200 likes | 278 Vues
Consumers Online: Privacy, Security and Identity. Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity Conference
E N D
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity Conference October 2006
Motivation for Study • A previous study found that small business operators often struggle to understand and comply with their obligations to consumers under agreements with their credit provider, consumer protection legislation and the Privacy Act 1988 (Cth). • Purpose of this study was to assess the possible vulnerabilities of consumers when buying online. • Data from the ABS indicates that business to consumer electronic commerce is expanding. Consumers Online: Privacy, Security and Identity
B2C Electronic Commerce • The percentage of businesses in Australia with a website grew from 6 per cent in 1998 to 27 per cent in 2005. • The percentage of Australian adults who use the Internet to purchase goods and services has increased from 27 per cent in 1999 to 31 per cent in 2004/2005. • Travel, accommodation and tickets are the most popular items ordered or purchased via the Internet. • The percentage of Australian businesses that received orders via the Internet grew from six per cent in 2002 to 13 per cent in 2003 and has remained steady at 12 percent in 2004 and 2005. Consumers Online: Privacy, Security and Identity
Outline of the Study • Identify the privacy, security and identity issues facing both consumers and small business in the B2C e-commerce environment. • Websites of 20 small Australian businesses were reviewed. • The websites either sold goods and services and/or provided information about goods and services via the Internet. • Eleven sites sold goods online, seven provided information only and two sites allowed online ordering. Consumers Online: Privacy, Security and Identity
Outline of Study cont… • Each website was checked for a privacy policy, terms of use, a disclaimer, level of security and payment options available. • We assessed the website content in respect of legal obligations under consumer protection legislation, the Privacy Act 1988 (Cth) and contracts with merchant facility providers. • We made an overall assessment of the websites compliance with sections of The Australian Guidelines of Electronic Commerce relating to fair business practices. Consumers Online: Privacy, Security and Identity
Good Practice Guidelines • The Guidelines, published by the Federal Department of Treasury, are not mandatory. They set out guidelines to assist an online business. • We focused on seven sections in the Guidelines dealing with • Fair Business Practices • Business Identification Details • Contractual Information between the Business and the Consumer • Consumer Privacy • Security and Authentication Consumers Online: Privacy, Security and Identity
Good Practice Guidelines cont… Findings… • Five websites appear not to meet the minimum standard set out in s 15 relating to fair trading. • All 20 websites appear to meet the identification requirements (company name, address, etc) under ss 23, 23.1 and 24 to 24.4. • Of the 14 websites that were retail businesses, all provided information on the cost of goods and delivery as required by ss 25 and 26. Consumers Online: Privacy, Security and Identity
Good Practice Guidelines cont… • 12 sites provided a privacy policy, all of which discussed how personal information of customers is handled as required by s37. • As required by s 42.1, of the 11 sites that sold goods online, nine provided secure payment facilities via Secure Socket Layer (SSL). Consumers Online: Privacy, Security and Identity
2003 ACCC Study • Reviewed the top 1,000 Australian consumer websites. • 265 websites had online terms and conditions. • 50 per cent attempted to disclaim responsibility for accuracy of information. • 50 per cent have disclaimers of warranty clauses. • 66 per cent attempted to limit liability. Consumers Online: Privacy, Security and Identity
Trade Practices Act 1974 (Cth) • Consumer protection legislation applies equally whether the sale occurs face to face, by telephone or over the Internet. • The Trade Practices Act imposescertain conditions on businesses when they provide goods or services to consumers which are to be implied into every consumer transaction. • These implied terms are that the goods correspond with their description, are of a merchantable quality and are fit for the purpose for which they are to be used. Consumers Online: Privacy, Security and Identity
Trade Practices Act cont… Relevant Sections: • 70(1) – Goods to comply with description • 71(1) – Merchantable Quality • 71(2) – Fitness for Purpose • 68(1) – Implied terms within the Act cannot be excluded • 52(1) – Prohibited Conduct • 53(1) – False or Misleading Representation • 17 website had online terms and conditions. • 11 sites made reference to a Disclaimer. • 5 sites may have breached their legal obligations to consumers. Consumers Online: Privacy, Security and Identity
Example One: Disclaimer of Warranty Customer and prospective customer access to this website is provided on as “as is” basis and without warranty of any kind, whether expressed or implied including without limitation, warranties of merchantability, fitness for a particular purpose or title. Consumers Online: Privacy, Security and Identity
Example Two: Disclaimer To the best of our knowledge, the information is accurate and current. However, Company A does not make any representation or warranty as to the accuracy or completeness of the information.You further acknowledge and agree that Company A will not be liable to you or any other person for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to damages for product liability, personal injury or negligence resulting from use of goods or services supplied to you, or on behalf of you, through the website. Consumers Online: Privacy, Security and Identity
Merchant Agreements Terms and conditions are imposed on businesses through their agreements with credit card providers, they include • Obtain authorisation for credit card transactions • Kept customer information confidential • Abide by the Privacy Act • Keep information secure • Specify what a merchant should place on their website Consumers Online: Privacy, Security and Identity
Merchant Relationship • The ANZ Merchants’ Agreement provides at Clause 17 that the merchant’s website should contain: • a description of the good or services offered • a returns and refund policy • a customer service contact, including electronic address and or telephone number, and the merchant’s physical address • any export or legal restrictions • a delivery policy, including the delivery cost; and • a privacy policy, including the Merchant’s policy on dealing with Cardholder information. Consumers Online: Privacy, Security and Identity
Using the ANZ merchant agreement which is a typical example of an agreement, we examined whether the sites with a Merchant Relationship had complied with other obligations under clause 17 of the agreement. Merchant Relationship cont… Consumers Online: Privacy, Security and Identity
Consumer’s Privacy • Many of websites would not have needed a privacy policy, as a business with a turnover of $3 million or less is exempt from the Privacy Act 1988 (Cth). • 12 websites had a privacy policy, with all policies discussing how personal information of customers would be handled. • Five policies stated that customers would notified if the privacy policy changed. • No business had opted in under the Act. • Five websites claimed that they were bound by the Privacy Act or committed to complying with [their] obligations’ under the Privacy Act, which is misleading. Consumers Online: Privacy, Security and Identity
Recommendations • Increase awareness of web designers about obligations imposed on businesses by legislation and contract law. • Promote the Australian Guidelines of Electronic Commerce more widely. • Media campaign by The Office of the Privacy Commissioner aimed at web designers and small business: • Explaining the operation of the Privacy Act and its application to small businesses. • Designing an appropriate privacy policy. Consumers Online: Privacy, Security and Identity
Recommendations cont… • Continuing media campaigns by the ACCC aimed at small businesses and consumers: • Explaining the operation of the Trade Practices Act. • Designing an appropriate disclaimer. • Contents of terms and conditions. Consumers Online: Privacy, Security and Identity
Concluding Comments • People use the Internet because it is a convenient way to locate information or to buy goods and services. • Small business operators are responsible for complying with their legal obligations to consumers under consumer protection legislation as well as complying with the terms and conditions of their merchant agreements. • Consumers are also responsible for reading a business’ privacy policy or online terms and conditions and deciding to deal with that business. Consumers Online: Privacy, Security and Identity