How to NOT implement a website privacy policy
Yesterday, following some a link provided by a friend, I read an article recently published by the Star Online magazine. I wanted to add a comment to that article, but only found in that page the following statement (see [screenshot
): “If you’d like to post a comment on the issue, you can do so at The Star’s Facebook."
I don’t think this is good. The Star Online privacy policy (see [screenshot
) begins by saying: "(the publisher) has created this privacy statement to demonstrate its firm commitment to privacy.".
Then the policy says that the information collected by their web server “does not contain anything that can identify users individually” and that “user-supplied information collected through the registration process, surveys, contest entry forms, polls or other similar vehicles… is not shared with other organisations for commercial purposes unless specifically stated."
Great. But if this is intent, then why tell readers (that maybe would like to do it just because they trust the Star privacy policy) that the way to discuss a Star Online article with the Star staff and/or other Star readers is through Facebook?
Why should readers who value respect for privacy and want to comment an article in the magazine have to register just with the social network that has been the most attacked in the last years just for lack of interest about users privacy?
Of course, in and by itself, there is nothing wrong in having a personal Facebook account or in setting up a Facebook page for a magazine or any other organization. This is an historical moment in which millions of people confuse, consciously or not, the World Wide Web with Facebook and only see the former through the latter (I’m just assessing the situation here, not making a judgment!). In such a situation, today it is practically unavoidable to establish some Facebook presence if you want or need to be seen by the greatest possible number of people.
There is also nothing wrong, obviously, if magazine readers who already have a Facebook account, or any other Facebook user, want to discuss articles of that magazine on Facebook. The only thing that’s wrong in this picture is committing to a specific privacy policy and then officially providing, as the only way to provide feedback, an external service that is explicitly based on not caring about the same issues.
Now, if you do read it all, the Star Online privacy policy does explicitly say that “This site contains links to other sites. The Star Online is not responsible for the privacy practices or the content of such sites." That statement is surely enough from a strictly legal point of view. However, saying “if you’d like to post a comment on the issue, you can do so on Facebook” actually makes the local privacy policy completely irrelevant. In practice, it’s like saying “don’t worry, we do respect your privacy here. Now please use this service offered by others who really don’t care about it”.
So, what’s the right way to implement a privacy policy?
If you want to guarantee privacy to your users, you must set up and manage for them your forums, mailing lists or anything else that may be necessary. There’s no other way to be able to apply your own privacy policy. If this is not possible due to budget or other constraints, you should always explicitly inform all your readers.
In this case, it would be much better to replace every statement like that with something like “if you’d like to post a comment on the issue, you can do so on Facebook (or any other 3rd party!), but please remember that they have their OWN privacy policy”.
Disclaimer: I have nothing against the Star Online (and their article linked above is quite interesting, you really should read it and maybe compare what it says with my Mr Label’s nightmare). I have used them as example only because the way that article is written allowed me to explain my point with only two screenshots, but there are tons of other websites that do the same or much worse. If you find other examples, please tell me and I’ll add links here.
Who writes this, why, and how to help
I am Marco Fioretti, tech writer and aspiring polymath doing human-digital research and popularization.
I do it because YOUR civil rights and the quality of YOUR life depend every year more on how software is used AROUND you.
To this end, I have already shared more than a million words on this blog, without any paywall or user tracking, and am sharing the next million through a newsletter, also without any paywall.
The more direct support I get, the more I can continue to inform for free parents, teachers, decision makers, and everybody else who should know more stuff like this. You can support me with paid subscriptions to my newsletter, donations via PayPal (mfioretti@nexaima.net) or LiberaPay, or in any of the other ways listed here.THANKS for your support!