After reading this article you will learn about:- 1. Meaning of Consumer Privacy 2. Principles of Consumer Privacy 3. Example.
Meaning of Consumer Privacy:
Consumer privacy measures are those taken by commercial organizations to ensure that confidential customer data is not stolen or abused. Since most such organizations have a strong competitive incentive to retain an exclusive access to these data, and since customer trust is usually a high priority, most companies take some security engineering measures to protect consumer privacy.
However, these vary in effectiveness, and would not typically meet the much higher standards of client confidentiality applied by ethical codes or legal codes in banking or law, nor patient privacy measures in medicine, nor rigorous “national security” measures in military and intelligence organizations.
Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate consumer privacy measures. They recognize that the damage done by privacy loss is typically not measurable, nor can it be undone, and that commercial organizations have little or no interest in taking unprofitable measures to drastically increase privacy of customers – indeed, their motivation is very often quite the opposite, to share data for commercial advantage, and to fail to officially recognize it as sensitive, so as to avoid legal liability for lapses of security that may occur.
Consumer privacy concerns date back to the first commercial couriers and bankers, who in every culture took strong measures to protect consumer privacy, but also in every culture tended to be subject to very harsh punitive measures for failures to keep a customer’s information private.
The Hippocratic Oath includes a requirement for doctors to avoid mentioning ills of patients to others, not only to protect them, but to protect their families – the same basic idea as modern consumer privacy law and regulation, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information, and that therefore there is a responsibility beyond that to the ‘customer’ or ‘client’. Today the ethical codes of most professions very clearly specify privacy measures beyond that for the ‘consumer’ of an arbitrary service. Those measures are discussed in other articles on medical privacy, client confidentiality and national security – and to a degree in carceral state (where no privacy in any form nor limits on state oversight or data use exist).
Modern consumer privacy law in a recognizable form originated in telecom regulation, when it was recognized that a Telco, especially a monopoly (known in most nations as a PTT), had access to unprecedented levels of information about not only the direct customer’s communications habits and correspondents, but also that of those who shared his or her household. It was also often the case that telephone operators could hear conversations, inadvertently or deliberately, and were required to dial the exact numbers.
The data gathering required for billing began to become an obvious privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on Telco’s in every country. Typically only police and military authorities had powers to ‘wiretap’ or see records.
Even stricter requirements emerged for banks’ electronic records in some countries financial privacy is a major focus of the economy, and penalties for violating it are severe and criminal penalties applied. In Austria in the 1990s mere mention of a client’s name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.
Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing it. Customer trust and goodwill was generally thought to be sufficient in some nations, notably the United States, to ensure protection of truly sensitive data. ‘Caveat emptor’ applied. But in the 1980s much smaller organizations began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.
Gradually, consumer privacy measures alone proved insufficient to deal with the many hazards of corporate data sharing, corporate mergers, employee turnover, theft of hard drives or other data-carrying hardware from work.
Talk began to turn to explicit regulation, especially in the European Union, where each nation had laws that were incompatible, e.g. some restricted the collection, some the compilation, and some the dissemination of data, and it was possible to violate anyone’s privacy within the EU simply by doing these things from different places in the European Common Market as it existed before 1992.
Through the 1990s the proliferation of mobile telecom (which typically bills every call), the introduction of customer relationship management and the use of the Internet by the public in all developed nations, brought the situation to a head, and most countries had to implement strong consumer privacy laws, usually over the objections of business.
The European Union and New Zealand passed particularly strong laws that were used as a template for more limited laws in Australia and Canada and some states of the United States (where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy).
After the September 11, 2001, terrorist attacks on the United States, privacy took a backseat to national security in most legislators’ minds. Accordingly concerns of consumer privacy in the United States have tended to go unheard as questions of citizen privacy versus the state, and the development of a police state or carceral state, have occupied advocates of strong privacy measures.
Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most developed nations to be much less of a concern than political privacy and medical privacy, e.g. as violated by biometrics. Indeed, people have been stopped at airports solely due to their political views recently (see No-fly list) and there appears to be little public will to stop practices of this nature. Privacy of body or habits may be ‘dead’, for all practical purposes, until political approaches or threats change.
Principles of Consumer Privacy:
i. We Collect Only Customer Information that is needed, and we Tell Customers How we Use it:
We limit the collection of information about our customers to what we need to know to administer their accounts, to provide customer services, to offer new products and services, and to satisfy any legal and regulatory requirements. We also tell our customers about the general uses of information we collect about them, and we will provide additional explanation if customers request it.
ii. We Give Customers Choices about How Their Information Will be Used:
Our businesses give customers “opt out” choices about how information about the customer’s relationship with that business unit may be used to generate marketing offers. These marketing choices include product and service offers from American Express businesses and those made by our business partners. Of course, each of our businesses will continue to send its customers information relating to products or services they receive from that business.
iii. We Ensure Information Quality:
We use advanced technology, documented procedures and internal monitoring practices to help ensure that customer information is processed promptly, accurately and completely. We will respond in a timely manner to customers’ requests to correct inaccurate account or transaction information. We also require high standards of quality from the consumer reporting agencies and others that provide us with information about prospective customers.
iv. We Use Prudent Information Security Safeguards:
We limit access to customer information systems to those who specifically need it to conduct their business responsibilities, and to meet our customer servicing commitments. We employ safeguards designed to protect the confidentiality and security of our customer information.
v. We Limit The Disclosure of Customer Information:
We do not disclose customer information unless we have previously informed or been authorized by the customer, or we do so in connection with our efforts to reduce fraud or criminal activity and to comply with regulatory requirements and guidelines. When a court order or subpoena requires us to release information, we typically notify the customer to give the customer an opportunity to exercise his or her legal rights. Further, we will not disclose or use health information for marketing purposes or use it as a basis to make credit decisions.
vi. We are Responsive to Customers’ Requests for Explanations:
If we deny an application for our services or end a customer’s relationship with us, to the extent permitted by applicable law, we will provide an explanation, if requested. We state the reasons for the action taken and the information upon which the decision was based, unless the issue involves potential criminal activity.
vii. We Hold Ourselves Responsible For Our Privacy Principles:
Each American Express employee is responsible for maintaining consumer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of these Consumer Privacy Principles. Employees who violate these Principles are subject to disciplinary action, up to and including dismissal. Employees are expected to report violations, and may do so confidentially, to their manager, to their business unit’s compliance officer, or to the company’s Office of the Ombudsperson.
We also conduct internal assessments of our privacy practices and periodically commission outside expert reviews of our compliance with the Privacy Principles and the specific policies and practices that support these Principles.
vii. We Extend These Privacy Principles to Our Business Relationships:
We require companies we select as our business partners to agree to keep our customer information confidential and secure, to protect the information against unauthorized access, use, or re-disclosure by the recipient company, and limit its use to the purposes for which it was provided to them. We also encourage our business partners to respect their customers’ information by adopting strong and effective privacy policies and practices, including offering “opt out” choices for marketing offers to their customers. In addition, we participate actively in industry associations to advocate development of comprehensive privacy policies and implementation strategies.
Example: Privacy Policy of Apple:
Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
1) Collection and Use of Personal Information:
Personal information is data that can be used to uniquely identify or contact a single person. You may be asked to provide your personal information anytime you are in contact with Apple or an Apple affiliated company Apple and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our products, services, content, and advertising. Here are some examples of the types of personal information Apple may collect and how we may use it.
What personal information we collect
i. When you create an Apple ID, register your products, apply for commercial credit, purchase a product, download a software update, register for a class at an Apple Retail Store, or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, and credit card information.
ii. When you share your content with family and friends using Apple products, send gift certificates and products, or invite others to join you on Apple forums, Apple may collect the information you provide about those people such as name, mailing address, email address, and phone number.
iii. In the U.S., we may ask for your Social Security number (SSN) but only in limited circumstances such as when setting up a wireless account and activating your iPhone or when determining whether to extend commercial credit.
How we use your personal information
i. The personal information we collect allows us to keep you posted on Apple’s latest product announcements, software updates, and upcoming events. It also helps us to improve our services, content, and advertising. If you don’t want to be on our mailing list, you can opt out anytime by updating your preferences
ii. We also use personal information to help us develop, deliver, and improve our products, services, content, and advertising.
iii. From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Apple, you may not opt out of receiving these communications.
iv. We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Apple’s products, services, and customer communications.
v. If you enter into a sweepstake, contest, or similar promotion we may use the information you provide to administer those programs.
2) Collection and Use of Non-Personal Information:
We also collect non-personal information “data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non- personal information for any purpose.
The following are some examples of non-personal information that we collect and how we may use it:
i. We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
ii. We also may collect information regarding customer activities on our website, Mobile Me service, and iTunes Store and from our other products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.
If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.
Cookies and Other Technologies:
Apple’s website, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our website people have visited, and facilitate and measure the effectiveness of advertisements and web searches.
We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.
Apple and its partners use cookies and other technologies in mobile advertising services to control the number of times you see a given ad, deliver ads that relate to your interests, and measure the effectiveness of ad campaigns.
If you do not want to receive ads with this level of relevance on your mobile device, you can opt out by accessing the following link on your device: If you opt out, you will continue to receive the same number of mobile ads, but they may be less relevant because they will not be based on your interests. You may still see ads related to the content on a web page or in an application or based on other non-personal information. This opt-out applies only to Apple advertising services and does not affect interest-based advertising from other advertising networks.
Apple and our partners also use cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with Apple more convenient and personal. For example, knowing your first name lets us welcome you the next time you visit the Apple Online Store.
Knowing your country and language “and if you are an educator, your school”helps us provide a customized and more useful shopping experience. Knowing someone using your computer or device has shopped for a certain product or used a particular service helps us make our advertising and email communications more relevant to your interests. And knowing your contact information, product serial numbers, and information about your computer or device helps us register your products, personalize your operating system, set up your Mobile Me service, and provide you with better customer service.
If you want to disable cookies and you’re using the Safari web browser, go to Safari preferences and then to the Security pane to disable cookies. On your Apple mobile device, go to Settings, then Safari, and then to the Cookies section. For other browsers, check with your provider to find out how to disable cookies. Please note that certain features of the Apple website will not be available once cookies are disabled.
As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, and to gather demographic information about our user base as a whole. Apple may use this information in our marketing and advertising services.
In some of our email messages, we use a “click-through URL” linked to content on the Apple website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website.
We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages. Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Disclosure to Third Parties:
At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and its carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and its carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.
Service Providers:
Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.
Others:
It may be necessary “by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence ” for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.
3) Protection of Personal Information:
Apple takes precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.
Apple online services such as the Apple Online Store and iTunes Store use Secure Sockets Layer (SSL) encryption on all web pages where personal information is collected. To make purchases from these services, you must use an SSL-enabled browser such as Safari, Firefox, or Internet Explorer. Doing so protects the confidentiality of your personal information while it’s transmitted over the Internet.
When you use some Apple products, services, or applications or post on an Apple forum, chat room, or social networking service, the personal information you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.
4) Integrity and Retention of Personal Information:
Apple makes it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
5) Access to Personal Information:
You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your account at https(dot)appleid(dot)apple(dot)com. For other personal information, we make good faith efforts to provide you with access so you can request that we correct the data if it is inaccurate or delete the data if Apple is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
Access, correction, or deletion requests can be made through the regional Privacy Contact Form.
Children:
We do not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13 we will take steps to delete the information as soon as possible.
Location-Based Services:
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
Some location-based services offered by apple, such as the Mobile Me “Find My iPhone” feature, require your personal information for the feature to work.
Third-Party Sites and Services:
Apple websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties ” for example, a third-party iPhone app. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
International Users:
Information you provide may be transferred or accessed by entities around the world as described in this Privacy Policy. Apple abides by the “safe harbor” framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information collected by organizations in the European Economic Area and Switzerland. Learn more about the U.S. Department of Commerce Safe Harbor Program.
Please note that personal information regarding individuals who reside in a member state of the European Economic Area (EEA) is jointly controlled by Apple Sales International in Cork, Ireland, and Apple UK Limited in Uxbridge, United Kingdom. Personal information collected in the EEA when using Tunes is controlled by iTunes SARL in Luxembourg.
Our Companywide Commitment to Your Privacy:
To make sure your personal information is secure, we communicate our privacy and security guidelines to Apple employees and strictly enforce privacy safeguards within the company.