Most of you would be well aware of the increasing intrusion of online tracking and that selling users’ data has become more and more lucrative. It’s why more and more users are becoming more and more privacy-conscious. But how can we trust that claims of enhanced privacy are honest when there have been numerous instances of these companies/services betraying users’ trust?
Prime examples are when the popular site ratings browser extension Web Of Trust (WOT) was caught out harvesting users’ browsing histories and selling them to third parties. And, more recently, when it was discovered that DuckDuckGo, the search engine that bills itself as the “the internet privacy company” with claims of zero tracking, made an exception for its business partner Microsoft to allow advertising trackers.
Privacy Policies Explained
Now, in some countries, privacy policies are legally binding but certainly not in all, and this distinction makes a world of difference. In countries where privacy policies are legally binding, the terms and conditions can be relied upon to be truthful and accurate. That’s because legislation ensures that any company caught publishing false claims or in violation of its terms and conditions faces dire consequences, potentially resulting in criminal charges and a class action suit costing that company millions of dollars.
Legally Binding Privacy Policies
Obviously, I have neither the time nor resources to research the legal standing of privacy policies in every country but I have ascertained the following:
- U.S.A – Not Legally Binding: online privacy in the U.S. is not heavily legislated and, as such, privacy policies are not generally legally binding and, in many states, not even mandatory
- U.K. & Europe – Legally Binding: privacy legislation in the UK and Europe is among the most stringent in the world
- Australia – Legally Binding: online privacy in Australia is heavily regulated
- Canada – Legally Binding: online privacy in Canada is governed by the Personal Information Protection and Electronic Data Act (PIPEDA)
To clarify one aspect of privacy legislation, it is my understanding that if a company, no matter where it is based, conducts business in a foreign country then it is bound by the privacy legislation applicable in that country. If, on the other hand, a company has many foreign users but does not conduct business in the foreign country, then the privacy laws of the country where the company is based are applicable. A typical example would be when a company in (say) the U.S. has users in (say) Australia but does not conduct business in Australia, then U.S. privacy laws are applicable.
NOTE: “Conducting business” means maintaining offices and staff within that country.