Available under an AEShareNet 
licence or a Creative
Commons 
licence.
© Xamax Consultancy Pty Ltd, 2005
Available under an AEShareNet licence or a Creative
Commons licence.
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/PSTAbt.html
This document provides background information concerning the Privacy Statement Template document.
The Template was prepared in late 2005, by a person active in privacy since 1972, variously as an advocate, researcher, and consultant. The motivation that spurred it was the ongoing inadequacy of virtually all Privacy Statements that appear on web-sites - in most cases serious inadequacy.
The general purpose of preparing the document was to provide a comprehensive statement of what individuals reasonably expect from corporations and government agencies.
It is intended as guidance for organisations, for individuals, for public interest representatives and advocates, and for industry and professional associations.
Note that the undertakings are not as strong as those that a privacy-fundamentalist or privacy-supremacist would propose. Rather, the Template values privacy highly, but seeks balances against other interests, and balances that are reasonable and practicable.
There are several hundred jurisdictions in the world in which privacy law exists, may exist, or should exist. A generic document like this must therefore adopt language that seeks to be clear, rather than language that is consistent with the laws of any one country, or even any one legal system.
The document reflects a strongly anglo-centric perspective, and background in common law rather than code approaches to the law. It does, however, reflect experience over three decades in six English-speaking countries, in three German-speaking countries, and in Europe more generally. These are the primary jurisdictions in which data privacy law has developed.
It is intended that the adoption of a Privacy Statement result in specific legal obligations. Hence it is advisable that every organisation that adopts this (or any other) Statement seek advice from within the relevant jurisdiction(s) in which they conduct business.
This contents of this document provide guidance, but they do not, and could not, constitute legal advice to any person. The contexts in which the document is intended to be applied are far too diverse for that. In any case, the author is not competent to give legal advice. (He is a consultant in strategic and policy aspects of eBusiness, information infrastructure, and privacy and dataveillance matters).
The document is intended for use; but it is important that the uses be orderly, and that the integrity of the document be sustained. The author accordingly:
Briefly, the licence:
There are various ways in which an organisation can use the document. The primary ways are as follows:
An organisation that interacts with individuals in different ways is likely to require multiple such Statements. It may be appropriate to have a Privacy Master Statement that applies in all cases, and subsidiary Privacy Statements that apply in particular circumstances.
When deciding whether they are prepared to deal with an organisation, people can use the Template as a reference-point, in order to evaluate how well the organisation's own Privacy Statement measures up.
When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, or its behaviour, people can use the Template as a reference-point, because it declares what their reasonable expectations should be.
When discussing what organisations should and should not to with personal data, people can cite the Template and quote from it.
When evaluating organisations' Privacy Statements, privacy advocates can use the Template as a reference-point.
When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, privacy advocates can use the Template as a reference-point, because it declares what people's reasonable expectations should be.
When making submissions about what organisations should and should not to with personal data, privacy advocates can cite the Template and quote from it.
Privacy advocates can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation.
Privacy advocates can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.
In the last two cases, it is necessary to respect the terms of the copyright licence.
Associations can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation within their industry or profession.
Associations can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.
In both cases, it is necessary to respect the terms of the copyright licence.
OECD (1980) 'OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' Organisation for Economic Cooperation and Development, Paris, 1980
The OECD's Advice on Developing a Privacy Policy and Statement
Clarke R. (1987) 'The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law' Xamax Consultancy Pty Ltd, October 1987
Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy' Proc. Conf. EDPAC, May 1996
Clarke R. (1997) 'Cookies' Xamax Consultancy Pty Ltd, February 1997
This paper is at http://www.anu.edu.au/people/Roger.Clarke/
Clarke R. (1998) 'Information Privacy On the Internet: Cyberspace Invades Personal Space' Telecomm. J. Austral. 48, 2 (May/June1998)
Clarke R. (1999a) 'Internet Privacy Concerns Confirm the Case for Intervention' Communications of the ACM, 42, 2 (February 1999) 60-67
Clarke R. (1999b) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999
Clarke R. (2000) 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' Xamax Consultancy Pty Ltd, January 2000
Clarke R. (2001) 'Privacy as a Means of Engendering Trust in Cyberspace' UNSW L. J. 24, 3 (2001)
Clarke R. (2002a) 'Trust in the Context of e-Business' Internet Law Bulletin 4, 5 (February 2002) 56-59
Clarke R. (2002b) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conf., Bled, Slovenia, 17-19 June 2002
Privacy Law Sources:
W3C's References for Platform for Privacy Preferences (P3P) Implementations
Clarke R. (1998a) 'Platform for Privacy Preferences (P3P): An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39
Clarke R. (1998b) 'Platform for Privacy Preferences (P3P): A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48
Clarke R. (2001) 'P3P Re-visited' Privacy Law & Policy Reporter 7, 10 (April 2001)
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
| Personalia | Photographs | Access Statistics |
|
These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content). |
|
|
The Australian National University
Visiting Professor, Faculty of Engineering and Information Technology |
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, 6288 6916 |
Created: 19 December 2005 - Last Amended: 19 December 2005 by Roger Clarke - Site Last Verified: 15 February 2005
This document is at www.anu.edu.au/people/Roger.Clarke/DV/PSTAbt.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2006 - Privacy Policy