1 / 21

Examining Privacy Practices of Israeli Public Websites

This research examines the application of the Privacy Act of 1981 among Israeli public websites, comparing the law with actual practices. Findings reveal low compliance levels and privacy practices exceeding legal requirements. The study also explores data security, user notice rights, and the implications of non-compliance.

jadyn
Download Presentation

Examining Privacy Practices of Israeli Public Websites

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Practices of Israeli Public Web SitesFebruary 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center of Law & Technology Supported by the Burda Center for Innovative Communications at Ben-Gurion University Birnhack & Elkin-Koren, Feb. 2004

  2. Regulation of Online Privacy • Law • Market forces • Technology • Is the law effective? • Law in the books vs. Law in action Birnhack & Elkin-Koren, Feb. 2004

  3. Research Goals • Examining the application of the Privacy Act of 1981 among Israeli Public Web Sites • Comparing the law with statements addressed to users (phase II: comparing the above with the actual practices) • Assessing the relevance of the law • Regulation of digital privacy • Regulation of digital environment Birnhack & Elkin-Koren, Feb. 2004

  4. Method of Research • Defining the scope of the research • Classification of sites according to practices: • Information Collectors • Non-Collectors • Privacy Policies: • Finding them…, and • Analysing them in light of legal requirements Birnhack & Elkin-Koren, Feb. 2004

  5. Scope: Israeli Public Web Sites • Home pages • no internal pages (http://haifa.ac.il/law) • no sub-sites (excludes geocities-like sites) • Israeli sites (<.il>) • Top third level domain • http://haifa.ac.il, not http://infosoc.haifa.ac.il/ • Active sites only (only about 50% active) • Sites operated by Public bodies and licensed ISPs Birnhack & Elkin-Koren, Feb. 2004

  6. Examined Populations Birnhack & Elkin-Koren, Feb. 2004

  7. Legal Requirements: Privacy Protection Act of 1981 • Database: • Collection of electronic information, with the exception of: • Personal collection • Communications data only • Obligation of Registration, if: • 10,000+ people, or • “sensitive information”, or • Information obtained by third parties, or • Public database, or • Direct marketing. Birnhack & Elkin-Koren, Feb. 2004

  8. Notice • S. 11 of the Privacy Act: • A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: • Is there a legal duty to provide the info.? • The purpose for which the info. is sought • Will the info. be disclosed to third parties? To whom? For what purpose? Birnhack & Elkin-Koren, Feb. 2004

  9. Results Birnhack & Elkin-Koren, Feb. 2004

  10. Results Birnhack & Elkin-Koren, Feb. 2004

  11. Results Birnhack & Elkin-Koren, Feb. 2004

  12. Notice • S. 11 of the Privacy Act: • A request aimed at a person, for the provision of information to be held in a database, should be accompanied with a notice: • Is there a legal duty to provide the info.? • The purpose for which the info. is sought • Will the info. be disclosed to third parties? To whom? For what purpose? Birnhack & Elkin-Koren, Feb. 2004

  13. The Content of Privacy Policies • 30% of Information Collecting Sites have a privacy policy of some sort • 75% do not indicate whether info. is collected • 60% did not indicate the purpose of the collection of info. • 90% did not indicate whether there is an obligation to provide info. Birnhack & Elkin-Koren, Feb. 2004

  14. Privacy Act of 1981 • S. 13: Right of Access • Data subject is entitled to access information about her held in database • S. 14: Right of Amendment • If information is inaccurate, subject has the right to require amendment Birnhack & Elkin-Koren, Feb. 2004

  15. Results • Number of sites which indicate the right of access and/or the right of amendment: ? 0 Birnhack & Elkin-Koren, Feb. 2004

  16. Data Security • S. 17 of the Privacy Act of 1981: • The owner of a database… is responsible for the security of the information stored in the database. Birnhack & Elkin-Koren, Feb. 2004

  17. Privacy Practices in Excess of the Act’s requirements • 21% of the sites which do not seem to collect information have a privacy policy • 70% of all sites, including sites which do not collect information, specifically announce that they secure the data. Birnhack & Elkin-Koren, Feb. 2004

  18. Summary of results • Low level of compliance • Low awareness • Vagueness of the concept of privacy • Enforcement failure • Privacy practices in excess of the Act: • Market forces • “law in action” • Future plans Birnhack & Elkin-Koren, Feb. 2004

  19. Other Countries • South Africa: Survey of top 100 sites: • 2/3 fail to comply fully with the law • -- Information Systems students, Cape Town University, AllAfrica.com, Sep. 7, 2003 • UK: Survey of 90 most popular websites: • only 2% were “totally compliant” with the Privacy and Electronic Communications Regulation • -- WebAbacus research, BBC News, Dec. 14, 2003 Birnhack & Elkin-Koren, Feb. 2004

  20. Ramifications • Assumptions: • Non-deterministic view of technology • Privacy is an important value, and should subsist in the digital environment • Within the law: • Correct enforcement-failures, e.g., class actions; effective governmental supervision • Require disclosure of rights (access, amendment) • Indirect regulation: carrot & stick approach: • Incentives to provide privacy (e.g., US-EU safe harbor) • Disincentives to non-compliance • Private Ordering • Regulation by code Birnhack & Elkin-Koren, Feb. 2004

  21. Privacy Practices of Israeli Public Web Sites Thanks! • michaelb@research.haifa.ac.il • elkiniva@research.haifa.ac.il Birnhack & Elkin-Koren, Feb. 2004

More Related