Internet privacy policies lacking

I was cruising around Independent Newspapers' stuff.co.nz Web site last week, and was pleased to notice the company has a link from its home page to a "Privacy Statement".

I was cruising around Independent Newspapers’ stuff.co.nz Web site last week, and was pleased to notice the company has a link from its home page to a “Privacy Statement”. Statements of privacy policy on Web sites are recommended by the Ministry of Consumer Affairs, but are sadly lacking from most.

So, a point for our publishing rivals. Then I clicked on the link, and was discomfited to see my action had immediately been reported to doubleclick.net, the online advertising distribution company recently under fire for collecting information about users without their knowledge. Doubleclick’s main purpose is to put banner ads in front of users of third-party Web sites who may be interested in the matter advertised. However, in the privacy statement on its own Web site, the company admits it collects a wealth of information automatically about the user.

“Your IP address … Information which DoubleClick can infer from the IP address includes the user's geographic location, company, and type and size of organization.

“Your domain type (i.e., .com, .net, or .edu.).

“Standard information included with every communication sent on the Internet. Information which DoubleClick can infer from this standard information includes your browser version and type (ie, Netscape or Internet Explorer), operating system (ie, windows or DOS), browser language (ie, Java or Unix), service provider (ie, MindSpring or AOL), your local time, etc.

“How you utilize the pages you visit within a DoubleClick client's site (e.g. which pages you view).”

None of this, according to DoubleClick, amounts to “personal” information.

On their advisory page to advertisers, however, they also claim to be able to target advertising by “personal interests”.

INL’s privacy statement likewise promises that “personalised” information about users will not be conveyed to third parties.

“We will share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person” INL says.

Yet Mark Wierzbicki, manager of the INL Web site, admits “I’m not aware of what details [DoubleClick] is grabbing.” He considers it unlikely that the company could identify a user from an IP number, since most ISPs in New Zealand assign IP numbers dynamically; one user may have different numbers, or different users the same number in different sessions.

But DoubleClick’s account of the information it supposedly can collect certainly raises concerns about local companies who use its services, while being required to adhere to the provisions of the New Zealand Privacy Act.

I’m not trying to pillory INL particularly; a large proportion of Web sites use doubleclick.net. But Wierzbicki’s remarks indicate a worrying lack of awareness of what is being done with the information these sites pass on.

In the wake of the recent full page ads by one Richard Poole, protesting against the alleged “brain drain” of New Zealanders overseas, student Juliet McVeagh complained that her name had appeared in a list of supporters and contributors to Poole’s protest lobby in a newspaper advertisement. All she had done, she says, was to email Poole requesting further information on his arguments.

Most of us receive plenty of “spam” in our email. A particularly irritating strain of it are the messages that insist they are not spam; the email is directed to you because you signed up on a Web site to receive it. This is usually complete piffle. I have never signed up to receive any information about cheap CDs from the US, from a client of the misleadingly named “optinmail.com”. Emails to the merchant bounce; emails to optinmail go unanswered. I have clicked on the “unsubscribe” link and told the merchant to take me off its list. No joy; the emails keep coming.

Another US merchant claims its messages are not spam because it abides by US anti-spam legislation. That legislation requires the merchant to provide usable return contact details in the email. No such information is provided. Again return email messages bounce.

New Zealand authorities can always claim to be powerless in the face of the activities of overseas Web site and email marketing operators. But when New Zealand operations look to be using these tactics or conniving in their use overseas, it’s time to insist the Privacy Commissioner do something about it.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]