Talk:Privacy policy

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

New Article[edit]

I've changed this entire article. See the message left on Gabriel Kent's talk page. OvenFresh 23:10, 28 Dec 2004 (UTC)

Legally binding?[edit]

I was wondering whether privacy policies are actually legally binding. I noticed that my added description of P3P was changed from a guarantee to an offer. I assumed that the point of privacy policies is that they give users additional legal rights, or took them away where relevant, to get out of the uncertainty of implied law. If this is so, it ought to be mentioned in some form or other. --BigBlueFish 10:28, 22 November 2005 (UTC)Reply[reply]

I think you are right - in that the privacy policy will often form part of the terms and conditions and therefore be part of any contract, and also that it might form the basis for any permission for the purpose of privacy laws. I made the change of wording because it fitted better with what the browser is doing. I think common sense suggests that you can't guarantee that an unknown website will be honest about its intended or de facto privacy policy. This is one of the main criticisms of P3P. So I agree with you, but I didn't think the word guarantee was quite accurate in that context. It merits more discussion in the article. zzuuzz (talk) 16:35, 22 November 2005 (UTC)Reply[reply]
Agreed... Although I accept the new wording, it should be noted in this case that privacy policies are guarantees of a sort; legal ones, that is. The theoretical point of P3P is that should someone provide a false privacy policy and you used the site because of it, the site owners could be sued under the Data Protection Act. It's the fact that this kind of legal retribution is only really relevant to big cases that makes it a poor logical guarantee. As you might be able to tell, I'm not a lawyer! Hopefully somebody will be able to approach this in correct terms for the article; I'm leaving it alone for now --BigBlueFish 19:24, 22 November 2005 (UTC)Reply[reply] I still would like to know if Privacy Policies are legally binding. What US laws apply to companies that violate their PP? Has there ever been a successfully prosecuted case enforcing a PP? What about the risk that PP are simply a smokescreen to pre-empt outrage and head of real reform / regulation? J.Mayer (talk) 17:39, 17 August 2009 (UTC)Reply[reply]

Yes, there have been successful suits for PP violations. COPPA requires that web sites and online services directed to children under age 13 Post a clearly written privacy policy with links to the notice provided on the home page and at each area where the site or online service collects personal information from children. FTC COPPA FAQs In what few court ruling exist, courts have mostly done a <POV>lousy job</POV> enforcing privacy rights based on privacy policies, unless damages due to the violations can be substantiated. In my case, it appears that the defendant, recognizing the likelihood of a grant of injunctive relief (corrective disclosures to correct false statements in the privacy policy) chose to preemptively disclose. looks like a good source to use. It reports "One consumer successfully sued in California small claims court for breach of contract after sent e-mail to users who had specifically opted out of receiving such announcements. The plaintiff was awarded $50 in damages and $27.50 in court costs." More importantly, it reports that Attorneys General routinely receive favorable settlements from defendants who have not honored their privacy policies (or viewed another way, have ones with material omissions). I looked into a couple of the then-pending actions listed on the page. The case was settled in '02 and '03, by the firm severing its relationship with Coremetrics, appointing an internal privacy committee to monitor its privacy program, changing its Internet privacy policies, and paying a fee to the state. Here's more info on cases. --Elvey (talk) 06:51, 6 November 2009 (UTC)Reply[reply]

Goverment sites[edit]

Are goverment sites required to have a privacy policy? —The preceding unsigned comment was added by Frap (talkcontribs) .

It surely depends on the government. Broadly speaking, in Europe, if personal data is going to be processed then the individual has certain rights to be notified about the purposes it will be used for. This does not usually include IP address (web browsing logs), because they are not usually related to the individual. However if personal information is being gathered then the individual should be notified. The Privacy Policy is the most common means of doing this, but equally valid is to let them know at the point of data entry. In Europe, to the best of my knowledge, there is no additional requirement for government sites. -- zzuuzz (talk) 22:48, 23 June 2006 (UTC)Reply[reply]


A privacy policy might talk about e-mail spam, mailing-lists, opt-in/opt-out, if use SSL, logs, data retention, links to other sites, etc...? -- Frap

In my experience, a privacy policy is highly unlikely to mention spam. It is common to mention whether details will be passed to third parties, and/or used for marketing. And to provide information about opt-outs (in some cases this is a legal requirement). Logs and data retention will normally be covered - but not always SSL. Cookies are also mentioned often. -- zzuuzz (talk) 22:50, 23 June 2006 (UTC)Reply[reply]

Seeking Good and Bad terms for analysing privacy policies[edit]

Considering most privacy policies are fairly lengthy, and take at least a good few minutes to read. Many policies are not easilly comprehendable, and require some thought.

A feature I saw in the NetCaptor browser, called "privacy policy checker" seemed like a good attempt at providing a quicker method to determine the overall quality of a privacy policy from the user's point of view; ie, if the site would respect or abuse personal data.

As NetCaptor is now quite out-dated, and no longer actively developed, I'm planning to create an extension for Mozilla Firefox to analyse a site's privacy policy. The approach used by NetCaptor was to highlight the good and bad terms on the privacy policy page of a site, to give the user an overall idea of the quality of the policy at a glance.

  • Firstly is this a good approach? - Are there better (more accurate) ways of analysing a privacy policy?
  • Secondly, if term-matching is a good approach, how or where would I get a list of good and bad terms for privacy policies?

Obviously I could use the data from NetCaptor, but I'm concerned about copyright issues, and the data being out-dated; I'd rather do a good job than just slap something together. Any thoughts would be appreciated. -- Lee Carré 02:34, 15 May 2007 (UTC)Reply[reply]

Is information associated with your computer "personal information"[edit]

Observe the following cleverness in the Adobe Flash Terms of Service:

14.4 Settings Manager. Use of the Web Players, specifically the Flash Player, will enable the Software to store certain user settings as a local shared object on a your Computer. These settings are not associated with you, but allow you to configure certain settings within the Flash Player...

This statement "not associated with you" seems to indicate a telling loophole in virtually any privacy policy currently in existence. A policy could assure you that there are some limits on how personally identifiable information/personal information will be shared, but it or any other program can put information outside of the "accounts" on the PC (registry, windows directory, top-level directories etc), and then it isn't personal? Wnt (talk) 15:14, 5 February 2008 (UTC)Reply[reply]

Criticism of the practice?[edit]

I'd personally like to see a section that provides the views of respected people in the field about the practice of having a Privacy Policy. I've had several banks and service providers include one to give the illusion of privacy and anonymity, when in reality the fine print explains that they'll be selling or sharing my information with "their partners" (which ends up being any third party company that makes an agreement with them). I feel it's another way for companies to bury their customers in more legalize than they know they're going to stay up-to-date on, just so that they can reduce the liability associated with selling their customer's information without direct authorization.-- (talk) 12:05, 21 July 2009 (UTC)Reply[reply]

We can probably get this from, e.g., Privacy International, or the other policy organizations mentioned in-article.--Elvey (talk) 21:16, 5 November 2009 (UTC)Reply[reply]

Privacy Policy Wiki home neededFOUND[edit]

"Major web site policy (Privacy, ToS, etc) 'diff'able archive wiki:"

There should be a website that hosts a MediaWiki installation that hosts major websites' privacy policies. The diff feature of MediaWiki would is the reason I think it's a good tool for this. Let's discuss. Discussion topics below. --Elvey (talk) 20:46, 5 November 2009 (UTC)Reply[reply]

Wiki scope discussion[edit]

I would propose that the scope be the privacy policy of any product, company or website that has a wikipedia article. Possibly, this could be expanded to any one with a mention on wikipedia. This could be enforced by a deletion bot. So, for example, iTunes would have an entry. The history would be viewable, showing what has changed from version to version.

Wiki location discussion[edit]

Such content falls outside the scope of en.wikipedia. It's not allowed at wikisource, which doesn't allow fair use (perhaps an exception could be made, but I doubt it would happen). I think it could be a WikiMedia site, or a Wikia site. Perhaps someone's already doing this?

Wiki legality discussion[edit]

I'm thinking that this republication would be protected as 'fair use', even though the entire privacy policy would be reproduced.

  1. The purpose would be for educational purposes, specifically commentary, evaluation and criticism, and nonprofit, if a nonprofit such as WikiMedia (but not Wikia) hosted it.

The Betamax case established that sometimes copying an entire work is fair use.

  1. Authors would be unable to prove economic harm, as the policies are always already freely published, and generally have little to no original content.
Found! The EFF has something called TOSback. [1]. We should probably mention it in the article.--Elvey (talk) 08:18, 12 November 2009 (UTC)Reply[reply]
Maybe the EFF or Wikispaces would host such a wiki. Investigating. --Elvey (talk) 18:24, 26 October 2010 (UTC)Reply[reply]
Wikispaces' Adam was friendly to the idea, and seems fine. Hopefully the EFF won't mind me calling it --Elvey (talk) 21:28, 27 October 2010 (UTC)Reply[reply]

Edit for law school class project[edit]

Updated entire page as part of Eric Goldman's Internet Law class. Very broad and needs a lot of detail. --Jtraub00 (talk) 22:42, 2 December 2009 (UTC)Reply[reply]

Edit for Masters of Information INF 1001, University of Toronto[edit]

The definition of privacy policy lacks citation. I am considering a new definition with proper citation to enhance the quality of the article. lmcm01 —Preceding undated comment added 01:31, 21 October 2011 (UTC).Reply[reply]

Yeah i think i'm going to add a Canadian interpretation section. I'll try to get some pictures as well. (Kanesham 16:31, 21 October 2011 (UTC)) — Preceding unsigned comment added by Kanesham (talkcontribs)

This page is very loosely linked with privacy law.(Kanesham 17:52, 21 October 2011 (UTC)) — Preceding unsigned comment added by Kanesham (talkcontribs)

Another consideration to improve the article could be to fuse the Current enforcement in the United States and Applicable US law sections. Any thoughts on this? lmcm01 21 October 2011 —Preceding undated comment added 22:08, 21 October 2011 (UTC).Reply[reply]

I added a little bit more content to your definition, good job by the way it is a much better definition. I tried to cite your McCormick, Michelle's book, in a linkable form, like some of the articles on the main page had done but for some reason Wikipedia is telling me there is no Institute of Chartered Accountants of British Colombia website (the publisher). I tried to paste the url in as well but there was no luck there either. If you want to try it out, check out my formatting for my citation and just base it on that [2]. I don't think i'm going to be able to get any pictures. Finally the last thing i wanted to mention is, i'm not sure if you know how to get a distinguished Wikipedian to comment on our article, I'll try looking around for people. If you can too it would be good, the more people the merrier. (Kanesham 16:31, 27 October 2011 (UTC)) — Preceding unsigned comment added by Kanesham (talkcontribs)

I had issues with pasting the URL as well, and just decided not to include it. Your additions to the definition were good as well. The more input and collaboration the better. I will look around for a distinguished Wikipedian as well.Lmcm01 (talk) 18:21, 27 October 2011 (UTC)lmcm01Reply[reply]

Did some more editing as well, tried to get it into a more coherent flow. (Kanesham 20:03, 27 October 2011 (UTC)) — Preceding unsigned comment added by Kanesham (talkcontribs)

I've received the following comment on my user talk page:

Hello! I have reviewed the edits made to privacy policy. Your edits are mostly beneficial, though I would make two small suggestions: first, the title of the article is usually bolded in the first line. Second, and more importantly, please don't use simple URLs as references. Web citations should include at minimum the URL, title, author/publisher, and date you accessed the source. If you like, you can use the {{cite web}} template for this purpose. Nikkimaria (talk) 14:48, 28 October 2011 (UTC)

I addressed her first criticism, the latter, i think she's referring to your citation. The broken link can be accessed from my user talk page. (Kanesham 19:27, 28 October 2011 (UT

I edited the URL citation, and re-worked the defintion to have a better flow. It was a bit repetitive before and there were a few typos. I also forgot to log in for that edit. This whole thing is quite the learning experience! Lmcm01 (talk) 14:03, 29 October 2011 (UTC)Lmcm01Lmcm01 (talk) 14:03, 29 October 2011 (UTC)Reply[reply]

Orphaned references in Privacy policy[edit]

I check pages listed in Category:Pages with incorrect ref formatting to try to fix reference errors. One of the things I do is look for content for orphaned references in wikilinked articles. I have found content for some of Privacy policy's orphans, the problem is that I found more than one version. I can't determine which (if any) is correct for this article, so I am asking for a sentient editor to look it over and copy the correct ref content into this article.

Reference named "ReferenceA":

I apologize if any of the above are effectively identical; I am just a simple computer program, so I can't determine whether minor differences are significant or not. AnomieBOT 17:25, 18 October 2014 (UTC)Reply[reply]


Anuhiman (talk) 17:35, 20 August 2017 (UTC)Reply[reply]

Ok Anuhiman (talk) 17:35, 20 August 2017 (UTC)Reply[reply]

Delete or keep an index to this subject?[edit]

This week there's discussion about whether to delete or keep the Index of Articles Relating to Terms of Service and Privacy Policies, which I created in early August. That index helps readers find:

  • this article
  • articles on different aspects of privacy policies
  • articles which cover privacy at specific companies

Wikipedians are welcome to improve the index, and/or discuss if it should be deleted or kept available. Numbersinstitute (talk) 16:49, 13 September 2017 (UTC)Reply[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 5 external links on Privacy policy. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 22:15, 12 January 2018 (UTC)Reply[reply]

Description was misleading[edit]

First paragraph, second sentence, read:

 "It fulfils a legal requirement to protect a customer or client's privacy."

What legal requirement? The statement implies that merely having a policy statement is sufficient to fulfillment of some undefined legal requirement. It does not. What if the policy literally states "Our policy is to share all information we can gather about you, no matter where you are from, or what you think your rights are"?

Legal requirements are a matter of law, which varies; depending on the locations of, and agreements between the involved parties and their respective governments. A policy statement, is nothing more than a statement of intent, and may or may not be binding under any particular law. When it comes to legal requirements around privacy, a policy statement may or may not be one small part of those requirements. Whether any written policy fulfills those requirements is another matter entirely.

It's been my experience that most of the published privacy policies I've read, are rather wordy descriptions of all the ways the site specifically does not protect my privacy. Let's not continue to propagate the myth, that a privacy policy, indicates that a site has any concern for their viewer's actual privacy.

JwD (talk) 17:25, 11 February 2020 (UTC)Reply[reply]

  • Agree. The Criticism section covers some of this. The Technical implementation section implies P3P and ICRA are helpful, but both are defunct. TOSBack shows wording changes, without content analysis. Wikipedia has many articles on companies, which summarize issues in their privacy policies, sometimes with comparisons of companies in the same field. This practice would be good to expand. Descriptions of general patterns are useful as far as they go, but information on individual companies and industries is more helpful. The articles on individual companies are an appropriate place to put it: Index of articles related to terms of service and privacy policies. Numbersinstitute (talk) 19:35, 11 February 2020 (UTC)Reply[reply]

Privacy Policy vs Privacy Notice[edit]

There seems to be some confusion here, conflating a Privacy Policy with a Privacy Notice. The two are related, but not the same.

The Privacy Policy records the decisions made by the management and is an internally facing document. The Privacy Notice is an externally facing document that tells customers, visitors, etc, what they need to know about the organization's Privacy Policy, procedures, and anything else relevant.

Can we separate those concepts from one another in the article? — Preceding unsigned comment added by LewisEisen (talkcontribs) 19:39, 7 April 2020 (UTC)Reply[reply]

Wikipedia Ambassador Program course assignment[edit]

Wikipedia-Ambassador-Program-Logo.png This article is the subject of an educational assignment at University of Toronto supported by WikiProject Wikipedia and the Wikipedia Ambassador Program during the 2011 Fall term. Further details are available on the course page.

The above message was substituted from {{WAP assignment}} by PrimeBOT (talk) on 15:54, 2 January 2023 (UTC)Reply[reply]