Europe is leading the way on online privacy. The EU's committee on data privacy, also known as the Article 29 Working Party, issued a guidance on corporate privacy notices late last year, calling for layered, easy to read privacy statements.
The move comes at a time when website privacy notices, written in obscure legalese, are doing little to reassure them to web users that their privacy is being adequately protected.
The guidance, which is not mandatory, is beginning to take hold as companies such as Microsoft and Proctor & Gamble have already rolled out revamped notices. Privacy statements are considered crucial in telling Internet users how their personal information will be used by companies. They explain whether data can be sold to third parties, for instance, and what the users' rights are in accessing or correcting data.
The working party coordinated with privacy experts and corporate leaders to call for layered privacy notices in which information is presented in three tiers: short, condensed and full. Each layer should contain certain relevant information, such as the full name of the Web site controller and the purpose for processing information, and users can click through from the short notice to the full notice, depending on their level of interest.
The plan calls for using straightforward, easy to understand language and authors of the guidance say that although the information is provided in a more succinct form the privacy statements should still be complete. These sort of multi-layered notices are also being examined by the Organization for Economic Cooperation and Development (OECD) and Asia Pacific Economic Cooperation (APEC), and advocates hope they will become the global standard for communicating privacy online.
It may help that some of the first companies to adopt layered notices, such as Microsoft and IBM, are global concerns that seek to offer consistent information across their various online properties.
Microsoft, for example, has already launched the layered privacy notices on its MSN sites in France, Germany, Belgium, Spain, the Netherlands and the UK and has plans to roll them out on other global sites, according to Peter Fleischer, Microsoft's director of regulatory affairs. IBM has layered notices on its European sites, as well as on its main US property.
But reader-friendly privacy notices are still relatively rare and it may take a while to compel companies to follow the new guidelines.
Proponents of the new notices argue that they are key to fostering a sense of trust in online business, as well as making citizens fully aware of their online rights.
The US and other countries have the same sort of concerns around improving online privacy, but consensus on a solution seems harder to come by.
"In Europe, unlike the U.S., the regulators have been focusing on the harmonisation of privacy notices for many years," Fleischer said. The US still has to negotiate a consensus with the various stakeholders, such as corporations, regulators and privacy groups, he added.
That said, certain U.S. groups such as financial services regulators are studying the layered notices and advocates hope that the standards will soon cover the worldwide Web.
"The layered notice is so compelling, it's inevitable they will be rolled out further," Fleischer said.