Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'About the Privacy Statement Template'

About the Privacy Statement Template

Roger Clarke **

Version of 19 December 2005
(Minor enhancements of 16 Dec 2008, 15 Feb 2010)

© Xamax Consultancy Pty Ltd, 2005-08

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://www.rogerclarke.com/DV/PSTAbt.html


Introduction

This document provides background information concerning the Privacy Statement Template.


Contents


Origins and Nature of the Document

The Template was prepared in late 2005, by a person active in privacy since 1972, variously as an advocate, researcher, and consultant. The motivation that spurred it was the ongoing inadequacy of virtually all Privacy Statements that appear on web-sites - in most cases serious inadequacy.

The purposes of preparing the document were:

Note that the undertakings are not as strong as those that a privacy-fundamentalist or privacy-supremacist would propose. Rather, the Template values privacy highly, but seeks balances against other interests, and balances that are reasonable and practicable.

There are several hundred jurisdictions in the world in which privacy law exists, may exist, or should exist. A generic document like this must therefore adopt language that seeks to be clear, rather than language that is consistent with the laws of any one country, or even any one legal system.

The document reflects a strongly anglo-centric perspective, and background in common law rather than code approaches to the law. It does, however, reflect experience over three decades in six English-speaking countries, in three German-speaking countries, and in Europe more generally. These are the primary jurisdictions in which data privacy law has developed.

It is intended that the adoption of a Privacy Statement result in specific legal obligations. Hence it is advisable that every organisation that adopts this (or any other) Statement seek advice from within the relevant jurisdiction(s) in which they conduct business.

This contents of this document provide guidance, but they do not, and could not, constitute legal advice to any person. The contexts in which the document is intended to be applied are far too diverse for that. In any case, the author is not competent to give legal advice. (He is a consultant in strategic and policy aspects of eBusiness, information infrastructure, and privacy and dataveillance matters).


Licensing

The Template is intended to be used. During the first 4 years after its publication at the end of 2005, it was accessed about 18,000 times. It has been used both formally and informally by many organisations to assist with the development or re-development of their Privacy Policy Statements, and for evaluating Statements published by other organisations.

See, for example, the AIS Policy Statement, mirrored here.

But it is important that the uses be orderly, and that the integrity of the document be sustained. The author accordingly:

Briefly, that licence:


Guidance for Organisations

There are various ways in which an organisation can use the document. The primary ways are as follows:

An organisation that interacts with individuals in different ways is likely to require multiple such Statements. It may be appropriate to have a Privacy Master Statement that applies in all cases, and subsidiary Privacy Statements that apply in particular circumstances.


Guidance for Individuals

When deciding whether they are prepared to deal with an organisation, people can use the Template as a reference-point, in order to evaluate how well the organisation's own Privacy Statement measures up.

When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, or its behaviour, people can use the Template as a reference-point, because it declares what their reasonable expectations should be.

When discussing what organisations should and should not to with personal data, people can cite the Template and quote from it.


Guidance for Public Interest Representatives and Advocates

When evaluating organisations' Privacy Statements, privacy advocates can use the Template as a reference-point.

When making enquiries, expressing concerns, or complaining to an organisation about its Privacy Statement, privacy advocates can use the Template as a reference-point, because it declares what people's reasonable expectations should be.

When making submissions about what organisations should and should not to with personal data, privacy advocates can cite the Template and quote from it.

Privacy advocates can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation.

Privacy advocates can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.

In the last two cases, it is necessary to respect the terms of the copyright licence.


Guidance for Industry and Professional Associations

Associations can use the Template as a basis for developing Privacy Statement Templates appropriate to particular patterns of operation within their industry or profession.

Associations can use the Template as a basis for developing Privacy Statement Templates attuned to the laws in a particular jurisdiction.

In both cases, it is necessary to respect the terms of the copyright licence.


References

OECD (1980) 'OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' Organisation for Economic Cooperation and Development, Paris, 1980

The OECD's Advice on Developing a Privacy Policy and Statement


Clarke R. (1987) 'The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law' Xamax Consultancy Pty Ltd, October 1987

Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy' Proc. Conf. EDPAC, May 1996

Clarke R. (1997) 'Cookies' Xamax Consultancy Pty Ltd, February 1997

Clarke R. (1998) 'Information Privacy On the Internet: Cyberspace Invades Personal Space' Telecomm. J. Austral. 48, 2 (May/June1998)

Clarke R. (1999a) 'Internet Privacy Concerns Confirm the Case for Intervention' Communications of the ACM, 42, 2 (February 1999) 60-67

Clarke R. (1999b) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999

Clarke R. (2000) 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' Xamax Consultancy Pty Ltd, January 2000

Clarke R. (2001) 'Privacy as a Means of Engendering Trust in Cyberspace' UNSW L. J. 24, 3 (2001)

Clarke R. (2002a) 'Trust in the Context of e-Business' Internet Law Bulletin 4, 5 (February 2002) 56-59

Clarke R. (2002b) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conf., Bled, Slovenia, 17-19 June 2002

Clarke R. (2005) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template of 19 December 2005' Xamax Consultancy Pty Ltd, December 2005

Clarke R. (2006a) 'A Pilot Study of the Effectiveness of Privacy Policy Statements' Proc. 19th Bled eCommerce Conf., Slovenia, 5-7 June 2006

Clarke R. (2006b) 'A Major Impediment to B2C Success is ... the Concept 'B2C' Invited Keynote, Proc. ICEC'06, Fredericton NB, Canada, 14-16 August 2006

Clarke R. (2008) 'The Effectiveness of Privacy Policy Statements: A Pilot Study Against a Normative Template' Forthcoming, chapter in 'Digital Business Security Development: Management Technologies' (Eds. Kerr D., Gammack J. & Bryant K)


Privacy Law Sources:


W3C's References for Platform for Privacy Preferences (P3P) Implementations

Clarke R. (1998a) 'Platform for Privacy Preferences (P3P): An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39

Clarke R. (1998b) 'Platform for Privacy Preferences (P3P): A Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) 46-48

Clarke R. (2001) 'P3P Re-visited' Privacy Law & Policy Reporter 7, 10 (April 2001)


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 19 December 2005 - Last Amended: 15 February 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PSTAbt.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy