EU Privacy Comparison

Home | Privacy Links | Opt-Out



PRIVACYnotes #1

PRIVACYnotes #2
PRIVACYnotes #3
PRIVACYnotes #4
PRIVACYnotes #5
PRIVACYnotes #6
PRIVACYnotes #7
PRIVACYnotes #8
PRIVACYnotes #9
PRIVACYnotes #10
PRIVACYnotes #11
PRIVACYnotes #12
PRIVACYnotes #13
PRIVACYnotes #14
PRIVACYnotes #15
PRIVACYnotes #16
PRIVACYnotes #17
PRIVACYnotes #18
PRIVACYnotes #19
PRIVACYnotes #20
PRIVACYnotes #21
PRIVACYnotes #22
PRIVACYnotes #23
PRIVACYnotes #24
PRIVACYnotes #25
PRIVACYnotes #26
PRIVACYnotes #27
PRIVACYnotes #28
PRIVACYnotes #29
PRIVACYnotes #30
PRIVACYnotes #31
PRIVACYnotes #32
PRIVACYnotes #33
PRIVACYnotes #34
PRIVACYnotes #35
PRIVACYnotes #36
PRIVACYnotes #37
PRIVACYnotes #38
PRIVACYnotes #39
PRIVACYnotes #40
PRIVACYnotes #41

PRIVACYnotes Discussion List
Security Protecting Privacy is Good for Business

Respecting Privacy on the Web

---------------------------------------------------------------------- PRIVACYnotes Digest Security Protecting Privacy is Good for Business ---------------------------------------------------------------------- Published by: Mike Banks Valentine PrivacyNotes ---------------------------------------------------------------------- May 2, 2002 Issue # 008 ---------------------------------------------------------------------- SEND POSTS: ---------------------------------------------------------------------- .....IN THIS DIGEST.....


"EU Privacy Comparison" ~ Mike Banks Valentine

// -- NEW DISCUSSION -- //

"Reality or Perception?" ~ Anonymous ~ Moderator Comment


"Digital ID" ~ Anonymous

"Define Opt-In" ~ Anonymous

"Digital Databases" ~ Will Bontrager

// -- PRIVACY NEWS -- //

"The Latest in Privacy Issues"



I'm just back from the InternetWorld 2002 conference in Los Angeles where I had the opportunity to attend two valuable sessions on privacy. The first was given by Jorian Clarke of Spectracom whose company had the misfortune of being one of the first attacked for COPPA (Childrens' Online Privacy Protection Act) violations by a consumer rights organization. She has graciously made available a copy of her powerpoint presentation from InternetWorld discussing how companies can protect themselves from being targeted for privacy violations.

The second presentation included a dramatic illustration of European Union privacy standards for companies that operate internationally, by speaker Coeta J. Chambers, HR Attorney for greater Europe, Intel Corporation. She pointed out that the EU has just released a 48 page (pages are very short) EU Privacy Audit Guide for companies doing business in the 15 countries represented under EU privacy guidelines. Ms. Chambers has also graciously made that document available to me. To facilitate easy access to the information, I've posted that document (in full) to my web site where it will remain available for review by companies who do business online with the EU. Simply visit the following URL to be the first on your block to read these guidelines in English. ;-)

U.S. companies complaining about our privacy laws who do business in the EU know that they have dramatic freedom to exploit Americans privacy rights and seem to be whining just to maintain those excesses they currently enjoy. Europeans can sue for damages if ANY of their personally identifiable information is improperly exposed publicly or released to anyone with unauthorized access. It's an enlightening comparison that has been discussed very little. What do you think?

~ Mike Banks Valentine


// -- NEW DISCUSSION -- //


From: Anonymous

Hi Mike,

I just noticed your sig at the bottom of your recent epub post: RE: [epub] RE: Losing Subscribers?

It says: "Privacy is Good for Business"

It piqued my interest.

I understand the importance for the *consumer* to protect their privacy. So I'm curious: how is it good for business?

I'm not referring to a company which creates the *appearance* of protecting privacy, which is good PR (whether it's true or not).

So - I'm wondering: how is privacy is good for business?


[ Moderator Comment ]


I am completely convinced that a company that differentiates itself by PROMOTING their respect for privacy will be able to draw from that nervous 60% of Americans that haven't made a purchase online and convert them to very willing buyers that may have been previously reluctant or entirely unwilling to buy their products or services online.

Clearly the discussion on YAHOO! illustrates that those who DON'T respect privacy will lose business since many of us are searching for alternatives to for our lists.

My official discussion list tag line is a variation on the TRUSTe slogan and they indicate your suggested "appearance of privacy" in that statement. TRUSTe says simply,

"Privacy is Good Business" Adding "Protecting" and "FOR" changes that idea dramatically. You've convinced me I need to change my sig line, but my advocacy for respecting customer privacy is growing daily as I see abuses and blunders abound.




From: Anonymous

Great discussion going on about IDs and central ID databases.

I'm living in Belgium; and we're having national numbering: one for social security and one to be known as a Belgian, the so-called national registration number. Both are assigned when you're born. People getting Belgian nationality receive both numbers at that time.

We even have a pin card for the social security system that need to be used in the pharmacy, when you subscribe for a job claim and other social related topics. As a result, the government tracks the social spending on medication and the prescription behavior of doctors and hospitals with the ultimate hope to decrease the social budget... and the taxes?

Having a strong background in databases and internet technology, I can assure that it scared me off at first.

Currently I'm doing a project for a government agency where we're using the national registration number and I must agree that it isn't that simple to get all data what you would expect to be present in the 'centrally' linked database. In fact, we're not allowed to ask for data, we can only verify whether the data we collected ourself is valid against the centrally known data.

Doing this project, it showed me that the old adagio still is valid. Data in itself is worthless. You need a context to turn it into information (Privacynotes :) ).

Reading the discussion whether to or to not battle the national ID shouldn't be the baseline. The question should be what data is stored together and what data is allowed to be combined.

Hope this'll fuel the discussion.

Kind regards, Anonymous



From: Anonymous

Thanks to Anonymous for a fascinating post concerning the definition of opt-in, and a glimpse in to the future of email.

First, I find I am compelled to agree with Anonymous' logic that so long as the user is somehow told that their address is going to be sold, then it's certainly within my definition of opt-in. Steven has been able to clearmindedly look below the surface of my own definitions of opt-in and see weaknesses that haven't occurred to me in 6 years of daily work with them.

Can we agree that the truth will have to be obscured from users in some manner in order for this process of gathering addresses for resale to work?

After all, really, who is going to submit any sign up form that states, in clear concise language, next to the email submission field, that their address will be sold to third parties, who will sell it to fourth parties, and so on until the end of time? Also, don't forget dear user, this will result in you receiving many mailings that have nothing whatsoever to do with the topic you are currently requesting information about.

The reality is that these disclaimers will likely be buried in lengthy, small print, legalistically worded, privacy policies a link or two away from the sign up form itself. And of course few users will read policies that were designed specifically not to be read.

So the fact of permission will achieved, but not the spirit.

We can reach beyond the kind of simple, common sense understandings of permission our users think in terms of if we wish, and no one can sue us if we are clever. But readers don't need to sue publishers, they have a simpler remedy. They'll just walk away from email if it stops being fun and useful. Breaking trust with readers, as they understand that trust, is like eating one's seed corn.

However, maybe eating one's seed corn, cashing in one's chips if you will, makes sense if what we're seeing here is a glimpse of how classic big corporation thinking will impact our email space when it finally arrives in force. Isn't finding these kinds of clever loopholes pretty much how the smart people with big money go about getting bigger?

A useful analogy might be to think of our email space as a natural resource that is about to be mined for all it's worth by the largest corporations, in a completely legal way, until there is nothing left to pull out of the ground. That's a pretty well established routine, yes?

The sad irony is that the same pioneers who have the experience to see this train coming are those tied to the tracks. If the tactics we're discussing here are accepted as a smart strategy by the big boys, user response to bulk email will continue to drop, along with ad rates. The big boys will burp and move on to the next clever opportunity, leaving the humble working folk who built the tracks to mop up the mess.

Hopeless point of view? Completely wrong perhaps, sure, I hope so. But not hopeless.

Real hope doesn't come from clinging to some pleasant reality we hope is static, when we know change is the only constant. It comes from applying the best logic we can muster to the facts, as best we can understand them.

When experienced people like Anonymous are shining an insightful flashlight on the road ahead it would be hopeless not to look as clearmindedly as we can at what's being illuminated.



From: Will Bontrager <>

Anonymous said:

>> Larry Ellison stated 'The single thing we could do to make life tougher for terrorists would be to ensure that all the information in myriad government databases was integrated into a single national file.'

I agree. What was left unsaid was that will also make life tougher for every single person, not just terrorists. All of us equally. <<

Wait a minute. That wouldn't make life tougher for terrorists, it would make it *easier*

Instead of needing to break into each one of the "myriad government databases", now terrorists only need to break into the central one.

Theoretically, the central database would be easier to break into than any of the myriad would have been. Every person who now has to access one of the myriad would need access to the central one -- the number of people needing access to the central database would be the average number currently requiring access to individual databases multiplied by "myriad."

With all info in a central repository, a terrorist needs only one access instead of access to a myriad of databases. People get careless, inadvertently compromising access codes or otherwise disclosing unauthorized information.

And on a different slant, who would control the database? Sure, "the government," but who would the government appoint to do the job? Maybe an MS security advisor? Larry Ellison? Where is the government going to find someone with no hidden agenda, or will that even be considered?


Sooner or later you need CGI. Then you need WillMaster.


// -- PRIVACY NEWS -- //

Free-speech group has won a legal round in its fight against unsolicited e-mail, invoking Washington state's anti-spam law. The King County District Court in Bellevue, Wash., on Monday granted Peacefire $1,000 in damages in each of three complaints filed by Peacefire Webmaster Bennett Haselton. The small-claims suit alleged that Red Moss Media, Paulann Allison and Richard Schueler sent unsolicited commercial messages to Haselton that bore deceptive information such as a forged return e-mail address or misleading subject line.

Disguise your desk and keep your boss out of your office if you want any privacy. Personal spaces such as offices and bedrooms are an "incredibly rich" source of information about people's personalities, according to new research by psychologist Samuel Gosling of the University of Texas and his colleagues. Their study found people are "remarkably accurate" at guessing some aspects of others' personalities -- in particular whether they tend to be open and conscientious -- based only on a look at either their offices or their bedrooms.

A Senate effort to limit what businesses can do with information they collect online from their customers is under attack from Internet companies and getting tepid support from consumer advocates. The proposed online privacy legislation, introduced last week by Sen. Ernest Hollings, D-S.C., would require businesses to tell visitors to their Web sites what information is being gathered on them and how it will be used. Online businesses would then have to get consumers' permission before sharing with third parties sensitive information such as bank accounts, medical information, political or religious affiliation or Social Security numbers. Anyone who finds sensitive data was misused and can prove harm could sue for up to $5,000 for each use of the information.

Microsoft and other technology makers struggling to define new Web services business models have another obstacle: consumer distrust of online authentication systems. A new Gartner study indicates that despite compulsory sign-up programs, consumers aren't interested in online identity and authentication accounts--such as Microsoft's Passport and AOL's Screen Name service--and won't be anytime soon. Moreover, few people trust Microsoft and AOL to safeguard the personal or financial information necessary for conducting online transactions.

Seven months after terrorism trumped privacy as a Congressional concern, bipartisan alliances in both houses are seeking to rekindle the issue. In the House, Representatives Bob Barr, Republican of Georgia, and Jerrold Nadler, Democrat of Manhattan, ideologically as far apart on other issues as two members can be, are pushing legislation to require government regulators to include a "privacy impact statement" in any new regulatory proposals. Such statements listing the privacy consequences of any regulation could then be the subject of court battles, delaying the rule-making process. (Free membership required to read. Review the Privacy policy first!)

Federal regulators Monday fined the Web site operator for the Etch-A-Sketch toy and sent warning letters to more than 50 other Internet operators regarding children's privacy online. The Ohio Art Company, which makes the children's doodling toy, has agreed to pay $35,000 to settle charges it violated the Children's Online Privacy Protection Rule, the Federal Trade Commission said. The site was collecting information from children before obtaining parental or guardian consent, the FTC said in a statement. Companies must make their privacy policies compliant with the law.

ISPs oppose Minnesota Web privacy bill A controversial bill before the Minnesota state legislature would limit how Internet service providers (ISP) use consumers' private information, and a lobbying group warned that ISPs will pull out of the state if the bill becomes law. The bill would prevent ISPs from collecting data on customers' Web surfing habits and then selling that data to other companies.,4125,NAV47_STO70301,00.html 5318 E. 2nd St. #789 Long Beach, CA 90803