As the players in the Internet economy today formed new alliances and demonstrated their commitment to self-regulation as an effective scheme to protect consumer privacy, a new report suggests that such measures aren't effective.
The study, "Surfer Beware II: Notice is Not Enough," from the Electronic Privacy Information Center (EPIC) shows that an attempt by the Direct Marketing Association to get members to abide by privacy guidelines has so far failed. According to EPIC's research, only a handful of the association's new members are observing the group's privacy practices.
"The Direct Marketing Association, after making a pitch for self-regulation and privacy, doesn't seem to be doing a very good job of getting new members to follow the rules," said EPIC's executive director, Marc Rotenberg.
"We were pretty unimpressed," he added.
The EPIC study examined the practices of recent members of the Direct Marketing Association. It found that of the 40 Web sites surveyed, only eight posted privacy practices.
"... And only two were half-way decent," Rotenberg said in an interview with Wired News. "Decent" practices, he said, would include the disclosure of how personal information is going to be used and offering the ability to correct inaccurate personal information.
Rotenberg said that the report indicates that industry self-regulation is inadequate to protect consumer privacy.
"It makes it too easy to ignore good privacy practices," he said.
The report arrives the same day as the emergence of The Online Privacy Alliance -- an industry group that, like Truste, which formed last year, aims to demonstrate to Washington that Web-site companies can be trusted to protect the privacy interests of consumers.
Rotenberg said that Truste has done a good job of getting high-profile sites and companies such as Microsoft (MSFT) to join and adhere to a posted privacy practices statement. However, he said, "They're also the first to admit that they've had a similar problem of getting larger numbers of Web sites to join."
Large numbers of actively participating sites are critical to such efforts, Rotenberg said, since "that's where the privacy policies come into play."
The best solution will probably be a combination of legislation and industry self-regulation, he said. "We think [the report] raises some doubt about self-regulation as a [sole] solution.
