Online Social Networks and E-Commerce - MIT Computer Science ...

More documents

Recommendations

Info

Clarence Lee and Shirley Fung Similar to Title V of GLBA, our proposed accountability structure should serves four purposes: 1) inform consumer about the types of information stored, 2) allow user to have control over what data to be released, 3) standardize and require all businesses to draft protection plan, and 4) establish enforcement authority. Inform Consumers About Information Stored While the Financial Privacy Rule holds business accountable to educate the user about privacy protection, one of the biggest complaints is that there is no standardized way of displaying that information to the user. GLBA leaves the burden of deciding the format in which the privacy policy is present on the business, and hence many businesses would often present the privacy policy in a long and convoluted manner in order to discourage the consumers from reading it. This defeats the purpose and we propose that an easy to understand structure to be established to educate the user. One possibility would be to leverage the Platform for Privacy Preferences (P3P) Project. Developed by the World Wide Web Consortium, the P3P Project “enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents (Platform for Privacy Preferences (P3P) Project).” Another possibility would be to use a simple visual chart to display the kinds of information stored on third party Web sites. Similar to the Nutritional Facts chat found on all packaged foods in the United States, a simple, standardized chart like that can effectively educate the user about information stored. Allow User to Control Data Released Another improvement upon the GLBA system would be to provide a simple way for users to opt-out. While the current GLBA system allow users to opt-out from having their Financial information shared with non-affiliated companies, the opt-out description is often confusing to read and hard to understand. This places the burden of decision on the consumer to learn about the possible opt-out options and actually going through the complicated procedures of opting-out. While this sounds like it is trying to protect the consumer on paper, in reality the rule is not very effective. Companies can do whatever they want with the consumer data as long as the user does not opt-out, hence this creates an incentive for businesses to make the opt-out procedure to be as complicated as it can be. Having an easy-to-understand opt-out description would actually give consumers the power of decision. While we could have proposed an opt-in system where users have to opt-in to allow companies to share any consumer information at all, we feel that this would be too restricting on businesses in that almost no consumer would actually volunteer to have their information be shared. Since we believe that this option will garner much resistance from businesses, we feel that the clear opt-out approach would be a better compromise. Page 34
Require Business to Draft Protection Plan Clarence Lee and Shirley Fung We propose that a similar plan to the Safeguard Rule to be applied to third party Web sites. This establishes a standard requiring all Web sites having to store user information to comply. In addition, the major benefit of an established system such as this is to help consumers understand the steps taken to protect their data. Establish Enforcement Authority Lastly, the most important part of our proposal is to establish enforcement authority. While enacting GLBA enforcement structure for our proposal would be a big step forward for protecting online customer privacy, we feel that there is a way that the enforcement authority could be enhanced. The biggest problem with the GLBA enforcement structure is that it places the burden of enforcement entirely on the Federal Government. We recommend that the state government to have to power of enforcement as well. While one may contest this notion by pointing out the fact that a particular Web site may store user data from all 50 states, such ambiguity could be enforced by the state in which the Web site’s creators reside in. Similar to how the United States Court Circuit alleviate burden off the Supreme Court, this method will alleviate the Federal Government’s burden of enforcing this accountability structure in all fifty states. Conclusion Unlike ten years ago, the Internet has grown to be a common household commodity. Social networking sites and e-commerce sites has enjoyed a period of immense growth. As the popularity of these Web sites increase, the gap between our virtual life on the Internet and our real life in the physical world becomes smaller and smaller. As a result, we must reexamine whether the privacy policies implemented years ago should be updated in order to keep up with the incredible progress of technology. For this paper, we examined two types of Web sites: e-commerce Web sites and social network Web sites. The combination of both makes up a significant portion of Web traffic. In addition, we looked at two specific examples: Amazon and Facebook, and we examined the types of user information that is stored on both. Due to the massive amount of personal data stored on both of these Web sites, we proposed two solutions to ensure consumer privacy protection. The first is to require a blanket protection policy to protect private data from government intrusion. Given that the type of data on these Web sites can tell someone a lot of a user, a blanket protection policy is needed to protect all data so one cannot circumvent the system by acquiring information in a less protected category. Page 35
Page 1 and 2: 11/18/2007 Online Social Networks a
Page 3 and 4: Clarence Lee and Shirley Fung Incon
Page 5 and 6: List of Figures Clarence Lee and Sh
Page 7 and 8: Clarence Lee and Shirley Fung track
Page 9 and 10: Clarence Lee and Shirley Fung data
Page 11 and 12: Figure 1 - Screen shot of a Faceboo
Page 13 and 14: • work • picture • other �
Page 15 and 16: Clarence Lee and Shirley Fung The N
Page 17 and 18: Clarence Lee and Shirley Fung Faceb
Page 19 and 20: Clarence Lee and Shirley Fung There
Page 21 and 22: Clarence Lee and Shirley Fung demon
Page 25 and 26: Clarence Lee and Shirley Fung Summa
Page 27 and 28: Clarence Lee and Shirley Fung behin
Page 29 and 30: Clarence Lee and Shirley Fung Criti
Page 31 and 32: Clarence Lee and Shirley Fung an es
Page 33: Clarence Lee and Shirley Fung reven
Page 37 and 38: Appendices Amazon.com Privacy Notic
Page 39 and 40: Clarence Lee and Shirley Fung prote
Page 41 and 42: Clarence Lee and Shirley Fung Our b
Page 43 and 44: Clarence Lee and Shirley Fung Examp
Page 47 and 48: Children Under Age 13 Clarence Lee
Page 49 and 50: Clarence Lee and Shirley Fung We ma
Page 51 and 52: Clarence Lee and Shirley Fung compu
Page 53 and 54: Bibliography Clarence Lee and Shirl

Online Social Networks and E-Commerce - MIT Computer Science ...

Create successful ePaper yourself

Delete template?

Save as template?