dacs.doc electric

This is the first in what will be a series of columns devoted to the Law of the Internet and e-commerce. Whether you are a consumer, a business with an online presence (or just thinking about it) or a full service e-tailer, the law governing online transactions will have an increasingly greater role to play in your lives.

Privacy on the Internet is a major concern. The Federal Trade Commission has recently released a report to Congress in which it has proposed the need for new federal legislation. The Child Online Privacy Protection Act, effective on April 21, 2000, imposed significant obligations on those web sites that target children under the age of 13. Privacy is a global concern. The European Union?s Data Protection Directive already impacts the flow of personal information from Europe to the United States. A web site that expects to gather information from residents in European Union countries (which include England, France, Germany and Italy) must be sensitive to the privacy protection provisions in effect in Europe.

Every website that gathers information should have a privacy statement prominently featured on the website with policies that are adhered to. The May 2000 FTC report to Congress cited a survey that 92% of consumers are concerned (67% are ?very concerned?) about the misuse of their personal information online. A carefully prepared privacy statement can make online marketing easier. Consumers need to know their concerns are being addressed.

What should your privacy statement cover? There are four key principles that have been widely accepted as necessary to provide adequate privacy protections for consumers: Notice, Choice, Access and Security. Notice requires a website to give clear and conspicuous notice of information practices before collecting personal information. Tell the consumer what you gather, what you will do with the information (including sharing it with others), whether you or third parties use cookies or gather information involuntarily and the steps you take to insure the confidentiality, integrity and privacy of the data. A website operator must think through its approach to business in coming up with a privacy statement. Do you want to sell or rent customers names to third parties? If you do, you should disclose this to your customers.

The Choice principle requires data collectors to give consumers options as to the use of their data. If you intend to send consumers information other than that which they specifically requested, give them a choice about whether they receive it or not. The same is true for the transfer of information to third parties. Litigation has already been brought against major website operators who violated their customers? rights.

Access is more difficult to implement. The principle is that consumers should be entitled to view and correct the information you have gathered on them. It is akin to the right consumers have to question credit reporting agencies on the information they carry. The difficulty is in ensuring that it is the consumer himself seeking access and not a third party.

Security addresses the need for confidentiality once the data has been gathered. You need to have good security measures in place if you host your own site or insist that your website hosting service provide security.

Child oriented websites must comply with the Child Online Privacy Protection Act (COPPA). COPPA requires a website to post a link on its home page and every page where information is gathered to a notice concerning its information practices. The key concept to remember is that virtually no information may be collected, used or disclosed without verifiable parental consent.

As the techniques for data gathering become increasingly more sophisticated, we can expect further legislative action to protect consumer privacy. You must be prepared to follow any privacy policy that you do adopt and post. The FTC has already brought actions based on noncompliance with posted privacy policies.

Further useful information about online privacy may be obtained at the Federal Trade Commission website, www.ftc.gov and at www.truste.org.