Law.com posted an article, entitled “Keeping Promises: Online Privacy Policies,” that describes a settlement between the FTC and Gateway Learning, the sellers of “Hooked on Phonics.” To summarize the complaint, Gateway Learning posted in its privacy policy that it would not share customer information with outside parties. Gateway Learning, despite these promises, began renting personal information to marketers — including names, address, phone numbers, ages, and information about consumers’ children.

This practice is alarming, but it is also interesting to note that, as part of the settlement provisions, the FTC prohibits Gateway Learning from sharing any personal information collected unless they receive an “opt-in” consent from the consumer. I’ve been an emphatic advocate for the notion of “opt-in” to be not only common practice, but implemented in the form of legislation. Presently, some companies allow consumers to “opt-out” of sharing information with third parties, most don’t give you a choice at all, and rarely do they ever have an “opt-in” policy. Privacy shouldn’t be the burden of the consumer, it should be the de facto standard.

Unfortunately, most of the sites we analyzed in the healthcare domain have nearly identical policies to that of Gateway Learning. You can read more about this analysis in our paper: An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA.

This entry was posted by matthew () on Wednesday, October 27th, 2004 at 3:43 pm and is filed under Government Programs. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.