Microsoft and the Electronic Frontier Foundation are proposing new ways to simplify how Web sites--particularly small ones with relatively few technical capabilities--create and post their privacy policies.
The initiative involves new Privacy Wizard tools, which are free to use for Web sites that wish to set up privacy policies, plus two standards-related initiatives before the World Wide Web Consortium (W3C).
Early next week Microsoft and Truste, a business-oriented privacy
organization, will post tools for creating privacy policies on the MSN LinkExchange Web site.
LinkExchange, which Microsoft purchased in November, provides
online tools, including an ad banner exchange, for small Net businesses.
"This makes it simple for small businesses and Web site owners to create a
a reliable trust infrastructure on the Internet," said Saul Klein, a
Microsoft group program manager.
Making a policy machine-readable means it can be read automatically by a
Web browser or search engine to determine whether a Web site's privacy
practices are acceptable to a user. No current browsers have that
Online privacy is a key concern of consumers, and last week a study from
trade group Information Technology
Association of America and Ernst &
Young named privacy as a top barrier to the growth of Internet
commerce. But only a small percentage of Web sites post privacy policies, and efforts to date have concentrated on larger companies.
The Microsoft-Electronic Frontier
Foundation initiatives come as the United States and the European Union are knocking heads over privacy policies. The Europeans demand legal protections on personal data, while the United States has argued that industry self-regulation should be given a chance.
"E-commerce and privacy go hand in hand," Tara
Lemmey, president of EFF, said in a statement. "Any Web site that collects
people's personal information has a responsibility to disclose how it is
using that information."
The Privacy Preferences Project (P3P), a standards effort overseen by the
W3C, is an industry effort to create a technology framework for communicating privacy policies no matter what the specific policies are.
"We've been very supportive of P3P," said Deirdre Mulligan, staff counsel of privacy advocates Center for Democracy and
Technology. "We think there's a real need that's different from the question of whether we need or don't need legislation."
Microsoft and EFF have submitted two privacy-related "notes" for changes to
P3P. One essentially takes the Privacy Wizard and submits it as a standard.
The second is a new "e-commerce data schema" that outlines privacy and security guidelines to make online buying safer for consumers. It calls for
Web sites to disclose how they will use e-commerce data collected from a shopper and to abide by online enforcement mechanisms such as Truste, BBBOnline, the European Union Data
Directive, and national laws.
The second e-commerce proposal was developed in conjunction with others,
The Microsoft-driven effort could conflict with new "digitalme" technology
that Novell unveiled last month. Based on Novell's
directory technology, the new tool would centralize information on a user's
access rights and privacy preferences so the same data wouldn't have to be
entered at each Web site. It would allow users to specify the information
a specific site can retrieve.