July 6, 2011
Reason No. 1 – Preliminary FTC Staff Report
These statements taken from the Staff Report make it clear that big changes are ahead:
* “Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand.”
* “In recent years, the limitations of the notice-and-choice model have become increasingly apparent. Privacy policies have become longer, more complex, and, in too many instances, incomprehensible to consumers.”
* “Too often, privacy policies appear designed more to limit companies’ liability than to inform consumers about how their information will be used.”
After stating these concerns about the effectiveness of privacy policies, the FTC expressed clearly what it expects in terms of privacy policies going forward.
* “For instance, although privacy policies may not be a good tool for communicating with most consumers, they still could play an important role in promoting transparency, accountability, and competition among companies on privacy issues – but only if the policies are clear, concise, and easy-to-read.”
* “Thus, companies should improve their privacy policies so that interested parties can compare data practices and choices across companies.”
Reasons 2 and 3 – FTC’s Google Settlement
First, the FTC announced that there is a new type of sensitive information that’s risen to the level of personal information in terms of privacy protection. It’s called “covered information”, and it includes location data, screen names, and lists of contacts.
To be legally compliant, privacy policies now must disclose how “covered information” is collected, used, shared and disclosed.
This is an easy trap to fall into inadvertently, and Google did just that by collecting personal information for use with its Gmail service, then transferring the Gmail customers to its new BUZZ service without permission.
Reason 4 – Google’s AdWords Announcement
On May 17, 2011, Google announced a new policy for participation in its AdWords program. Non-qualifiers will be banned from AdWords.
These are Google’s new requirements for privacy policies to be eligible for participation in AdWords:
* Clear, accessible disclosure how information is used,
* Option to discontinue direct communications (email, phone), and
* Use of Secure Socket Layer (SSL) to protect transmission of financial and personal information. Note that these new requirements are consistent with current FTC policies expressed in its Proposed Framework.
Failure to keep up with these and other developments could result in substantial liability.
Leading SaaS attorney Chip Cooper has automated the process of drafting Website Legal Compliance documents with his MyLegalFirewall website legal documents generator. Use his free online tool — Website Contracts Determinator — to see which documents your site needs. Discover how you can draft near-custom website legal documents, even if you have no knowledge whatsoever at http://www.digicontracts.com/firewall .