Information Technology Reference
In-Depth Information
Overall, the results show that all privacy poli-
cies provided answers to roughly two-thirds of
the questions, thus reducing users' uncertainties
about data handling practices in WWW interac-
tions only to a limited extent. Since interactants
in initial interactions require information about
each other to build relationships successfully, the
privacy policies examined will not help users to
gather enough information passively. Relation-
ships thus will be established only if users have a
high tolerance to uncertainty or obtain information
actively by asking other users or interactively by
contacting the company directly.
Also, these results are only indicative of what
companies say but not necessarily of what they
do. The assertions made in corporate privacy
policies cannot be verified by anyone outside the
company. Thus, for privacy policies to be worth
reading, they would have to be supplemented
with trustworthy privacy seals, so that Internet
users have some assurance that companies abide
at least by the certifying institution's guidelines,
provided that the seal program enforces its guide-
lines rigorously.
are more likely to have trust in a company's Web
site if they can learn from a privacy policy not
only what the company does with user data but
also what it does
not
do. Clearly, not mentioning
something also may be a strategy for concealing
practices consumers would find unacceptable.
Further, the examination of the content words
has shown that companies obscure privacy in-
fringements by downplaying their frequency or
probability. More exact lexical choices in privacy
policies would increase the transparency of data
handling practices and would make them more
capable of reducing uncertainties. If users were
able to fully understand when data are collected
and how they are used, they would be less con-
cerned about data misuse and would have more
trust in the company. The frequent use of
may
, for
example, does not reduce uncertainties about data
handling practices. Rather, companies should ex-
plain in detail under what circumstances a certain
practice is carried out and when it is not. This, of
course, would make privacy policies even longer,
which shows the inappropriateness of text-based
online privacy policies due to the complex nature
of data handling in electronic commerce.
Therefore, companies should look for more
user-friendly alternatives to the narrative presen-
tation format of privacy policies. eBay was the
only company among the 50 sample companies
that offered such an alternative. In addition to the
long version of its privacy policy, the company
posts a tabular version and a short version, both
of which give users a much better idea of how
their data are collected, used, and shared. But
similar to conventional privacy policies, this
format also gives rise to the paradox situation
that data already may have been collected before
the user has viewed the privacy policy. This calls
for a faster adoption of P3P-enabled privacy
policies and the more widespread use of privacy
seal programs to eliminate conventional privacy
policies altogether.
managerial implications
The previous findings have three important
implications for managerial practice that relate
to shortcomings in the content, language, and
presentation format of online privacy policies.
First, companies need to be aware that even
if they do not engage in certain data handling
practices, these practices are worth mentioning
in their privacy policies in order to reduce users'
uncertainties. Although the computer-assisted
textual analysis and the content analysis have
shown that companies do mention things they
do
not
do, more transparency is needed in com-
municating data handling practices. Companies
probably do not see the need to mention certain
practices if they do not engage in them, but users
Search WWH ::
Custom Search