The US Safe Harbor - Fact or Fiction? (2008)

5.5. Content of privacy policies

The quality of the content of privacy policies varies significantly. Major issues identified in this study include:

  • Numerous privacy policies are only 1-3 sentences long and contain virtually no information for consumers. The shortest EU Safe Harbor privacy policy simply stated: ‘Company X maintains privacy measures that exceed Safe Harbor requirements’.
  • Numerous privacy policies simply refer the consumer to the Department of Commerce Safe Harbor website for further details.
  • Numerous privacy policies appear to conform to a common ‘template’ privacy policy that is not complaint with the Safe Harbor Framework. This template has a heading called ‘enforcement’ or ‘dispute resolution’ and then has text telling the consumer that if their complaint cannot be resolved with the organisation, they should ‘contact your local Data Protection Authority for further information’. There is no other information on independent dispute resolution, and no discussion of the Panel. This template accounts for a significant number of non-compliant sites.
  • Numerous privacy policies claim that the organisation is complaint with the Safe Harbor without providing any explanation about what the Safe Harbor is. One example just says ‘Customers from the European Union should note that we are in compliance with the Safe Harbor privacy principles.’ No further details are provided.