A survey has delivered a damning verdict on the standards of protection which operators of websites around the globe provide in respect of personal information.
The survey organised by Consumers International covered a total of 751 websites in the US, the European Union and Hong Kong. Approximately two-thirds of these sites asked users for personal details which would make it easy to identify and contact them. More importantly, in the vast majority of cases, users were not given a choice of whether their details were put on a mailing list for use by either the site's host, its affiliates or unrelated third parties.
This is contrary to legislation in the European Union where companies are required to provide consumers with an opportunity to opt out of having their personal information used for marketing purposes. Further, under restrictions imposed by Hong Kong Personal Data (Privacy) Ordinance, personal information may only be used for direct marketing if this is one of the purposes for which it has been collected and, on the first occasion the information is used for direct marketing, the individual is provided with an opportunity to opt out of future marketing.
- the type of personal information that is being collected
- whether the information will be transferred to third parties
- how long the information will be stored
- to whom the information will be disclosed
- direct marketing policy
- security of the data
- the right of consumers to request access to, and correction of, personal information
However, only just over half the websites surveyed by Consumers International had any policy in place at all, with most policies being inadequate from a consumer's point of view. One particular problem encountered by Consumers International was in locating the policy on the website, with most policies not being referred to on the site's home page or at the point where personal information was being collected.
Whilst it may be tempting for operators of websites to dismiss the findings of this survey as being mere drum banging on behalf of consumers, it would be unwise to do so. The Privacy Commissioner's Office in Hong Kong checked on the compliance of 400 websites last year, following up with enforcement notices against those which failed to meet the minimum standards set by Hong Kong legislation.
A copy of the full report published by Consumers International can be found at on their website at www.consumersinternational.org. First published in SCMP Technology Post on 6 February 2001.