CANADIAN E-COMMERCE AND PRIVACY STUDY 2000:

A FAILURE TO COMMUNICATE

Professor Michael Geist & Gabe Van Loon

University of Ottawa, Faculty of Law, Common Law Section

 

STUDY INTRODUCTION

1. Goals of the Study

This study's primary objective was to evaluate pre-determined features on selected Web sites of interest to Canadians in order to develop an e-commerce "status report." Corporate privacy statements and practices were the primary focus, though other factors relating to security, domain names, and general e-commerce practices were also examined. The chief reasons for performing this type of evaluation included:

 

2. Basic Methodology

Sites were selected based on consideration of a number of factors, including:

The evaluators completed a two-page evaluation form for each site. Most evaluations were quantifiable to facilitate comparisons between sites and categories of sites. Sites were assessed on a pre-determined absolute scale. In 40 separate categories, sites were given rankings dependant on the presence or absence of certain factors or groupings of factors. The data from the individual forms was collated and compiled in a spreadsheet.

 

3. Study Timing and Size

The survey was conducted from May to September 2000. Analysis was performed from September to November 2000. All sites were visited on repeated occasions to ensure validity and currency.

A total of 259 sites were studied. The majority of the sites (194) analyzed were of Canadian origin, as defined by corporate ownership and/or target audience. However, a number of sites of "dual-origin" are also included in the evaluation (42). These sites may be based outside Canada but appear to target a Canadian audience by including significant Canadian content. A small number of major "foreign" sites (23) that surveys suggest are of interest to Canadians but do not have customised Canadian content were also included.

A complete list of all sites surveyed is contained at Appendix A. For comparison purposes, the sites are divided into 34 categories, and the categories are grouped into 5 sectors. The sectors and categories are as follows:

1. E-commerce Group

ISPs, Music, Auction, Groceries, Hardware, General E-Commerce, Traditional Retail, Software, Auto, Auto Rentals, Travel Agents

2. Sensitive Info Group

Banks, Brokers, Insurance, Financial, Career, Online Recruiting, Health

3. Services Group

Telecommunications, Legal, Real Estate, Travel Agents, Airlines, Trains, Buses

4. Culture and Government group

Museum, Events, Sports, Hobbies, Government, Education

5. Canadian Media group

Magazines, newspapers, TV & radio

 

STUDY HIGHLIGHTS

1. PRIVACY AT RISK &endash; THE TIE BETWEEN DATA COLLECTION AND ABSENT PRIVACY POLICIES

 

2. THE MISSING POLICIES

 

3. THE INADEQUATE POLICIES/C-6 COMPLIANCE

 

4. THE DISAPPOINTING POLICIES

 

5. THE DIFFERENCE BETWEEN CANADIAN SITES & DUAL ORIGIN

significant variation between Canadian only and Dual Origin sites on the following issues:

 

6. REGULATION MAKES A DIFFERENCE &endash; SENSITIVE INFORMATION SECTORS DO BETTER

sector fares better than others for:

 

7. IS PRIVACY NOT PART OF CANADIAN CULTURE &endash; THE POOR SHOWING OF CULTURE AND MEDIA SECTORS

consistently poor showing for the culture, government & media sectors:

links

 

8. DISAPPOINTING USAGE OF ADR & SEAL PROGRAMS

 

9. WHOSE LAW APPLIES?

 

10. WHAT'S IN A NAME &endash; LACK OF CONFIDENCE IN DOT-CA

 

STUDY METHODOLOGY

The pre-configured two-page evaluation form that was used for this study took into account the following factors and contained the following elements:

 

Where possible, the survey form was designed to have enhanced quantifiability. For example, a sliding scale was used in the "statement of purposes for information collection" category. The clearest privacy statements ranked "0" whereas statements that did not include a statement of purposes for information collection would rank "4". Such scales were based on readily identifiable characteristics of Web sites.

Note that most of the analysis performed for the purpose of this research was passive in nature. It is possible that a corporate entity on the Internet may make certain representations regarding their privacy policy, but have no intention to actually apply the procedures that they have indicated they will follow.

The following steps were taken to locate privacy policies on the Web sites surveyed:

  1. Accessing direct link to "privacy policy" from the home page
  2. Visual survey for keywords such as "privacy", "security", "legal notices", "privacy policy" on other pages
  3. Use of restricted site-specific search engine
  4. Use of external search engine

 

Appendix A: Listing of Site Sectors and Categories

E-commerce Group

Portals, ISPs, Search Engines (13)

 

Music (9)

 

Auctions (4)

 

Grocery (2)

 

Software Companies (4)

 

Hardware Companies (5)

 

General E-Commerce (13)

 

Traditional Retail On-Line (14)

 

Automobiles (11)

 

Automobile Rentals (7)

 

Travel Agents (14)

 

Sensitive Info Group

 

Banks (12)

 

Brokers (4)

 

Insurance (5)

 

Financial Services (4)

 

Career (5)

 

On-line Recruiting (2)

 

Health (7)

 

Services Group

 

Telecommunications and Cable (10)

 

Legal Services (4)

 

Real Estate (5)

 

Airlines (5)

 

Travel Agents (14)

 

Hotels (12)

 

Trains and Buses (3)

 

Culture and Government group

Museums and Galleries (5)

 

Events (5)

 

Sports (7)

 

Hobbies and Interest (4)

 

Government (17)

 

Education (7)

 

Canadian Media Group

Magazines (14)

 

Newspapers (12)

 

Television and Radio (10)

 

Other

 

Children/Youth Content (3)