Privacy-friendly and privacy enhancing

Generally privacy-aware but in need of improvement

Generally aware of privacy rights, but demonstrate some notable lapses
LEGEND
Serious lapses in privacy practices
Substantial and comprehensive privacy threats

Consultation Report: Race to the Bottom? 2007 Comprehensive consumer surveillance & entrenched hostility to privacy

Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Offers the choice to use
anonymous or
Privacy notice describes
pseudonymous profiles
some of processing
Webform access to and even informs No privacy enhancing Amazon has improved
practices. Previously Amazon has
email for those with Previously profiled and customers of a variety innovations apparent much over the years but
Does not discuss what Policy lacking in been reluctant to Customers may close
privacy problems. No shared profiles of of PET tools. though points to consumers should be
is done with No information readily information about how introduce privacy accounts, but only
Amazon postal address given. customers' purchasing Amazon Prime accounts privacy services from Notable lapses informed on how their
'clickstream' and available information is used to measures. Firm seems possible through an
Must be signed in as an habits. Signed up to offer greater services other companies. clicking, reading, and
'cookie data', i.e. profile customers. to have responded to email sent to Amazon.
account holder in order Safe Harbor. for an annual fee. Not No discussions of purchase habits are
whether Amazon tracks earlier problems.
to complain. mandatory and other techniques to profile. profiled and used.
usage, popularity, and
customers are not
then profiles.
penalised.

Tracks user movements

and use of resources.
Monitors which e-mails
you open and act upon.
Monitors searches and
Contact only available Leakage of search
how these searches Account-only access in
via email at Policy is relatively open engine data was
were acted upon. Closing account is many areas of site. No privacy enhancing
privacyquestions@aol.c about the fact that responded to poorly as Poor. Disclosed search No information readily
Keeps a track of history possible but nothing is Differentiates between innovations apparent
om (though with a No information readily there is personal though it was not data to U.S. available, though does Substantial
AOL of items purchased said about how long different users (e.g. though points to privacy
separate email address available information processing privacy invasive. Department of Justice use web beacons to Threat
across AOL services. personal data is kept Apple users are services from other
for Californians, at but is lacking in Investigations showed for research purposes. track users activities.
Supplements data from for aftewards. prevented from viewing companies.
CAPrivacyInfoAN@aol.c information about how. otherwise.
other firms. Collects IP view video content).
om.)
address and geographic
information.
Researches use of AOL
services, using cookies
and web beacons.

Opt-out process
Apple Computer, 1
available. Profiles use of music in
Infinite Loop, MS60-DR, Kept quiet on the
Shares data with other 'Ministore'. Vague privacy policy
Cupertino, California, potential watermarking
Weak. Repeated companies to "manage Mentions privacy does not address the
USA, 95014 No specification of the Very little information is of DRM-free iTunes
statements in policy and enhance customer enhancing precautions, advanced level of
Privacy policy last deletion period. Does available. Vague songs.
like: "As is true of most data". Collects May opt-out of some but no information on services offered by
updated in 2004. not consider itself privacy policy with an They did respond Problematic. Sought to Certain features of the
Web sites…" clickstream data. services. May not technologies. Apple. Could be quite
Numerous email responsible for data optimistic tone on data eventually to the disclose the names of Apple website will not Substantial
Apple Relatively quiet on Does not consider IP access free iTunes Uses cookies and "other promising if Apple was
addresses given based posted in forums, as a collection, but does not 'ministore' controversy. sources to bloggers' be available once Threat
information processing address as personal services without technologies" to track more open. Good that
on geographic region result is unlikely to explain whether there is Subject access requests stories. cookies are disabled.
issues. Member of information. registering. users. firm offers access to
including anonymise or delete at any profiling and are said to be available
Trust-e. Part of Safe Also collect Uses "pixel tags" to data subjects.
privacy@apple.com and any time. marketing activities? according to the policy,
Harbor. 'clickthrough' data. identify whether Responsiveness has
privacyeurope@apple.c by email.
Ministore collected list individuals have read been poor to date.
om
of music on home emails.
computers.
Data Protection Officer,
Use cookies to track Privacy policy is Rare in its openness
MC3 D1, Media Village,
movements. Declares in some cases relatively explicit about No evidence yet. about processing, what
201 Wood Lane, Explains how to opt-out No information readily Generally privacy
BBC Uses Nielsen and how long personal each cookie, describing Charge 10 GBP for for, and how to access
London, W12 7TQ and of cookies. available aware
SageMetrics cookies to information is kept. in detail. access to records. data and manage
email at
track readership. cookies.
dpa.officer@bbc.co.uk
Name, email address,
IP address, age,
Responded to concerns
Co-operates with Child hobbies, and interests Prior problems has led
Customer Support, about privacy problems
Online Exploitation and other content, such Inconsistencies in Can end membership. Company decides who to some innovation.
Bebo, Inc.142 Tenth No information readily (linked with child No information readily
Bebo Police in UK, after as photos. privacy policy. Lacks Can limit information can contact users based Notable lapses. Lack of information is
Street, San Francisco, available safety) but ensuring available
encountering problem Does not consider IP detail. available to people. on their age. problematic. User
CA 94103,USA access is limited to
cases. addresses as personal control increasing.
certain age groups.
information.
 Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
eBay Inc. Attn: Legal -
Uses web beacons.
Global Privacy Very responsive to Can opt out of
A lot of the cookies are Good responsiveness.
Practices, 2145 Information collection Remarkable level of privacy concerns: marketing and Can gain access to
No information readily only session cookies. Generally privacy Web beacons and lack of
eBay Hamilton Avenue, San Member of Trust-e. from other companies information about how changed practice to advertising. Can reject much information
available Anonymised or de- aware information on retention
Jose, California 95125; included. data is shared. allow for customer cookies though may without authenticating.
identified information is detracts from score.
and via a customer account deletion. have some effects.
shared.
form
Earlier concerns about
Unable to fully opt out
data matching, data
of controversial 'news
mining and transfers to
feed' services.
other companies. Purports to have two Problematic track
Cookies can be blocked.
Collects data from principles: 1. you have In 2005 a number of history. Uses data from
Many are session
156 University Avenue, 'other sources', Has responded to some control over personal profiles were 'other sources', and has
Member of Trust-e. cookies.
Palo Alto, CA 94301; including newspapers, No information readily Basic privacy policy. (of many) concerns information. 2. you downloaded to prove No information readily Substantial not maintained strong
Facebook Signed up to safe
and blogs, instant available about security and have access to info weak security. available Threat security mechanisms.
harbor. Profiles are only
privacy@facebook.com messaging services, privacy. others want to share. Does not accept liability Does not inform on
accessible based on
and other users of the But track history for security. measures being taken
privacy settings, though
Facebook service indicates otherwise. now to protect data.
name and profile-photo
through the operation
is available to all.
of the service (e.g.
'photo tags').
Itemises information
types collected through
No specific privacy consent and without User may chose to
contact point. General consent (e.g. IP share with 'friends',
Insufficient information
address is given as address). 'friends of friends', and Access to personal
Rejecting cookies may to draw compelling
Friendster, Inc. Promises not to share No information readily Open privacy policy, 'anyone', including non- information is said to be
Friendster prevent access to Notable lapses conclusions. Lack of
568 Howard Street personally identifiable available though vague at times. Friendster members. limited even to
website. main point of contact is
San Francisco, CA information with third Some profile employees.
problematic.
94105 parties. information is shared
Fax: (415) 618-0074 with everyone.
Third party cookies are
possible.
Describes data
collected. IP addresses
are not considered
personal
information.
Customers have a right Track history of ignoring
Opt-out possible for
Generally poor track Privacy mandate is not to amend personal privacy concerns. Every
They do not believe some services.
Privacy Matters, c/o Vague, incomplete and record of responding to embedded throughout details held by Google corporate announcement
Rejected access to data that they collect Will utilise Doubleclick's
Google Inc, 1600 Unclear but has stated possibly deceptive customer complaints. the company. but does not involves some new
by U.S. Justice sensitive information. Some services may not "Dynamic Advertising
Amphitheatre Parkway, 18-24 months as privacy policy. Ambivalent Techniques and allow search history to practice involving
Department for work well without Reporting & Targeting"
Google Mountain eventual outcome. Document fails to attitude to privacy technologies frequently be removed. Most Hostile to Privacy surveillance. Privacy
research Do sometimes track cookies. May access (DART)
View CA 94043 (USA). Log history is retained explain detailed data challenges (for rolled out without services do not permit officer tries to reach out
purposes. Member of links clicked upon. essential resources advanced profiling
Policy not updated since after this period. processing elements or example, complaints to adequate public user access but no indication that
Safe Harbor. without account but system.
2005. information flows. EU privacy consultation to specific or this has any effect on
Shares information with when account is created
regulators over Gmail). (e.g. Street level view). aggregated disclosure product and service
consent, or to it is sticky.
or tracking data. design or delivery.
companies
(subsidiaries,
affiliated companies,
trusted businesses or
persons).
User can identify what
Collects gender, date of information is available Preposterous use of
birth, and ZIP. to members vs. non- advertising technique
General Counsel, hi5
Track users with cookies Relatively blatant about Poor. Clicking on members. All visitors can see (pop-up window) when
Networks, Inc., 455
and by IP addresses. No information readily some processing but Privacy Policy opens up Can view other users' public content on server No information readily Substantial clicking on privacy
Hi5 Market St., Suite 910,
Also tracks users available unnecessarily vague a pop-up window profiles without (do not need to be available Threat policy. Point of contact
San Francisco, CA
movements on site by about others. advertisement! notifying that user. registered). being a General Counsel
94105,USA.
monitoring click- Can opt-out of receiving leaves little confidence is
through data. some information. responsiveness.
May delete account.
 Company
Data Collection and
Company administrative Corporate Leadership
Processing
details
Email address is not
required to register.
Pseudonymous listening
habit data will be
available to other users.
May sell or licence lists,
but not personal data.
No personal information
collected regarding
transactions with third
No contact information sites.
given for specific access Monitors which songs
No information readily
Last.fm on privacy, though user listened to, whether
available
is suggested to use skipped, etc.,
'feedback page'. recommendations to
other users
Does not process PII
relating to record
collection
Does not collect ZIP,
post code, city or
country unless user
explicitly shares.
Regards IP addresses
as anonymous.
Claim that email
addresses of friends
that user includes are
only used for inviting
LinkedIn Corporation,
those friends, and
Attn: Privacy Policy May close account and
sending reminders.
Issues, 2029 Stierlin Members of Trust-e and then data may be
LinkedIn Use cookies and web
Court, Mountain View, Safe Harbor. deleted (but not
beacons. Permits third-
CA 94043 or necessarily).
party cookies and
privacy@linkedin.com
beacons.
Shares information with
other companies "for
specific services".
Openness and
Data Retention
Transparency
Thorough privacy
policy.
Privacy policy outlines
some situations where
information is used but
could be more explicit.
Privacy Enhancing or Initial
Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Invading Innovations Assessment
More openness on how
Can identify users and
to appeal would help
what they are listening
Appear to be willing to case. Explicit use of
to without
issue a new user name Appears to collect only anonymised data is
authenticating. Generally privacy
or password if account aggregate data when promising, though more
Session cookies only. aware
anonymity has been possible. detail on how this is
Turning off cookies will
destroyed. done technologically
inhibit 'a significant
would increase
proportion' of access.
confidence.
"Any sensitive
Some level of user
information that you
control over Users within three Use of email addresses
provide will be secured
information, e.g. degrees of a network of non-users and
with all industry
friends' information is can see profile beacons is questionable.
standard protocols and
not accessible to others information. Only Accessibility of personal
technology" Notable lapses
without permission. direct connections can profiles could be better
Use web beacons to
Can opt-out of public see email address. managed. Can close
profile and advertise by
profile. Public profile is account but only via
general profile, e.g.
May close account but viewable by non-users. email.
business managers in
only via email.
Texas.

Describes how and why

information is collected,
More clarity about
including IP addresses.
privacy enhancing
IP addresses may be
Clear and simple innovations is needed.
given to other journal Allows account closure, Uses "physical,
privacy@livejournal.co privacy policy. Account closure is Generally privacy Lax attitude towards IP
LiveJournal owners within though keeps some electronic, and
m Have a procedure for possible. aware addresses is
LiveJournal. information. procedural safeguards".
data security breaches. problematic. Good to
However IP addresses
have procedure on data
are not considered
breaches.
sensitive for marketing.

May combine personal More information on

Privacy has now been
information derived retention is required.
Established elaborate embedded throughout
from a spectrum of MS Lacks adequate detail of Improved level of Easily accessible and Extremely poor privacy Policy is too basic
privacy reporting and all stages of the design MS Passport is used
services. Shares retention periods, data responsiveness to navigable account design of Windows despite application to a
Microsoft Privacy, awareness regime process across services, though
information to partners flows and targeting privacy concerns and management pages. Genuine Advantage number of services.
Microsoft Corporation throughout the No information readily for MS products, though not required for some
Microsoft (subsidiaries, affiliated techniques. When customer feedback, Little information (WGA) and Passport. Serious Lapses Have embedded privacy
One Microsoft Way company. Developed available patchy management, services and level of
companies, trusted pushed, has been open though continues to be available on accessing Strong privacy design into many product and
Redmond, WA 98052 the "laws of identity". oversight and reporting 'stickiness' is
businesses or persons). about some privacy dominated by a PR or deleting hidden data and principles in service designs, but
Member of Safe results insufficiently tested.
Permits third party problems. imperative. (logs etc). CardSpace. terrible track record,
Harbour and Trust-e. in notable failures such
advertisers to deploy including recent WGA
as WGA.
cookies. debacle.
 Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Explicit in collecting
name, email address,
and age; other profile
data including but not
limited to: personal
interests, gender, age,
education and
occupation.
Considers IP addresses
as non-identifying
A mixed bag, with some
information, to track
Tried to require strong protections and a
usage, and to share Users may block the
subpeonas before lot of ambiguities.
8391 Beverly Blvd, with third parties. Data receiving of myspace
handing over Email addresses and Problematic
#349, Los Angeles, CA is recorded for security No information readily Public profiles are no invitations by emailing No information readily
Myspace information to law user names are limited Notable lapses interpretation of IP
90048, and monitoring available longer mandatory. myspace with a subjet available
enforcement authorities in their disclosure. addressing data.
privacy@myspace.com purposes. 'block'.
(on suspected sex Invitation recipients can
May opt-out of
offenders). opt-out. Account
receiving service
deletion is unclear.
information.
Email addresses are
kept, particularly for
invitations, though
recipients of invitations
can contact myspace to
have email address
removed.
Allow cookies and third
party cookies.
No Orkut-specific
Must have a Google privacy contact
Account, including information. Limited
Can delete account,
email address. privacy policy. Account
Privacy Matters , c/o completed within 48
Possible profile deletion good sign.
Google Inc. 1600 hours. Ethical challenges in
information: gender, Very limited privacy Invitees can choose to Must have a Google No information readily Checkered history in co-
Orkut Amphitheatre Parkway, Retain contents of blocking site from Serious Lapses
age, occupation, policy. not receive invites. Account. available operating with
Mountain View CA messages for access in Iran.
hobbies, and interests, governments. Requires
94043 (USA) indeterminate amount
plus other content, such registration to view
of time.
as photos information, but
registration applies
across Google services.
Collects at a minimum,
name, birth date,
gender, email address
and zip code
Uses real names.
Company will contact
users.
May "engage third Changes to policy are
Does protect email
parties to perform announced but if user Promising for use of
Poor. Admonished by privacy through a relay
Reunion.com, Inc., analysis or data continues to use site, email relaying. Data
businesses community system.
Attn: Privacy Policy processing of our they have consented to sharing is dangerously
No information readily for misleading Not accepting cookies Use 'technical, Substantial
Reunion.com Officer, 2118 Wilshire databases that involves the changes. vague. Tracking usage
available advertising practices to will limit access. administrative and Threat
Blvd. Box 1008, Santa access to this May transfer is problematic.
bring in new physical safeguards" to
Monica, CA 90403-5784 information in order to information if firm is Historical ethics
registrants. protect security of
better provide you with purchased. problems.
personal information.
the services for which
you joined"
Shares information with
other sites.
Tracks movements on
site and with partner
sites.
 Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Vague. At least deals
Registration not User profile data not
with the issue in part in
required. stored centrally on
the privacy policy
Invitation email server. Good promises on
without committing in No way to know if there
addresses are deleted Takes 'appropriate deleting invitation email
detail. are back doors in the
immediately upon Do not need to register organizational and addresses. Lack of
15, rue Notre Dame, L- Though for traffic data, software.
sending invitation. to use Skype Software, technical measures'; contact details is
2240 Luxembourg, commits to "erase Right to review data,
No communications Responded to concerns but registration may be authorised employees problematic. Lack of
Luxembourg and/or Traffic Data, or make correct, and delete
from skype other than about DRM and reading Poor. Co-operated with needed for particular only. openness about software
Skype Skype Communications Traffic Data anonymous, personal data, via email Notable lapses
messages about faults. motherboard Chinese government. services. Will take "appropriate capabilities is
S.A though no explicit as soon as it is no delete@skype.com
Shared with third information. Blocking cookies may technical measures to problematic. Deletion of
address given for longer needed for the Thorough privacy
parties for provision of inhibit personalised protect the traffic data is good
privacy concerns. purpose of the policy, but no contact
services. services. confidentiality of the statement though less
transmission of the information for
Cookies do not contain Communications ambiguity about role of
communication or for accountability.
identifying information. Content via its Skype laws would help.
billing purposes, unless
Third party cookies Software and VoIP
applicable law permit
exist. Services"
otherwise."
Can operate under
pseudonym, but if not,
then logs IP addresses
Raw logs are normally Lacking in some
for public view.
discarded after two information, such as
Recommends using Session cookies only,
No explicit contact, but weeks. Clear privacy policy, but contact details. Good
pseudonym. Fully accessible without and temporary log-in Generally privacy
Wikipedia policy says it was Unable to remove no main point of statement on retention
IP addresses are stored authenticating. cookies that expire aware
approved by Board. accounts. contact. policy, though unless
and can be seen by every 30 days.
Deleted 'content' is not there is a contact, this is
server administrators
in fact deleted. unverifiable.
and advanced users.
Data is combined to
investigate abuse.
IP addresses not
treated as personal Poor. Co-operated with
information. Chinese government.
Customised links are Unclear policy May use beacons to
Microsoft Privacy, Problematic use of
used to identify users. statement about future track messages sent by
Microsoft Corporation, personal information,
Voice messenger Unclear about what co-operation. Recent Anyone may review MS to determine
One Microsoft Way, User can designate who without clear statements
Windows Live Signed up to Trust-e service requires signing No information readily information is used for research hints at calendar information whether opened or Substantial
Redmond, Washington has access to which about retention. Uses
Space and Safe Harbor. up with Verizon. available and how long it is used profiling based on that is published for read. Threat
98052 · 425-882-8080, calendar data. almost every means to
Tracks all requests for for. search requests. public access. Beacons also used by
and webform is identify users and track
maps. Disclosed search data third parties to
available. movements.
Locations are logged to U.S. Department of aggregate statistics.
when service is used Justice for research
online. purposes.

Username, password,
email address, date of
birth. Email and
birthdate are not
necessarily disclosed if
user wishes.
Profile information is Invitation process could
By default information
optional. be better managed.
is shared widely, though Footprints' service allow
For invitations, Xanga Treatment of IP data is
Contactable through If account is shut down, can be controlled. Information available to users to watch visitors
may send multiple vague. Profiling is
webform for email Xanga site no longer Can control comments non-registered users. on his or her own site
invitations by email. Presumes consent by mentioned but more
Xanga interaction. accessible. on your section of the Blocking cookies may (username or Serious Lapses
Email addresses can be non-U.S. users. clarity is required.
Data may be archived, site, and whether limit access. geographic information
blacklisted to receive no Information should not
but offline. someone can be based on IP address).
further invitations. be shared by default.
blocked from
Logs IP data. May limit information
commenting.
Targets advertisements collected.
based on profile and
past activities. Third
party cookies are
possible as well.
May transfer data if
company is purchased.
 Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Registration process
can be combined with
data from other sources
(business partners and
other companies).
Information collected:
name, email, birthdate,
Vague privacy policy
gender, ZIP code,
prevents us from
occupation, industry,
understanding the
personal interests. May
dynamics of data
also ask for social May delete account but
Poor. Cooperates with Use 'physical, processing. Using
security for financial some information
governments with electronic, and information from other
services. retained, for 90 days.
Yahoo! Inc. Customer disclosure of procedural safeguards sources is highly
Collects transaction Log files are used —
Care - Privacy Policy Did not go out of its information, including Registration not that comply with problematic. Account
data, including after they are used they Overly broad and vague Substantial
Yahoo! Issues, 701 First Trust-e and safe harbor. way to respond to Chinese government. necessary for some federal regulations to closure possibility is
information about use are stored (but said to policy. Threat
Avenue, Sunnyvale, CA ethical concerns. Disclosed search data services. protect personal good (and honest
of financial products. be inaccessible).
94089, (408) 349-5070 to U.S. Department of information' statement about
Collects and stores No further information
Justice for research Also limit access to retention is relatively
information including IP on searches.
purposes. employees. positive). Lack of
addresses and cookies
information on search
related data.
and IP data is
Data can be shared for
problematic. Poor track
marketing purposes.
record.
Data will be transferred
if acquired.
Cookies (and third
party cookies) are used,
as are web beacons.
Opt-out of marketing
information.
Video, image, or other
content posted are not
considered personal
Considering the size of
information.
YouTube and its owners,
Use both session and
the vague information
persistent cookies, as Web beacons used to
about sharing of
well as web beacons. track usage, and uses
personal information
Monitors and tracks IP gifs in emails to track
with affiliated companies
logs. IP data not Media files, once Use of site is considered users.
leaves much to be
considered personal uploaded, can not be consent to U.S. law (no Has a policy for data "[U]ses commercially
Contact only available Blocked cookies may desired. Tracking email
YouTube data. modified. No safe harbor). breaches. reasonable physical, Serious Lapses
through a contact form. inhibit service. reading habits is
Data used to monitor information on deletion Data can be purchased managerial, and
problematic. Videos are
marketing effectiveness of other data. in event of sale. technical safeguards to
not considered personal
and track actions (e.g. preserve the integrity
information. Explicit
entries). and security of your
statement that 'consent'
Share personal personal information"
is presumed in
information with
transborder data flows is
subsidiaries, affiliated
questionable.
companies, or other
businesses and
persons.