Professional Documents
Culture Documents
Consultation Report: Race to the Bottom? 2007 Comprehensive consumer surveillance & entrenched hostility to privacy
Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Offers the choice to use
anonymous or
Privacy notice describes
pseudonymous profiles
some of processing
Webform access to and even informs No privacy enhancing Amazon has improved
practices. Previously Amazon has
email for those with Previously profiled and customers of a variety innovations apparent much over the years but
Does not discuss what Policy lacking in been reluctant to Customers may close
privacy problems. No shared profiles of of PET tools. though points to consumers should be
is done with No information readily information about how introduce privacy accounts, but only
Amazon postal address given. customers' purchasing Amazon Prime accounts privacy services from Notable lapses informed on how their
'clickstream' and available information is used to measures. Firm seems possible through an
Must be signed in as an habits. Signed up to offer greater services other companies. clicking, reading, and
'cookie data', i.e. profile customers. to have responded to email sent to Amazon.
account holder in order Safe Harbor. for an annual fee. Not No discussions of purchase habits are
whether Amazon tracks earlier problems.
to complain. mandatory and other techniques to profile. profiled and used.
usage, popularity, and
customers are not
then profiles.
penalised.
Opt-out process
Apple Computer, 1
available. Profiles use of music in
Infinite Loop, MS60-DR, Kept quiet on the
Shares data with other 'Ministore'. Vague privacy policy
Cupertino, California, potential watermarking
Weak. Repeated companies to "manage Mentions privacy does not address the
USA, 95014 No specification of the Very little information is of DRM-free iTunes
statements in policy and enhance customer enhancing precautions, advanced level of
Privacy policy last deletion period. Does available. Vague songs.
like: "As is true of most data". Collects May opt-out of some but no information on services offered by
updated in 2004. not consider itself privacy policy with an They did respond Problematic. Sought to Certain features of the
Web sites…" clickstream data. services. May not technologies. Apple. Could be quite
Numerous email responsible for data optimistic tone on data eventually to the disclose the names of Apple website will not Substantial
Apple Relatively quiet on Does not consider IP access free iTunes Uses cookies and "other promising if Apple was
addresses given based posted in forums, as a collection, but does not 'ministore' controversy. sources to bloggers' be available once Threat
information processing address as personal services without technologies" to track more open. Good that
on geographic region result is unlikely to explain whether there is Subject access requests stories. cookies are disabled.
issues. Member of information. registering. users. firm offers access to
including anonymise or delete at any profiling and are said to be available
Trust-e. Part of Safe Also collect Uses "pixel tags" to data subjects.
privacy@apple.com and any time. marketing activities? according to the policy,
Harbor. 'clickthrough' data. identify whether Responsiveness has
privacyeurope@apple.c by email.
Ministore collected list individuals have read been poor to date.
om
of music on home emails.
computers.
Data Protection Officer,
Use cookies to track Privacy policy is Rare in its openness
MC3 D1, Media Village,
movements. Declares in some cases relatively explicit about No evidence yet. about processing, what
201 Wood Lane, Explains how to opt-out No information readily Generally privacy
BBC Uses Nielsen and how long personal each cookie, describing Charge 10 GBP for for, and how to access
London, W12 7TQ and of cookies. available aware
SageMetrics cookies to information is kept. in detail. access to records. data and manage
email at
track readership. cookies.
dpa.officer@bbc.co.uk
Name, email address,
IP address, age,
Responded to concerns
Co-operates with Child hobbies, and interests Prior problems has led
Customer Support, about privacy problems
Online Exploitation and other content, such Inconsistencies in Can end membership. Company decides who to some innovation.
Bebo, Inc.142 Tenth No information readily (linked with child No information readily
Bebo Police in UK, after as photos. privacy policy. Lacks Can limit information can contact users based Notable lapses. Lack of information is
Street, San Francisco, available safety) but ensuring available
encountering problem Does not consider IP detail. available to people. on their age. problematic. User
CA 94103,USA access is limited to
cases. addresses as personal control increasing.
certain age groups.
information.
Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
eBay Inc. Attn: Legal -
Uses web beacons.
Global Privacy Very responsive to Can opt out of
A lot of the cookies are Good responsiveness.
Practices, 2145 Information collection Remarkable level of privacy concerns: marketing and Can gain access to
No information readily only session cookies. Generally privacy Web beacons and lack of
eBay Hamilton Avenue, San Member of Trust-e. from other companies information about how changed practice to advertising. Can reject much information
available Anonymised or de- aware information on retention
Jose, California 95125; included. data is shared. allow for customer cookies though may without authenticating.
identified information is detracts from score.
and via a customer account deletion. have some effects.
shared.
form
Earlier concerns about
Unable to fully opt out
data matching, data
of controversial 'news
mining and transfers to
feed' services.
other companies. Purports to have two Problematic track
Cookies can be blocked.
Collects data from principles: 1. you have In 2005 a number of history. Uses data from
Many are session
156 University Avenue, 'other sources', Has responded to some control over personal profiles were 'other sources', and has
Member of Trust-e. cookies.
Palo Alto, CA 94301; including newspapers, No information readily Basic privacy policy. (of many) concerns information. 2. you downloaded to prove No information readily Substantial not maintained strong
Facebook Signed up to safe
and blogs, instant available about security and have access to info weak security. available Threat security mechanisms.
harbor. Profiles are only
privacy@facebook.com messaging services, privacy. others want to share. Does not accept liability Does not inform on
accessible based on
and other users of the But track history for security. measures being taken
privacy settings, though
Facebook service indicates otherwise. now to protect data.
name and profile-photo
through the operation
is available to all.
of the service (e.g.
'photo tags').
Itemises information
types collected through
No specific privacy consent and without User may chose to
contact point. General consent (e.g. IP share with 'friends',
Insufficient information
address is given as address). 'friends of friends', and Access to personal
Rejecting cookies may to draw compelling
Friendster, Inc. Promises not to share No information readily Open privacy policy, 'anyone', including non- information is said to be
Friendster prevent access to Notable lapses conclusions. Lack of
568 Howard Street personally identifiable available though vague at times. Friendster members. limited even to
website. main point of contact is
San Francisco, CA information with third Some profile employees.
problematic.
94105 parties. information is shared
Fax: (415) 618-0074 with everyone.
Third party cookies are
possible.
Describes data
collected. IP addresses
are not considered
personal
information.
Customers have a right Track history of ignoring
Opt-out possible for
Generally poor track Privacy mandate is not to amend personal privacy concerns. Every
They do not believe some services.
Privacy Matters, c/o Vague, incomplete and record of responding to embedded throughout details held by Google corporate announcement
Rejected access to data that they collect Will utilise Doubleclick's
Google Inc, 1600 Unclear but has stated possibly deceptive customer complaints. the company. but does not involves some new
by U.S. Justice sensitive information. Some services may not "Dynamic Advertising
Amphitheatre Parkway, 18-24 months as privacy policy. Ambivalent Techniques and allow search history to practice involving
Department for work well without Reporting & Targeting"
Google Mountain eventual outcome. Document fails to attitude to privacy technologies frequently be removed. Most Hostile to Privacy surveillance. Privacy
research Do sometimes track cookies. May access (DART)
View CA 94043 (USA). Log history is retained explain detailed data challenges (for rolled out without services do not permit officer tries to reach out
purposes. Member of links clicked upon. essential resources advanced profiling
Policy not updated since after this period. processing elements or example, complaints to adequate public user access but no indication that
Safe Harbor. without account but system.
2005. information flows. EU privacy consultation to specific or this has any effect on
Shares information with when account is created
regulators over Gmail). (e.g. Street level view). aggregated disclosure product and service
consent, or to it is sticky.
or tracking data. design or delivery.
companies
(subsidiaries,
affiliated companies,
trusted businesses or
persons).
User can identify what
Collects gender, date of information is available Preposterous use of
birth, and ZIP. to members vs. non- advertising technique
General Counsel, hi5
Track users with cookies Relatively blatant about Poor. Clicking on members. All visitors can see (pop-up window) when
Networks, Inc., 455
and by IP addresses. No information readily some processing but Privacy Policy opens up Can view other users' public content on server No information readily Substantial clicking on privacy
Hi5 Market St., Suite 910,
Also tracks users available unnecessarily vague a pop-up window profiles without (do not need to be available Threat policy. Point of contact
San Francisco, CA
movements on site by about others. advertisement! notifying that user. registered). being a General Counsel
94105,USA.
monitoring click- Can opt-out of receiving leaves little confidence is
through data. some information. responsiveness.
May delete account.
Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Email address is not
required to register.
Pseudonymous listening
habit data will be
available to other users.
May sell or licence lists,
but not personal data.
No personal information
collected regarding More openness on how
Can identify users and
transactions with third to appeal would help
what they are listening
No contact information sites. Appear to be willing to case. Explicit use of
to without
given for specific access Monitors which songs issue a new user name Appears to collect only anonymised data is
No information readily Thorough privacy authenticating. Generally privacy
Last.fm on privacy, though user listened to, whether or password if account aggregate data when promising, though more
available policy. Session cookies only. aware
is suggested to use skipped, etc., anonymity has been possible. detail on how this is
Turning off cookies will
'feedback page'. recommendations to destroyed. done technologically
inhibit 'a significant
other users would increase
proportion' of access.
Does not process PII confidence.
relating to record
collection
Does not collect ZIP,
post code, city or
country unless user
explicitly shares.
Regards IP addresses
as anonymous.
Claim that email
addresses of friends "Any sensitive
Some level of user
that user includes are information that you
control over Users within three Use of email addresses
only used for inviting provide will be secured
LinkedIn Corporation, information, e.g. degrees of a network of non-users and
those friends, and with all industry
Attn: Privacy Policy May close account and Privacy policy outlines friends' information is can see profile beacons is questionable.
sending reminders. standard protocols and
Issues, 2029 Stierlin Members of Trust-e and then data may be some situations where not accessible to others information. Only Accessibility of personal
LinkedIn Use cookies and web technology" Notable lapses
Court, Mountain View, Safe Harbor. deleted (but not information is used but without permission. direct connections can profiles could be better
beacons. Permits third- Use web beacons to
CA 94043 or necessarily). could be more explicit. Can opt-out of public see email address. managed. Can close
party cookies and profile and advertise by
privacy@linkedin.com profile. Public profile is account but only via
beacons. general profile, e.g.
May close account but viewable by non-users. email.
Shares information with business managers in
only via email.
other companies "for Texas.
specific services".
Username, password,
email address, date of
birth. Email and
birthdate are not
necessarily disclosed if
user wishes.
Profile information is Invitation process could
By default information
optional. be better managed.
is shared widely, though Footprints' service allow
For invitations, Xanga Treatment of IP data is
Contactable through If account is shut down, can be controlled. Information available to users to watch visitors
may send multiple vague. Profiling is
webform for email Xanga site no longer Can control comments non-registered users. on his or her own site
invitations by email. Presumes consent by mentioned but more
Xanga interaction. accessible. on your section of the Blocking cookies may (username or Serious Lapses
Email addresses can be non-U.S. users. clarity is required.
Data may be archived, site, and whether limit access. geographic information
blacklisted to receive no Information should not
but offline. someone can be based on IP address).
further invitations. be shared by default.
blocked from
Logs IP data. May limit information
commenting.
Targets advertisements collected.
based on profile and
past activities. Third
party cookies are
possible as well.
May transfer data if
company is purchased.
Company
Data Collection and Openness and Privacy Enhancing or Initial
Company administrative Corporate Leadership Data Retention Responsiveness Ethical Compass Customer Control Fair Gateways Justification
Processing Transparency Invading Innovations Assessment
details
Registration process
can be combined with
data from other sources
(business partners and
other companies).
Information collected:
name, email, birthdate,
Vague privacy policy
gender, ZIP code,
prevents us from
occupation, industry,
understanding the
personal interests. May
dynamics of data
also ask for social May delete account but
Poor. Cooperates with Use 'physical, processing. Using
security for financial some information
governments with electronic, and information from other
services. retained, for 90 days.
Yahoo! Inc. Customer disclosure of procedural safeguards sources is highly
Collects transaction Log files are used —
Care - Privacy Policy Did not go out of its information, including Registration not that comply with problematic. Account
data, including after they are used they Overly broad and vague Substantial
Yahoo! Issues, 701 First Trust-e and safe harbor. way to respond to Chinese government. necessary for some federal regulations to closure possibility is
information about use are stored (but said to policy. Threat
Avenue, Sunnyvale, CA ethical concerns. Disclosed search data services. protect personal good (and honest
of financial products. be inaccessible).
94089, (408) 349-5070 to U.S. Department of information' statement about
Collects and stores No further information
Justice for research Also limit access to retention is relatively
information including IP on searches.
purposes. employees. positive). Lack of
addresses and cookies
information on search
related data.
and IP data is
Data can be shared for
problematic. Poor track
marketing purposes.
record.
Data will be transferred
if acquired.
Cookies (and third
party cookies) are used,
as are web beacons.
Opt-out of marketing
information.
Video, image, or other
content posted are not
considered personal
Considering the size of
information.
YouTube and its owners,
Use both session and
the vague information
persistent cookies, as Web beacons used to
about sharing of
well as web beacons. track usage, and uses
personal information
Monitors and tracks IP gifs in emails to track
with affiliated companies
logs. IP data not Media files, once Use of site is considered users.
leaves much to be
considered personal uploaded, can not be consent to U.S. law (no Has a policy for data "[U]ses commercially
Contact only available Blocked cookies may desired. Tracking email
YouTube data. modified. No safe harbor). breaches. reasonable physical, Serious Lapses
through a contact form. inhibit service. reading habits is
Data used to monitor information on deletion Data can be purchased managerial, and
problematic. Videos are
marketing effectiveness of other data. in event of sale. technical safeguards to
not considered personal
and track actions (e.g. preserve the integrity
information. Explicit
entries). and security of your
statement that 'consent'
Share personal personal information"
is presumed in
information with
transborder data flows is
subsidiaries, affiliated
questionable.
companies, or other
businesses and
persons.