Web privacy bandits named and shamed

Spam merchants and credit card data dogs

Internet sites are failing to either protect consumers privacy or adhere to international data protection laws.

A study of 751 sites by Consumers International, the global federation of 13 consumer organisations, reveals that many European and American Internet sites aimed at consumers fall woefully short of international standards on data protection.

The vast majority of sites gave users no choice about inclusion on mailing lists or having their name passed on to affiliates or third parties. More than two thirds of sites collect some sort of personal information from users, which would make it easy to identify and contact that person.

Worse still, only ten per cent of sites targeting children asked kids to get their parents' consent before giving personal information.

Despite tight European Union regulation, sites in Europe were found to be no better at being up-front about how users' data would be used than those in the US.

Many companies were found to flout EU legislation requiring them to give customers the option of insisting that their personal information is not divulged.

As part of the study, a team of researchers set up a set of online identities which were used to test the practice of some sites against their stated privacy policies. This part of the research only tested 17 US sites and 16 sites in Europe but it still threw up some interesting anecdotal evidence.

Three sites disregarded requests to be left off mailing lists. These were French book site lalibrairie.com, healthshop.com and UK wine retailer Berry Bros & Rudd, bbr.com. Among the sites that didn't give people any choice about receiving email were babyworld.co.uk, and US bookseller, harvard.com.

Another issue thrown up was over the security of credit card information sent online. In one case, US CD retailer cdworld.com sent out two emails requesting credit card confirmation be faxed to the company. This was not done but the order was processed anyway. UU T-shirt retailer 3tee.com sent an unencrypted email containing credit card information.

Consumers International is calling for government and regulators to take urgent action to adopt laws, rules and procedures to tighten up on privacy and establish a body that consumers can turn to for redress.

The organisation has provided a helpful five-point plan for people to protect themselves from misuse of private information in ecommerce. This includes: limiting disclosure of your personal information, using a separate email account for ecommerce activities, rejecting cookies planted on PCs by intrusive businesses, using privacy tools which allow users to surf anonymously and learning and applying your legal rights. ®

External links

Consumer International's report

Related stories

FTC clears DoubleClick of privacy invasion
Travelocity drops customers' pants in public
Europe warms to spam ban

Sponsored: Designing and building an open ITOA architecture