Changes in The Internet Privacy Practices of The Fortune Global 500 Companies

AUTHOR

Chula G. King

ABSTRACT

Concern over the relationship between technological innovations and the erosion of privacy rights is not a new phenomenon. For example, in 1890, Warren and Brandis wrote “that the individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection. . . . Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life.” At the end of the nineteenth century, legislators, regulators and the courts grappled with the enactment and enforcement of laws designed to balance the individual’s right to privacy against the information explosion made possible by advances in technology. A hundred years later, legislators, regulators and the courts find themselves in a similar position with the emergence of the information age.

One of the key ethical issues of the information age is information privacy. The revolutions in business computing brought about by technological advances in telecommunications and distributed computing have fundamentally changed the way that companies operate [Rudraswamy and Vance, 2001]. Increasingly, the creation and use of digital data are deemed strategically important to a company’s short-term and long-term success. Just as the technological advances have fundamentally changed business practices, so too have they changed societal attitudes towards privacy. In fact, much attention has recently been focused on societal attitudes toward privacy and the impact of those attitudes on the continued growth of e-Commerce and e-Business [Adkinson, Eisenach and Lenard, 2002]. The reason for this is that the long-term success of e-Commerce and e-Business depends in large part on the trust that must be earned in a faceless and stateless environment.

On a global basis, privacy concerns have been most acute in the United States. The European Union has followed closely behind the United States in its citizen’s concerns over privacy issues. This is especially true when one recognizes the growing company use of the electronic means to capture personal information of users of the Internet. The United States tends to minimize the government’s influence on company data gathering and privacy policies, and instead relies on the private sector to police itself. The European Union, on the other hand, focuses its attention on the government’s regulation of privacy policies affecting its citizens [Directive 95/46/EC, 1995].

The purpose of this paper is to examine the current privacy characteristics of the 500 largest companies in the world as defined by the Fortune Global 500 [Fortune, 2000]. This study expands on previous studies conducted in 2002 [King, 2002] and 2000 [King, 2001]. The privacy characteristics examined include the company use of cookies and web bugs, the company ability to collect personally identifying information, and the privacy disclosure practices followed. These characteristics are compared to those existing 12-months ago and 30-months ago to show the pattern of the changes that have occurred over this time frame. The companies are first looked at in total to determine overall practices related to privacy and disclosure. Then they are grouped by country and geographical region in an effort to determine whether companies in specific countries and regions are more prone to use privacy invasion techniques on their web sites, to collect data about visitors to their web sites, and/or to publish detailed privacy policies on their web sites. Finally, the companies are group by industry in an effort to determine the same characteristics.

The results of this study indicate that companies in the NAFTA region lead their European Union and Asian counterparts in the depositing of cookies and web bugs, and in the collection of personal information. Companies in Asia are least likely to utilize any privacy invasion techniques and are also least likely to post privacy policies on their web sites. Electronic, Pharmaceutical and Telecommunication companies are the leaders in allowing the placement of web bugs. Pharmaceutical companies are the most likely to have privacy policies posted on their web sites.

REFERENCES

Adkinson, W. F. Jr., Eisenach, J.A., and Lenard T.M. (March, 2002). Privacy online: A report on the information practices and policies of commercial websites, online at http://pff.org/publications/privacyonlinefinalael.pdf accessed 01.09.2003.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. (October 24, 1995), Community Legislation in Force, Document 395L0046. online at http://www.ispai.ie/legal/eu/1995-general-dp.htm accessed 02.09.2003.

Fortune Lists. (2000), The Global 500 List, online at http://www.fortune.com/fortune/global500/ accessed 09.10.2000.

King, C.G. (March, 2001), E-Commerce: The privacy invasion, Proceedings of the International Association of the Management of Technology, Lausanne, Switzerland, on CD.

_________ (June, 2002). International internet privacy practices of global fortune 500 companies, Proceedings of the 2002 European Applied Business Research Conference, Rothenburg ob der Tauber, Germany, on CD – article 171.

Rudraswamy, V., and Vance, D. A. (2001), Transborder data flows: adoption and diffusion of protective legislation in the global electronic commerce environment, Logistics Information Management, 14, 127-137.

Warren, S. D. and Brandis, L. D. (1890), The right to privacy, Harvard Law Review, 4, 193-220.