Feeds

Web privacy bandits named and shamed

Spam merchants and credit card data dogs

  • alert
  • submit to reddit

High performance access to file storage

Internet sites are failing to either protect consumers privacy or adhere to international data protection laws.

A study of 751 sites by Consumers International, the global federation of 13 consumer organisations, reveals that many European and American Internet sites aimed at consumers fall woefully short of international standards on data protection.

The vast majority of sites gave users no choice about inclusion on mailing lists or having their name passed on to affiliates or third parties. More than two thirds of sites collect some sort of personal information from users, which would make it easy to identify and contact that person.

Worse still, only ten per cent of sites targeting children asked kids to get their parents' consent before giving personal information.

Despite tight European Union regulation, sites in Europe were found to be no better at being up-front about how users' data would be used than those in the US.

Many companies were found to flout EU legislation requiring them to give customers the option of insisting that their personal information is not divulged.

As part of the study, a team of researchers set up a set of online identities which were used to test the practice of some sites against their stated privacy policies. This part of the research only tested 17 US sites and 16 sites in Europe but it still threw up some interesting anecdotal evidence.

Three sites disregarded requests to be left off mailing lists. These were French book site lalibrairie.com, healthshop.com and UK wine retailer Berry Bros & Rudd, bbr.com. Among the sites that didn't give people any choice about receiving email were babyworld.co.uk, and US bookseller, harvard.com.

Another issue thrown up was over the security of credit card information sent online. In one case, US CD retailer cdworld.com sent out two emails requesting credit card confirmation be faxed to the company. This was not done but the order was processed anyway. UU T-shirt retailer 3tee.com sent an unencrypted email containing credit card information.

Consumers International is calling for government and regulators to take urgent action to adopt laws, rules and procedures to tighten up on privacy and establish a body that consumers can turn to for redress.

The organisation has provided a helpful five-point plan for people to protect themselves from misuse of private information in ecommerce. This includes: limiting disclosure of your personal information, using a separate email account for ecommerce activities, rejecting cookies planted on PCs by intrusive businesses, using privacy tools which allow users to surf anonymously and learning and applying your legal rights. ®

External links

Consumer International's report

Related stories

FTC clears DoubleClick of privacy invasion
Travelocity drops customers' pants in public
Europe warms to spam ban

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.