Web analytics vendors walk a very fine line with regard to privacy. Third party tools collect almost any data that customers would like to forward to them. Customers can sometimes make mistakes and send information that their visitors would suggest is personally identifiable (as in this case with LiveJournal users).
Some important takeaways for me from the article:
"Since the [vendor] javascript is complex and hard-to-deconstruct, we cannot say unequivocally what else, if anything, the code also tries to collect."
Note 1: Vendors need to make sure their customers understand everything that is and/or can be collected with their javascript.
-------------------
"[Vendor] is legally bound to do nothing with the information other than report it back to us as anonymous and aggregate data. That's a strict legal commitment they've made to us and they make publicly via their privacy policy."
Note 2: Vendor privacy policies are extremely important and must accurately reflect exactly what they say they will do with the data they collect.
-------------------
"COPPA -- we completely respect the letter and spirit of COPPA (refresher). Again, we do not share personally identifiable information with [vendor] or enable [vendor] to collect it about any users, including those under 13. There are two types of under 13 users on LJ -- those whose parents have given us permission and those who have not and therefore can only view public pages but cannot use the application."
Note 3: This is serious business. Vendors must be very clear about privacy issues and regulations surrounding the data they collect. COPPA is just one example...there are many others.
-------------------
I'm impressed with LiveJournal's thoughtful response on this topic that has clearly upset some of their users. All site operators should make sure they review their privacy policy on a regular basis and match what they are saying with the data they are collecting.
Also, for sites that determine they collect sensitive data that seems inappropriate to send to a third party collection environment, they should investigate options to keep the data in-house.
No comments:
Post a Comment