![Page 1: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/1.jpg)
Copyright,1987-2006
1
A Pilot Study of the Effectiveness of Privacy Policy
Statements
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, U.N.S.W., Uni. of Hong Kong & ANU
http://www.anu.edu.au/people/Roger.Clarke/....../DV/PPSE0601 {.html, .ppt}
Bled eCommerce Conf. – June 2006
![Page 2: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/2.jpg)
Copyright,1987-2006
2
Privacy Policy Statements
Themes
1. Privacy as a Trust Factor2. Privacy Protection
Mechanisms3. Privacy Policy Statements4. Research Design5. The Pilot Survey6. Implications
![Page 3: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/3.jpg)
Copyright,1987-2006
3
Trust as a Factor in B2C eCommerce
• The Theory of Reasoned Action (TRA) of Ajzen & Fishbein (1980) postulates that Trust is a major determinant of attitude towards purchasing, and hence of intention to purchase
• In Internet-based B2C eCommerce, Trust is usefully defined as:
confident reliance by Consumers about the behaviour of relevant Business Enterprises
![Page 4: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/4.jpg)
Copyright,1987-2006
4
Important Factors in Consumer Trust
• Dependability• Security of Tradable Items and Funds• Transparency of Marketspace Processes• Fairness of Terms / Consumer Protections• Recourse ‘when things go wrong’• Privacy, and Anonymity / Pseudonymity
![Page 5: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/5.jpg)
Copyright,1987-2006
5
A History of Marketer Abuses of Consumer Trust
• 1994-95 – The Web as New Advertising Medium(‘billboards on the information superhighway)
• 1995-97 – Closed Electronic ‘Communities’• 1996-98 – Push Technology (web-casting’)• 1996-98 – Info-Mediaries• 1998- ... – Portals• 2000- ... – Consumer Data Trails• ...
![Page 6: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/6.jpg)
Copyright,1987-2006
6
Privacy as a Trust Factor
The interest that individuals havein sustaining a 'personal space',
free from interferenceby other people and organisations
Dimensions of Privacy• Privacy of the Person• Privacy of Personal Behaviour• Privacy of Personal Communications• Privacy of Personal Data
![Page 7: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/7.jpg)
Copyright,1987-2006
7
Personal Data Privacy and Consumers
• Consumer Expectations• Privacy is a 'fundamental human right'• Excited by abuses, and numbed by them• Excited by advocates and the media
• Particularly Serious Concerns• Consumer behaviour data• Anti-discrimination categories • Taxation and financial data• Health data• Household data• Location data for persons-at-risk
![Page 8: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/8.jpg)
Copyright,1987-2006
8
Privacy Policy Statements (PPS)
• What PPS Are Not• Privacy Impact Statements (cf. EIS)• Privacy Impact Assessment (PIA cf. EIA)
• What PPS Are• 'privacy policies'• 'privacy statements'• 'privacy notices'• 'information practice statements'
![Page 9: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/9.jpg)
Copyright,1987-2006
9
Objectives of the PIA Process• Clearly define:
• business needs• stakeholder groups• privacy impacts
and implications• Enable understanding
and assessment of the proposal
• Enable mutual understanding of stakeholder perspectives
• Ensure reflection of stakeholder perspectives in the outcomes
• Enable:• maximisation of positive
impacts• avoidance or amelioration
of negative impacts• Maximise the likelihood of
stakeholder support• Avoid new requirements
emerging late• Earn public confidence• Raise awareness, educate • Anticipate and avoid
misinformation campaigns
![Page 10: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/10.jpg)
Copyright,1987-2006
10
Privacy Impact Assessment (PIA)
A sophisticated process that surfaces and examines potential impacts and
implicationsof privacy-invasive proposals
A primitive form of unilateral reportby an organisation
about what the organisation does with personal data
Privacy Policy Statement (PPS)
![Page 11: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/11.jpg)
Copyright,1987-2006
11
Privacy Protection Mechanisms
• Technological Measures• Organisational Measures• Legal Measures
• Privacy Statutes• Data Protection Statutes• Contract Law• Tort of
Misrepresentation
![Page 12: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/12.jpg)
Copyright,1987-2006
12
Privacy Enhancing Technologies (PETs)
• Counter-PITsCookie-Managers, Firewalls, ...
• Savage PETsAnonymous Remailers, Web-Surfing, ...
• Gentle PETsPseudonymous Remailers, Web-Surfing, ...
• Pseudo-PETsMetaBrands (TRUSTe, Better Business Bureau)
![Page 13: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/13.jpg)
Copyright,1987-2006
13
Organisational Protections
• Business Processes• Consumer Marketing
Principles• Information• Choice• Consent• Fair Conditions• Recourse
![Page 14: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/14.jpg)
Copyright,1987-2006
14
The OECD’s 1980 Principles
plus Public Access and Accountability Principles
USE
DISCLOSURE
SUBJECT
ACCESS
IndividualConcerned
ThirdParties
ThirdParties
IndividualConcerned
![Page 15: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/15.jpg)
Copyright,1987-2006
15
Alternative Regulatory Approaches
to Privacy Protection
• ‘Hard’ RegulationStatutory Impositions, Criminal Prosecution
• Self-Regulation“Wolves self-regulate for the good ofthemselves and the pack, not the deer”
No country accepts self-regulation alone, except the U.S.A.
• ‘Co-Regulation’Education, Changes to Procedures, Complaints Processes,Back-Ended by Damages Provisions and Criminal Sanctions
![Page 16: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/16.jpg)
Copyright,1987-2006
16
The Role of PPS in the Alternative Regulatory Contexts
• ‘Hard’ RegulationLittle or no real role
• Self-RegulationThe key feature that is meant to create the impressionthat consumers have some kind of protection
• ‘Co-Regulation’Possible role, as an adjunct to minimum requirementsor as a means of interpreting the law
![Page 17: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/17.jpg)
Copyright,1987-2006
17
The Research Question
• 'How effective are Privacy Policy Statements in encouraging consumer trust of B2C vendors?’
• Operational Formulation:
'Do the Privacy Policy Statements found on vendors' web-sites measure up to the requirements expressed in a specific normative Privacy Statement Template'?
![Page 18: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/18.jpg)
Copyright,1987-2006
18
Privacy Policy Statement Template
http://www.anu.edu.au/people/Roger.Clarke/DV/SPT.html
• Comprehensive• Based on consumer need and practicality• Not constrained by:
• OECD Gs’ 1970s View of Technology• Business-Bias of the US ‘Safe Harbor’
• Designed to provide guidance for all, includingcorporations, business associations, govt agencies,individuals, public interest reps and advocates
![Page 19: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/19.jpg)
Copyright,1987-2006
19
Research
Model
![Page 20: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/20.jpg)
Copyright,1987-2006
20
Population Segmentation
Dimension 1 – The Business
• ‘Pure Internet B2C’• ‘Clicks-and-Mortar’
Dimension 2 – The Company
• Leaders• Aggressive Marketers• Marketers of Sensitive
Products• Regional Marketers• ‘Ethical’ Marketers /
‘Not-For-Profits’
![Page 21: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/21.jpg)
Copyright,1987-2006
21
Sample for the Pilot Survey
Leaders:• Amazon• GoogleAggressive
Marketers:• Sears, Roebuck &
Co.Marketers of
Sensitive Products:• Adultshop.com
Regional Marketers:• Autoteile-Meile.de
(German online supplier of tyres and automotive spare parts)
'Ethical' Marketers:• National Geographic
(“world’s largest nonprofit scientific and educational institution”)
![Page 22: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/22.jpg)
Copyright,1987-2006
22
Procedure• Determine the segmentation• Determine the sampling frames• Determine the sample• Conduct the assessment
• find the organisation’s web-site• find the PPS on that web-site• assess it against the template• summarise• compare among the sample• draw inferences
![Page 23: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/23.jpg)
Copyright,1987-2006
23
Results
• Google terrible• Amazon worse• Sears & Roebuck worse again• Adultshop.com positive• National Geographic appalling• Autoteile-Meile Google-like and
irrelevant
![Page 24: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/24.jpg)
Copyright,1987-2006
24
Implications for Practice
Caution: very limited external validity!
• Descriptive value:Many PPS are valueless to consumers
• Explanatory value:Current PPS undermine consumer Trust
• Predictive value:Fragility if and when things go wrong
• Self-Regulation doesn’t work‘Hard’ or ‘Co-Regulation’ is essential
![Page 25: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/25.jpg)
Copyright,1987-2006
25
Implications for Research• Segmentation needs refinement:
• Organisational Size is a factor• Home Jurisdiction cf. Global
• The Normative Template needs refinement• The design appears to be:
• Practicable• Useful
• A representative sample can be assessed,and results capable of being generalised from can be achieved, with limited resources
![Page 26: Copyright, 1987-2006 1 A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,](https://reader035.vdocuments.mx/reader035/viewer/2022070305/55146443550346494e8b5aa5/html5/thumbnails/26.jpg)
Copyright,1987-2006
26
A Pilot Study of the Effectiveness of Privacy Policy
Statements
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, U.N.S.W., Uni. of Hong Kong & ANU
http://www.anu.edu.au/people/Roger.Clarke/....../DV/PPSE0601 {.html, .ppt}
Bled eCommerce Conf. – June 2006