- From: Chappelle, Kasey, VF-Group <Kasey.Chappelle@vodafone.com>
- Date: Fri, 9 Mar 2012 16:52:27 +0100
- To: "Karl Dubost" <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
You might find this information useful at this point in time, but I can
guarantee that if all privacy notices went into that degree of
specificity, it would do two things:
1. It would hamstring business development, since the notice would have
to be updated every time a new process was put in place, at a delay of
at least one month (30 days' notice for policy changes is customary).
2. It would go completely ignored by you and everyone else, since the
resulting notice would be so long and involved that no one would bother
reading it. Not only that, but whoever published such a notice would
likely be raked over the coals by regulators and advocates for hiding
the ball with such a long notice.
What those two sections mean is that they sell customer analytics and
they sometimes have joint services with partners who need to know who
you are and how to contact you. Since the first is combined data across
their entire user base, there's no real privacy impact on you
personally, but all the same regulators have started to ask that
companies that do so let their users opt out of participating. The
second potentially doesn't belong in a privacy notice since, as they
say, you're notified at the point where it occurs and you choose to
participate.
Rather than mandate that true privacy means disclosing more things,
let's focus on better ways to disclose only those things that are truly
meaningful.
-----Original Message-----
From: Karl Dubost [mailto:karld@opera.com]
Sent: 09 March 2012 15:40
To: public-privacy (W3C mailing list)
Subject: Understanding Terms and Services
There is a new tumblr like service which has started recently. I was
looking at the Terms and Services
https://about.jux.com/16863
It goes like this:
Sharing
We may share aggregated demographic information with our partners
and advertisers. This is not linked to any personal information
that can identify any individual person. We may partner with
another party to provide specific services. When the user signs up
for these services, we will share names, or other contact
information that is necessary for the third party to provide these
services. These parties are not allowed to use personally
identifiable information except for the purpose of providing these
services.
As a user it doesn't tell me anything useful that will help me assess
what is shared and how. I think it is one of the issues I have with the
current terms and services for many services. For example the sentence:
"This is not linked to any personal information that can identify any
individual person." This doesn't tell me anything. I would prefer to
know what information is shared and in which circumstances, and *then* I
could assess if it is personal information.
Another one "We will share names and other contact information". What is
other "contact information"?
And "are not allowed to use personally identifiable information"... What
are the provision you have put in place to check that they would not
breach that engagement, is there a regular audit made to do this.
Because basically, the company is asking to trust them in handling my
data with others, what can you tell me about the way you enforce this.
--
Karl Dubost - http://dev.opera.com/
Developer Relations, Opera Software
Received on Friday, 9 March 2012 15:53:29 UTC