to Australians 
must be subject to legal obligations to comply with those judicial 
warrants," he said.

New code

Clarke's call for the establishment of a privacy "baseline" coincided 
with the launch of a new self-regulatory code by major social media 
corporations regarding the tracking of user data for targeted 
advertising purposes.

Google, Yahoo!7 and NineMSN were among those to sign up to the code, 
which permitted users to "opt-out" from receiving certain 
advertisements.

Facebook was conspicuously absent from the list signatories.

However, Clarke dismissed the code as "another piece of industry self 
regulation being rushed out the door, literally today, in order to 
cover up some of the holes that have been found by the public, in 
existing self-regulatory arrangements."

[The creation of the code appeared to be news to the Parliamentary 
Committee, and certainly was to me.  So maybe my reaction was a 
little harsh?

[Looking at http://www.youronlinechoices.com.au/
http://www.youronlinechoices.com.au/adaa-best-practice-guideline
http://www.youronlinechoices.com.au/wp-content/uploads/2011/03/Australian%20Best%20Practice%20Guideline%2014%20March.pdf 
(1.2MB) ...
... no I don't think so.  It appears to have been subject to no 
consultation, it creates 'obligations' in name only, and it is 
unenforceable.  It's a sham.]

[The witnesses merely mentioned it, without advance notice, and 
without distributing so much as a copy of a media release.  It was 
almost as if they hoped the Committee would pounce on it, thereby 
burning up the available time and ensuring that any awkward questions 
the Committee members may have brought along to the event didn't get 
to be asked.]

He said it should not stop Australia's Parliament from drawing a 
"line in the sand" to set minimum conditions on privacy terms in user 
contracts.

Data "transfer"

Representatives from Facebook, NineMSN, Microsoft and Yahoo!7 
rejected suggestions that they onsold user data to third parties, 
saying such practices would undermine user trust and confidence.

However, confidence varied among corporate representatives.

"I'm not aware that we just sell it without having a business case 
for Microsoft," Microsoft Australia's chief security officer Stuart 
Strathdee told the committee, before seeking to take the question on 
notice.

Clarke chided the Committee for asking only whether the corporations 
"onsold" their data.

"We should talk about 'transfer under any circumstances'. It can be 
trading, gifting, exchange  - there are many uses of 'weasel words' 
by organisations that are trying to avoid telling the truth," he said.

He warned that corporation lawyers could draft terms of use so "you 
consent to everything they might want to do."

"[By using the service], you are deemed to have read the terms and 
have knowledge of them as well."

While legally user knowledge and consent may have occured, Clarke 
argued most users would not realise the extent to which they may have 
allowed content providers to re-use their data.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list