How do you make online privacy policies stick? Privacy from Companies9/24/2000; 1:00:18 PM 'So perhaps it's time to look at privacy policies and opt-in agreements as legal contracts or license agreements. Digital signatures have been around for years and the law is starting to recognize them. So why couldn't a company draw up a virtual contract on privacy that's binding on both sides? Every time I click on a licensing agreement, I'm warned how I might be subjected to imprisonment, fines, and fierce noogies from the Feds should I violate it. Can't those stipulations work both ways?'Lets work some numbers here:

  • Number of lawyers the company drawing up the policy has: Tens - Thousands
  • Number of lawyers the person agreeing to the privacy contract has: Zero.
It's wrong to set customers against that many lawyers. The corporate lawyers could write contracts with every loophole imaginable, thus not really affecting the status quo, and then for bonus points, they could (and would) bind the customer in this new contract to any number of things in the fine print. The clause that leaps to mind as plausible would be "Thou Shalt Not Say Nasty Things About This Site". UCITA allows software manufacturors to put the equivalent into software licenses.Creating privacy contracts is a good thought, but the two-way nature of the contracts is scary. I'm not going to sign the equivalent of a EULA just to use your e-commerce site, sorry. What we need to do is either make companies stick to their original promises (which has problems, as that could drive companies out of business if they start by promising too much), or, ideally, create a legally binding system that restricts what all companies, Internet or otherwise, do with customer data. And we need to not be sidetracked by arguments like this:'It's a fundamental law of Internet commerce that privacy and convenience are at loggerheads: To gain one, you must sacrifice the other. 'E-commerce companies find themselves in a bind. E-commerce is plagued by complaints of a cold, nonpersonal experience. Where's the love? But a company can't very well give you a personalized experience without knowing something about you. 'Hence the privacy policy, which is the company's promise to only gather data about you in the interest of serving you better -- never to sell as marketing or demographic data.'The third paragraph flatly contradicts the first paragraph, and it's the third that's correct. I have no objection to sharing data voluntarily with a company so they can provide me service, but that just does not require that they sell that data. There's two 'privacy' issues here, not one: 1. Customer sharing with company and 2. Company sharing with company. We need to not be mislead by people trying to lump them together and propounding logic that boils down to "Customers need to share data with companies to get service, therefore privacy is not possible (therefore companies must share with companies)."I hate to rag on the article so hard, because it's good to play with ideas like this and see where they lead; it's how progress happens . However, the author should have played with it a bit more before writing a story.