privacy policies

A privacy policy is a statement that declares a firm's or website's policy on collecting and releasing information about a visitor. It usually declares what specific information is collected and whether it is kept confidential or shared with or sold to other firms, researchers or sellers.
The exact contents of a privacy policy will depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions. Most countries have their own legislation and guidelines of who is covered, what information can be collected, and what it can be used for. In general, data protection laws in Europe cover the private sector as well as the public sector. Their privacy laws apply not only to government operations but also to private enterprises and commercial transactions.

In 1995 the European Union (EU) introduced the Data Protection Directive  for its member states. As a result, many organizations doing business within the EU began to draft policies to comply with this Directive. In the same year the U.S. Federal Trade Commission (FTC) published the Fair Information Principles which provided a set of non-binding governing principles for the commercial use of personal information. While not mandating policy, these principles provided guidance of the developing concerns of how to draft privacy policies.

The United States does not have a specific federal regulation establishing universal implementation of privacy policies. Congress has, at times, considered comprehensive laws regulating the collection of information online, such as the Consumer Internet Privacy Enhancement Act and the Online Privacy Protection Act of 2001,but none have been enacted. In 2001, the FTC stated an express preference for "more law enforcement, not more laws"and promoted continued focus on industry self-regulation.

In many cases, the FTC enforces the terms of privacy policies as promises made to consumers using the authority granted by Section 5 of the FTC Act which prohibits unfair or deceptive marketing practices.The FTC's powers are statutorily restricted in some cases; for example, airlines are subject to the authority of the Federal Aviation Administration (FAA),and cell phone carriers are subject to the authority of the Federal Communications Commission (FCC).

In some cases, private parties enforce the terms of privacy policies by filing class action lawsuits, which may result in settlements or judgments. However, such lawsuits are often not an option, due to arbitration clauses in the privacy policies or other terms of service agreements.

Privacy policy in INDIA

The Information Technology (Amendment) Act, 2008 made signification changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.

In 2011, the Government of India prescribed the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 by publishing it in the Official Gazette. These rules require a body corporate to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information. Such a privacy policy should consist of the following information in accordance with the rules:

  1. Clear and easily accessible statements of its practices and policies;
  2. Type of personal or sensitive personal data or information collected;
  3. Purpose of collection and usage of such information;
  4. Disclosure of information including sensitive personal data or information;
  5. Reasonable security practices and procedures.

The privacy policy should be published on the website of the body corporate, and be made available for view by providers of information who have provided personal information under lawful contract.

Most websites make their privacy policies available to site visitors.  A privacy page should specify any personally identifiable information that is gathered, such as name, address and credit card number, as well as other things like order history, browsing habits, uploads and downloads.  The policy should also explain if data may be left on a user’s computer, such as cookies. According to best practices, the policy should disclose if data may be shared with or sold to third parties and if so, what the purpose is.

Know Us

Legal Services

Connect With Us on Facebook

Newsletter Subscription

*  Your Email Address: