Privacy on the World Wide Web
Numerous studies have documented that concerns about privacy violations hamper online commerce. There are valid reasons to be concerned about privacy on the World Wide Web. The proliferation of telecommunications links to computers that contain databases about consumers and the lower cost of hard drives to store large databases have resulted in lower cost, more sophisticated snooping tools.
Cookie software— A site visited by a user can add a small text file to the visitor's browser that identifies the user to the site. The cookie is used for password authentication so that people are not required to type in passwords each time they visit sites to which they subscribe. They are also used, if a site has the person's email address, to send personalized research or news leads to users based on their cookie. The cookie, however, does not divulge site users' email addresses. Those are provided voluntarily via online registration, purchases or contests.
Cookies can be used to track customer behavior at multiple sites. The information is used to create profiles of sites users visit and browsing habits. Advertising companies like DoubleClick that sell banner ads to many sites enable this capability. A unique number is placed in the cookie and tracked from site to site. If the visitor fills out a registration form at one of the sites, the ad network associates the user information (e.g., name and address) with the profile.
Online registration and contest forms— Telephone numbers, email addresses, and home and business addresses are collected from online forms. These are frequently put into demographic databases by companies and sold to direct marketers.
Cable TV and satellite TV providers have the capability to monitor and capture information about the viewing habits of their customers that have personal video recorders such as ReplayTV and TiVo. Personal video recorders are set-top devices with hard discs that let users record and schedule recording of television shows and play back the shows minus the commercials. (See Chapter 7 for personal video recorders.)
Record companies can monitor and keep lists of listening habits of people that download music at their sites.
Email “bugs” can be embedded in HTML email (described previously), which enables marketers to send email with the look and feel of Web pages with multimedia formats. The software bugs tell marketing companies if users opened the email message. The bugs also send marketing firms copies of the email and comments added to it if it is forwarded to others. The bug can be planted in email that looks like it is plain text only also. Thus, a business associate could know, for example, about any comments added to a proposal sent to potential clients. (Users can disable this JavaScript feature in their Netscape or Explorer browsers but they will lose the ability to receive mail in the HTML format.)
Powerful databases— Companies such as Acxiom, 7/24 and Abacus Direct (part of DoubleClick) offer online services where, for a fee, direct marketers purchase personal data about consumers.
The “wired” universe— The rise in communicating computers makes databases available to anyone with an Internet connection and a PC. People buy access to lists or they hack into computers containing personal information. As systems acquire more sophisticated security, hackers increase their own break-in capabilities. In 2000, hackers broke into Western Union's Web site and stole debit card and credit card information about 15,700 users. Consumers are aware that computer systems are vulnerable to hackers and are leery of leaving private information on the Internet.
Opt-out vs. Opt-in—Different Approaches to Protecting Privacy
Some Web sites give users an option to request that locations not collect or sell information about them collected at their site. This is called an opt-out opportunity. The problem is that this choice is often buried deep within a site's privacy statement. Even if a user opts-out, it may not apply to every banner on the site. For example, large advertisers that place ads for many companies use special cookies (described above) that track and link users' behavior at many sites. In these instances, opt-out forms need to be filled out at every site containing the banner ad from the advertising network's, for example DoubleClick's site. Opt-in, which most sites don't offer, means that the site does not gather personal information about visitors unless they authorize it by filling in an opt-in form.
Privacy safeguards are stricter in Europe than in the United States. This created problems for companies with sites that spanned both continents. The Commerce Department and the European Union signed a treaty called Safe Harbor to eliminate this barrier. Under the terms of the agreement, companies that meet Safe Harbor privacy rules will be issued a mark for their site by privacy watchdog TRUSTe. Because the program is voluntary, the extent of compliance is not clear. The standards that must be met to receive the TRUSTe stamp are:
Web sites tell visitors what information is being collected about them: what the information will be used for and with whom the information will be shared
Consumers must be able to choose whether or not personal information should be shared with other organizations
Consumers must have the right to view and correct information collected about them
The advertising industry, under pressure from privacy groups and to avoid legislation mandating privacy, has set up a site users can go to where they can request that information or profiles about them not be set up of their browsing or online shopping patterns. The site is www.networkadvertising.org. They have also set up a site to be managed by independent accounting firm Andersen where users can make complaints about companies that fail to comply with opt-out requests. This site is www.andersencompliance.com. Critics feel that this effort will have little impact, as most users don't realize they're being profiled and don't know about the opt-out site.