From: hichatizens [mailto:[log in to unmask]]
Sent: 11 December 2003 10:04
To: [log in to unmask]
Subject: [online-trust] Top UK sites 'fail privacy test'
Long way to go for privacy!
http://news.bbc.co.uk/2/low/technology/3307705.stm
Thursday, 11 December, 2003, 01:52 GMT
Most top UK websites are breaking new rules which require them to do
more to protect web users' privacy.
WebAbacus research found 98% do not give enough information about the
text files which track user movements, or provide a single-click
opt-out option.
"Companies are either not aware of the legislation, or are ignoring
it," said Ian Thomas from WebAbacus.
The Privacy and Electronic Communications Regulation, effective on
Thursday, also aims to control spam.
Cookies data
The Information Commissioner - the organisation which enforces the
regulations - was "very surprised" so many websites were not doing
what is required, even though these regulations have been on the
horizon for a long time.
"There should be transparency. People should know what is going on
with the information collected about them," Phil Jones, assistant
information commissioner, told BBC News Online.
SURVEY RESULTS
24%: No privacy policy
12%: Privacy policy, but no information about cookies
53%: Privacy policy, with information about cookies (might include
reference to blocking cookies through a browser)
8%: Privacy policy, with information about cookies and detailed
instruction blocking cookies through a browser
2%: Single click opt-out (compliant)
"People should recognise that the information collected is only benign
- but they should be alerted to the ways that data is going to be
used."
He added he hoped that the situation would improve "fairly quickly".
WebAbacus surveyed 90 of the UK's most popular websites on the day
before the rules came into force and found that 24% did not even have
any kind of privacy policy.
Only 2% were totally compliant with the rules.
Making them plain
Websites use cookies, small text files deposited on a website
visitor's computer, for different reasons.
They give websites a "memory", and are mainly used for identification
purposes, or remembering registration details. Others use them to
target returning visitors with relevant services and information.
Although usually benign, care needs to be taken to ensure
poorly-designed websites are not able to store confidential
information, like credit card numbers, on users' machines without any
encryption or security, according to Mr Thomas.
The rules on cookies, set out in regulation six of the new digital
privacy legislation, aim to ensure they are not misused.
What they are, their purpose and how to reject them should be
explained clearly, in non-technical language, say the rules.
"Users should not be concerned about websites that use cookies," Mr
Thomas said.
"Indeed, it is very difficult for websites to provide useful features
and services without cookies."
But he added there was "no excuse" for sites not to provide users with
a single click opt-out, because it is very simple to do.
Most of the legislation's focus is on the rules that try to curb spam,
which now accounts for more than half of all e-mail traffic.
Spam attack
The new laws are the UK's interpretation of the requirements of the EU
Directive on Privacy and Electronic Communications that demands member
states do more to combat spam.
The UK law tries to create a system that lets legitimate businesses
send direct e-mail to users but attempts to stop the scammers and
spammers by punishing them with fines.
Companies can send unsolicited mail to customers who have agreed to
receive it.
Unsolicited spam can be sent to companies, but it must have an opt-out
clause inside it.
Spam to consumers is banned.
Research by the Direct Marketing Association showed that 26% of
marketers are confused about the new directive and do not know what
impact it will have on their business.
Critics of the UK approach say the laws do not go far enough.
"The whole problem with these laws is that they are geared to spammers
being honest and respecting laws," said Steve Linford, founder of
anti-spam organisation The Spamhaus Project.
"And of course there are no honest spammers - the whole profession is
based on deceit."
Others pointed out that they will make little difference to the amount
of junk mail people receive.
Filtering firm Clearswift pointed out that the regulations only apply
to firms within Europe but the majority of unwanted - and offensive -
spam comes from the US.
Alyn Hockey, Clearswift's Director of Research, said it was
encouraging that the authorities recognised the growing irritation
with spam.
"But," he added, "what about all the mail emanating from abroad? It's
hardly going to discourage the spamming hardcore from peddling their
wares."
The fines that the regulations impose are also too light say critics.
Junk mailers face a fine of about £5,000 for sending unwanted mail.
Anti-virus and spam fighting firm Avecho said net service providers
could do much more to combat spam.
It proposes setting up a caller identification system for the net
similar to that operating on fixed phone lines.
The system would allow people to be verified online allowing spammers
to be traced spammers, or for their mail to be blocked if they refuse
to be identified.
Nick Scales, chief executive of Avecho, said net service firms could
set up a caller-ID type system very quickly and easily.
"All the infrastructure and databases are already there," he said,
"they just need configuring."
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|