Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2005-08
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/PSTAbt.html
This document provides background information concerning the Privacy Statement Template.
The Template was prepared in late 2005, by a person active in privacy since 1972, variously as an advocate, researcher, and consultant. The motivation that spurred it was the ongoing inadequacy of virtually all Privacy Statements that appear on web-sites - in most cases serious inadequacy.
The purposes of preparing the document were:
Note that the undertakings are not as strong as those that a privacy-fundamentalist or privacy-supremacist would propose. Rather, the Template values privacy highly, but seeks balances against other interests, and balances that are reasonable and practicable.
There are several hundred jurisdictions in the world in which privacy law exists, may exist, or should exist. A generic document like this must therefore adopt language that seeks to be clear, rather than language that is consistent with the laws of any one country, or even any one legal system.
The document reflects a strongly anglo-centric perspective, and background in common law rather than code approaches to the law. It does, however, reflect experience over three decades in six English-speaking countries, in three German-speaking countries, and in Europe more generally. These are the primary jurisdictions in which data privacy law has developed.
It is intended that the adoption of a Privacy Statement result in specific legal obligations. Hence it is advisable that every organisation that adopts this (or any other) Statement seek advice from within the relevant jurisdiction(s) in which they conduct business.
This contents of this document provide guidance, but they do not, and could not, constitute legal advice to any person. The contexts in which the document is intended to be applied are far too diverse for that. In any case, the author is not competent to give legal advice. (He is a consultant in strategic and policy aspects of eBusiness, information infrastructure, and privacy and dataveillance matters).
See, for example, the AIS Policy Statement, mirrored here.
But it is important that the uses be orderly, and that the integrity of the document be sustained. The author accordingly:
Briefly, that licence:
There are various ways in which an organisation can use the document. The primary ways are as follows:
An organisation that interacts with individuals in different ways is likely to require multiple such Statements. It may be appropriate to have a Privacy Master Statement that applies in all cases, and subsidiary Privacy Statements that apply in particular circumstances.
When deciding whether they are prepared to deal with an organisation, people can use the Template as a reference-point, in order to evaluate how well the organisation's own Privacy Statement measures up.
When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, or its behaviour, people can use the Template as a reference-point, because it declares what their reasonable expectations should be.
When discussing what organisations should and should not to with personal data, people can cite the Template and quote from it.
When evaluating organisations' Privacy Statements, privacy advocates can use the Template as a reference-point.
When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, privacy advocates can use the Template as a reference-point, because it declares what people's reasonable expectations should be.
When making submissions about what organisations should and should not to with personal data, privacy advocates can cite the Template and quote from it.
Privacy advocates can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation.
Privacy advocates can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.
In the last two cases, it is necessary to respect the terms of the copyright licence.
Associations can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation within their industry or profession.
Associations can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.
In both cases, it is necessary to respect the terms of the copyright licence.
OECD (1980) 'OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' Organisation for Economic Cooperation and Development, Paris, 1980
Clarke R. (1987) 'The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law' Xamax Consultancy Pty Ltd, October 1987
Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy' Proc. Conf. EDPAC, May 1996
Clarke R. (1997) 'Cookies' Xamax Consultancy Pty Ltd, February 1997
Clarke R. (1998) 'Information Privacy On the Internet: Cyberspace Invades Personal Space' Telecomm. J. Austral. 48, 2 (May/June1998)
Clarke R. (1999a) 'Internet Privacy Concerns Confirm the Case for Intervention' Communications of the ACM, 42, 2 (February 1999) 60-67
Clarke R. (1999b) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999
Clarke R. (2000) 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' Xamax Consultancy Pty Ltd, January 2000
Clarke R. (2001) 'Privacy as a Means of Engendering Trust in Cyberspace' UNSW L. J. 24, 3 (2001)
Clarke R. (2002a) 'Trust in the Context of e-Business' Internet Law Bulletin 4, 5 (February 2002) 56-59
Clarke R. (2002b) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conf., Bled, Slovenia, 17-19 June 2002
Clarke R. (2005) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template of 19 December 2005' Xamax Consultancy Pty Ltd, December 2005
Clarke R. (2006b) 'A Major Impediment to B2C Success is ... the Concept 'B2C' Invited Keynote, Proc. ICEC'06, Fredericton NB, Canada, 14-16 August 2006
Privacy Law Sources:
W3C's References for Platform for Privacy Preferences (P3P) Implementations
Clarke R. (1998a) 'Platform for Privacy Preferences (P3P): An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39
Clarke R. (1998b) 'Platform for Privacy Preferences (P3P): A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48
Clarke R. (2001) 'P3P Re-visited' Privacy Law & Policy Reporter 7, 10 (April 2001)
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 19 December 2005 - Last Amended: 15 February 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PSTAbt.html