Network Advertising Initiative: Principles not Privacy (July 2000)
Electronic Privacy Information Center
Online profiling is the collection of information about Internet surfing behavior within an advertising network for the purpose of formulating a "profile" or representation of users' habits and interests. By placing cookies on consumers' computers, online advertisers track millions of Internet users without their knowledge. The controversial practice has seized the public's attention and has been the topic of Congressional hearings. The Federal Trade Commission has been negotiating with network advertisers for several months and has recently agreed to self-regulatory principles with the industry group.
This report reviews the practice of online profiling, assesses the FTC proposal, and concludes that the Network Advertising Initiative (NAI) Principles will not protect consumer privacy. The Principles perpetuate the secretive tracking of Internet users and run counter to the standards that consumers want. The Principles place the burden of privacy protection squarely on the consumer by relying on opt-out for both tracking of Internet users and linking of profiles to personally identifying information.
Strong laws and effective enforcement will spur Internet advertisers to adopt methods and technologies that promote consumer privacy. Internet advertising can be done anonymously and companies should be encouraged to do so. If online profiling is done with personal information, enforceable Fair Information Practices should be applied with a particular emphasis on complete access to the information collected.
The problem of online profiling was first presented to Congress in testimony before the Senate Commerce Committee in July 19991. When others became aware of the plan to link anonymous surfing data with detailed customer profiles, the public and media expressed opposition2. Business Week urged Congress to take action and said:
. . . who is going to hold DoubleClick -- or any other data-mining company -- to the promises in their privacy policies? Most online companies insist that they can regulate themselves. Maybe. But as online direct marketing becomes more successful, the value of personal information will soar -- as will the temptations to abuse it. Right now, victims have no clear legal recourse . . . only the federal government can fill those shoes3.
Public opposition to the proposal intensified. The Federal Trade Commission initiated an investigation of DoubleClick. A private litigant filed suit in California alleging violations of the State Constitution. Two state attorneys general began legal proceedings4. On February 10, EPIC filed a complaint with the Federal Trade Commission (FTC) alleging that the company had violated the FTC Act which prohibits unfair and deceptive business practices5. The complaint argued that DoubleClick had deceptively begun to personally identify profiles that it had stated were to remain anoymous. On March 2, the company suspended its plan to merge personal data with profiles6.
DoubleClick's plans were put on hold due to widespread public opposition to online profiling. A poll conducted by Business Week/Harris in early March found that of those polled 35% were "not at all comfortable" and 28% were "not very comfortable" with anonymous profiling. The poll also found that 89% of respondents were either "not at all comfortable" or "not very comfortable" when those profiles were linked to personally identifiable information such as a name or address as begun by DoubleClick7.
While the public attention towards online profiling has spurred Congress and the Federal Trade Commission to address Internet privacy issues, the network advertisers continued to operate without any uniform enforceable rules governing the collection of personal data. In early 1999, officials from the FTC and Department of Commerce met with representatives from network advertising companies to discuss the industry's practices and the possibility of self-regulation. The formation of the Network Advertising Initiative (NAI) was formally announced at the November 1999 Workshop on Online Profiling put on by the Federal Trade Commission and the Department of Commerce8. After the workshop, the FTC, the Department of Commerce, and the NAI continued to negotiate self-regulatory principles. Notably, not all companies in the Internet advertising industry are members of the NAI and would not be held to any principles. For example, Microsoft's LinkExchange, recently rebranded Bcentral, is not a member.
On June 13, 2000, the Senate Commerce Committee held hearings on the issue of online profiling9. At the hearing, it was brought to the attention of the Committee that there was no involvement from privacy and consumer groups in the ongoing negotiation of the NAI Principles. In response, seven senators on the Commerce Committee wrote a letter to FTC Chairman Robert Pitofsky on June 21 urging the inclusion of privacy and consumer groups in the negotiations with the NAI. The letter states that
. . . it is our position that self regulation negotiations that exclude consumers from the bargaining table represent an inadequate attempt at developing the appropriate policy regarding privacy protection. Accordingly, we strongly urge you and your staff to include consumer privacy groups in your discussions as these negotiations move forward10.
On July 19, officials from the FTC and Department of Commerce invited representatives from privacy and consumer groups to discuss a "mock-up" of the NAI principles. Privacy and consumer advocates were not permitted to retain or distribute any of the documents discussed.
The Network Advertising Initiative11 finally made their self-regulatory principles available to the public on July 27. After months of negotiations with little public participation or involvement, these principles may govern how a highly controversial segment of the Internet industry operates. During this time, there was no opportunity for public comment. While government officials claim that the negotiations are not a formal rule-making, the government agencies with the greatest jurisdiction over these companies will have agreed to guidelines drafted, negotiated, and stipulated with little public involvement.
What is online profiling?
Online profiling is the collection of information about Internet surfing behavior across thousands of commercial websites within an advertising network for the purpose of formulating a "profile" or representation of users' habits and interests. While companies and advertisers have long profiled large audiences on the basis of demographics and other information, online profiling allows Internet companies to collect information from individuals across a wide range of private activity. Online advertisers or network advertisers create and use these profiles for the purpose of targeting banner advertisements, presenting the ones most likely from their view to attract the attention of Internet users. While many of the advertisers are currently focused on banner advertisements, the profiles are likely to be used for other marketing purposes12. Some industry watchers have also pointed out that detailed profiles about consumers could make them more susceptible to discriminatory business practices such as redlining13.
Unlike first-party websites, network advertisers have no relationship with the Internet users that they profile. Most Internet users are unaware that banner advertisements on many commercial websites are placed by third parties and that those third parties also collect information about their behavior. Also unlike first-party websites, network advertisers are able to collect information across many different and unrelated websites. For example, Amazon.com exhaustively collects data about all its customers but it will not easily be able to know what its customers are doing on a separate site. However, a network advertiser such as DoubleClick will be able to collect information about Internet user behavior on an investment site like ragingbull.com, a health information site like HealthCentral.com or on a portal such as altavista.com. A more intrusive manner of tracking Internet users takes place through the use of web bugs, invisible images that also place cookies on users' computers. As of July 25, DoubleClick had placed web bugs on over 60,000 different web pages14.
The scope of online profiling is difficult to measure. As of the end of 1999, DoubleClick, the largest network advertiser presented advertisements for thousands of clients and in a single month, December 1999, it served 30 billion advertisements15. It is estimated that 100 million Internet users have been profiled by this one company. Many other advertisers also operate in the same space and have profiled millions of users with great detail. Engage, another network advertiser that has 70 million of its own profiles, claims to create profiles with up to 800 separate interest categories16.
The technical ability to collect information about Internet users is contingent largely on the ability to effectively store and use data in a cost-efficient manner. Considering the rapid development of such technology, there are few technical barriers for greater and unprecedented collection of personal data.
The online profiling industry
Due to the absence of any rules governing the practices of these companies, network advertisers may carry out their business in any way that they wish. In addition, online profiling represents a dramatic shift in the advertising world, raising the question of whether network advertisers should be in the practice of collecting personal information, such as names, mailing addresses, and email addresses, at all.
Some companies, like DoubleClick, plan to combine previously anonymous profiles with personally identifiable information such as names and addresses. These now personally identified profiles were then to be combined with information from the Abacus Direct database including credit card numbers, telephone numbers, and information about household income, family makeup and purchasing habits. Other companies, such as Engage, have continued to rely on anonymous profiles. While conducting anonymous profiling is preferable to profiles combined with personal information, there is little stopping Engage from doing the latter in the future. Information from Engage states that
Engage does not collect, and therefore can not combine Engage Knowledge information with your identifiable information. We are bound by this statement by United States consumer fraud legislation as well as by our agreements with TRUSTe, an independent organization that reviews our privacy practices17.
DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous. Since we do not have any information concerning names or addresses, we do not sell or rent any such information to third parties. Because of our efforts to keep users anonymous, the information DoubleClick has is useful only across the DoubleClick Network, and only in the context of ad selection18.
DoubleClick's earlier statements about the preservation of anonymity were later revised when that company chose to change its business model. Users who relied on the representations made by DoubleClick that it would collect only anonymous information subsequently learned that they would be profiled using personal data.
In addition to concern about the ease in which network advertisers can freely change their privacy practices, a great deal of skepticism should be paid to the common assertion of Internet advertisers that online profiling is necessary to keep many other websites free. For example, Jules Polonetsky, Chief Privacy Officer for DoubleClick stated in written testimony submitted to the Senate Commerce Committee on June 13 that
. . . publishers and ad servers must continue to customize and personalize web content and advertising so that users can get the information they want and web sites can generate the revenues necessary to stay in business and keep the Internet free19.
Many of these companies are losing money at an accelerating rate and will likely do so for the near future, throwing doubt on the future role of targeted advertising. Consider the condition of DoubleClick. In its 1999 10-K filing with the Securities and Exchange Commission under the heading "We have a history of losses and anticipate continued losses", the company states that
We incurred net losses of $4.0 million for the year ended December 31, 1996, $7.7 million for the year ended December 31, 1997, and $18.0 million for the year ended December 31, 1998. For the year ended December 31, 1999, we incurred a net loss of $55.8 million and, as of December 31, 1999, our accumulated deficit was $109.8 million. We have not achieved profitability and expect to continue to incur operating losses in the future20.
In addition, while total sales and revenues from targeted advertising have increased, click-through rates have fallen and unsold inventory has risen. Others in the Internet industry have pointed out that targeted advertising is not as profitable as it once was. For example, according to Ed Neumann, founder of a Arlington, VA based online company remarked in a recent Washington Post article that
At their peak in 1998, targeted banner ads, which are presented to a Web-site visitor based on some demographic information about the individual, commanded rates as high as $50 to $70 for every 1,000 viewers. Today, $10 for every 1,000 viewers is about top dollar . . .21
While we believe that cookies enhance your Web experience by limiting the repetitiveness of advertising and increasing the level of relevant content on the Web, they are not essential for us to continue our leadership position in Web advertising22.
Advertising has long reached many customers without collecting information from users and invading consumer privacy. In testimony before the Senate Commerce Committee, EPIC Executive Director Marc Rotenberg pointed out the dramatic shift that is taking place in the advertising industry.
Whether in the print world with magazine ads and billboards or the communications world with radio spots and TV ads, advertisers large and small have been able to reach their audience without collecting any personal information. This is true when 30 million people watch the same beer commercial on a television football game or when 30 people see an ad for a used kitchen table in the classified section of a morning newspaper. Advertisers communicate information to an audience without trying to create detailed profiles23.
Network advertisers are departing from a model of advertising focused on providing information about products to one built around collecting personal data from users. In doing so, they are invading consumer privacy and need to be bound by strong, enforceable rules protecting privacy.
Below is a summary and critique of key points in the principles agreed to by the Federal Trade Commission and the Network Advertising Initiative24:
Summary: The Principles dictate that network advertisers shall post "clear and conspicuous notice" on host websites, those websites that contain advertisements, whenever tracking is done. When the information collected may be linked with personal data, "robust" notice is provided.
Critique: The notice provided will likely be complex and confusing for many Internet users. The "clear and conspicuous notice" will contain several components including at least:
- Profiling activities undertaken by the network advertiser;
- what types of information to be collected
- if information will be transferred to third parties
- procedures for consenting to such data use
- the length of time that the data will be held by the network advertiser.
Notice disclosures will not only vary with respect to the network advertiser it is describing but also the host website on which it appears. Internet users may likely find out that no two privacy policies will ever be alike. Much of this problem rests on the fact that the other components of the NAI Principles below (consent and access in particular) also have several facets or are vague.
It is also largely unclear what "robust" notice would mean for Internet users, especially important since it will be provided when personal data is to be linked with anonymous data. According to the NAI Principles
For notice to be robust, the consumer must be afforded clear and conspicuous notice about the scope of the Non-PII that would be made personally identifiable and how the Non-PII will be used as a result of the merger25.
No helpful differentiation is offered between notice in all instances and "robust" notice in specific instances in which it is supposed to be used. Some guidance does appear in the Appendix D of the NAI Principles but no stringent guidelines are offered.
A standard of reasonableness should govern the interpretation of "clear and conspicuous" placement of notice disclosures. Employing a reasonableness standard means that NAI cannot establish hard-and-fast guidelines to determine what constitutes clear and conspicuous placement of adequate notice disclosure, because the Web publisher pages on which notice disclosures will appear are of infinite variety26.
Given the wide variety of privacy notices that already abound, it is difficult to say whether these notices will be easy to find, easy to find, or sufficiently "robust".
1. Opt-out of profiling
2. Opt-in for merging of previously collected anonymous information with personally identifiable information
3. "Robust" opt-out for having personally identifiable information linked to profiles in the future
1. Opt-out is an insufficient standard for the collection of information from users. Online profiling is usually done secretively, through the placement of cookies via banner advertisements or invisible web bugs. As most Internet users do not realize that online profiling is occurring at all, opt-out places an unreasonble burden on consumers to indicate their preference to NOT be tracked. Any company that tracks users, anonymously or otherwise, should not do so until until the user opts-in, affirmatively agrees to allow it to occur.
2. Opt-in for the merging of information previously collected as anonymous data is impermissible because it violates earlier statements that the company had made to Internet users. Such a practice essentially constitutes a deceptive and unfair business practice under Section 5 of the FTC Act, as alleged in the EPIC Complaint of February 10, 2000.
3. "Robust" opt-out for having names linked to profiles (besides the vagueness it implies as with "robust" notice) is an unacceptable and burdensome standard. Linking names to profiles without permission does not allow consumers to have sufficient control over the linking of personally identifying information to anonymous data. Any consent to the merging of personal information to anonymous information should be conditioned on the ability to view the information in question and being allowed to update and delete data at the discretion of the Internet user.
Furthermore, it should be noted that the public strongly supports higher common-sense standards for the collection of personal information. The Business Week/Harris poll from this past March found that 77% of respondents wanted opt-in "all the time" before information about browsing habits or shopping patterns is collected. In addition, 86% of those polled wanted opt-in for all collection of personally identifable information such as name, address, and phone number27.
Summary: Network advertisers should provide reasonable access.
Critique: There is no baseline expectation of the level of access that will be provided by any of the network advertisers. As with notice, access may come in an almost infinite, likely confusing array. There is also the looming possibility that many network advertisers will decide not providing any access at all is reasonable.
The FTC's report cites earlier statements in saying that
[w]hile Access is widely recognized as an important fair information practice, the Commission believes that Access presents unique implementation issues that require consideration before its parameters can be defined28.
These statements ignore the fact that access provisions exist in several laws including the Fair Credit Reporting Act29 and the Privacy Act30. Irrespective of the level of access provided, the NAI Principles do not provide any baseline whatsoever to what information consumers should have access, thus, like the above principles, letting businesses set to what standards they should conform. Further, Senator John McCain emphasized at a Congressional hearing on June 25 that access would be a reasonable requirement for online advertisers.
I think I should have access -- very frankly, I think I should have access to any information that is collected about me and conclusions that are drawn about me. I think that's the right of citizens . . .31
Summary: Network advertisers shall provide a reasonable amount of security for stored data.
Transfer to third parties
Summary: There is no limitation to which third parties may receive information in the possession of network advertisers. Any third party must abide by Online Privacy Alliance Guidelines which mandate only an opt-out before information is transferred to a third party for a purpose unrelated to which it was originally collected32.
Critique: Opt-out will effectively allow network advertisers to sell or transfer information to any company or individual they may choose without the permission of the data subject. This insufficient protection also erodes many key concepts of privacy protection which prohibit information from being used in ways different than its original purpose without consent33.
Summary: Network advertisers would work with a third-party enforcement program, such as a seal program, or as an alternative, submit to independent auditors for examinations.
Critique: Many seal programs have in the past been reluctant to pursue licensees that have committed privacy violations34. In addition, there is no precise discussion of what sanctions may occur for what types of violations and no discussion of damages to those injured by actions that violate these principles. Most significantly, there is no remedy when violations of these principles occur and no mechanism for individuals to pursue complaints.
Privacy principles for online profiling
Profile-based advertising should not be the standard for the advertising industry. Despite recent trends, the Internet and related technologies can increase interaction between companies and consumers while protecting privacy. Due to the lack of any privacy standards, many network advertisers have chosen not to take advantage of such tools. Establishing a baseline standard based on enforceable Fair Information Practices would encourage the adoption of more innovative incorporation of privacy protection. It should also be noted that polls suggest that many people prefer government action to industry-created standards. The same Business Week / Harris poll mentioned above reported that 57% of respondents supported government laws for protecting online privacy while only 15% believed that the government should allow industry groups to develop voluntary privacy standards35.
The following principles are presented as the minimum necessary to protect the privacy of Internet users:
1. Disclosure. Descriptions of what data is being collected and how it is being used should be displayed on websites allowing network advertisers to operate on their pages, websites under the direct control of these companies, and on their own websites. The use of any information collected should be limited to those specified in this disclosure. If a company decides to change their privacy practices, such updated policies should be altered on all of the aforementioned locations and all information collected under earlier policies should only be used as detailed at the time the data was originally collected.
2. Collection of Non-Personally Identifiable Information. The collection of non-PII should be exclusively opt-in. Consent is necessary due to lack of reassurance that consumers have that non-PII will not be linked to personally identifiable information. For example, DoubleClick had been collecting non-PII from Internet users that had no expectation that the company would ever try to link that non-PII to PII. Also, while not strictly a privacy concern, companies may choose to use even anonymous profiles in way that may affect content and services online. All information from and about Internet users should be collected in a transparent and informed manner. Opt-in promotes this responsible business-customer relationship.
3. Collection of Personally Identifiable Information. As in other realms, all collection and use of PII should only be conducted with the express consent of the Internet user.
4. Linking of Non-Personally Identifiable Information to Personally Identifiable Information. All linking of non-PII to PII should be done after making the user aware of all information that is to be joined and with his or her informed consent. At the least, informed consent entails that the network advertiser should make available all data to be linked and plans for what data they plan to collect in the future.
5. Access. For Internet advertisers, the Internet user should be able to view, correct, and delete all of his or her information at any time for any reason. The scope of the information that can be accessed includes all information that can be identified with that particular individual. Satisfactory authentication procedures should be in place to ensure that each Internet user only has access to his or her own information. By establishing that all information is collected on an opt-in basis only, the authentication procedures can be established at the time of opt-in.
6. Security. All data should be collected from reliable sources, measures should be taken to maintain the quality and the accuracy of the information, and there should be adequate protections against unauthorized access.
7. Effective Date. Given the increasing reach of the network advertising industry and the privacy risks involved, all companies belonging to the Network Advertising Initiative should adopt these principles immediately. Also, network advertisers not belonging to the consortium should also sign-on.
8. Enforcement. The above principles should be incorporated into appropriate legislation and enforcing these requirements should fall to the proper governmental oversight agencies. Such an oversight agency should confirm compliance with these principles through annual audits. The results of the annual reviews should be made easily publicly available with appropriate monetary penalties for those companies that fail to comply with these standards.
1. Testimony and Statement for the Record of Marc Rotenberg, Director Electronic Privacy Information Center, Hearing on S. 809, The Online Privacy Protection Act of 1999, Before the Subcommittee on Communications Committee on Commerce, Science and Transportation, U.S. Senate, July 27, 1999, http://www.epic.org/privacy/internet/EPIC_testimony_799.pdf.
2. See "Some Net surfers say cookies crummy", USA Today, August 23, 1999; The Boston Globe Upgrade Column, Boston Globe, September 9, 1999; "What they know about You", Baltimore Sun, October 11, 1999; "Do you think you surf the Web anonymously?", San Diego Union-Tribune, October 19, 1999; "Time to Let the Cookies Crumble?", Washington Post, November 4, 1999; "Click and Dagger: Is the Web Spying on You?", Time, November 22, 1999; "Getting Personal", Newsweek, November 22, 1999; "Web ads fuel privacy fears", Cincinnati Enquirer, November 28, 1999; "Online profiling on the rise", San Jose Mercury News, January 13, 2000; "DoubleClick's Double Cross", Boston Globe, January 27, 2000; "Privacy Issues", Detroit News, January 30, 2000. Also see http://www.epic.org/doubletrouble/ for other archived news items.
4. For more background information, visit http://www.epic.org/doubletrouble/.
5. In the Matter of DoubleClick, Complaint and Request for Injunction, Request for Investigation and for Other Relief, before the Federal Trade Commission, http://www.epic.org/privacy/internet/ftc/DCLK_complaint.pdf.
6. "STATEMENT FROM KEVIN O'CONNOR, CEO OF DOUBLECLICK", http://www.doubleclick.net/company_info/press_kit/pr.00.03.02.htm.
7. Business Week/Harris Poll: A Growing Threat, March 20, 2000, http://www.businessweek.com/2000/00_12/b3673010.htm.
8. Materials related to the "Public Workshop: On-line Profiling", http://www.ftc.gov/bcp/profiling/index.htm. Also see Prepared Statement of The Federal Trade Commission, "Online Profiling: Benefits and Concerns", Before the Committee on Commerce, Science, and Transportation United States Senate, June 13, 2000, http://www.ftc.gov/os/2000/06/onlineprofile.htm.
9. For statements submitted prior to the hearing, http://www.senate.gov/~commerce/hearings/hearings.htm.
10. A scanned image of the letter is available at http://www.epic.org/privacy/internet/pitofsky_letter_0600.jpeg. Physical copies are available upon request.
11. Information pertaining to members of the Network Advertising Initiative can be found at http://www.networkadvertising.org
12. Descriptions of marketing uses of profiles not related to banner advertisements, http://advernet.org/engage-white.html.
13. "Weblining", Business Week, April 3, 2000, http://www.businessweek.com/2000/00_14/b3675017.htm. Also see "Kozmo Delivers 'Consumer Racism'?", MSNBC, April 12, 2000, http://www.zdnet.com/zdnn/stories/news/0,4586,2534749,00.html.
14. To find the number of web bugs used on pages by Internet advertisers, use http://www.tiac.net/users/smiths/privacy/wbfind.htm.
15. DoubleClick Inc. 1999 Form 10-K Annual Report, page 4. The Annual Report can be downloaded from http://ir.doubleclick.net/ireye/ir_site.zhtml?ticker=DCLK&script=700.
16. "Engage - Profiling Philosophy", http://www.engage.com/privacy/profiling.htm.
17. "Engage - Privacy Frequently Asked Questions", http://www.engage.com/privacy/privacyfaq.htm#Anonymity. Also see note 33 for information regarding TRUSTe.
19. Testimony of Jules Polonetsky, Chief Privacy Officer, DoubleClick, Inc. before the Senate Committee on Commerce, Science, and Transportation, June 13, 2000, http://www.senate.gov/~commerce/hearings/0613pol.pdf.
23. Testimony and Statement for the Record of Marc Rotenberg, Executive Director Electronic Privacy Information Center, On Internet Privacy and Profiling, Before the Senate Commerce Committee, United States Senate, June 13, 2000, http://www.epic.org/privacy/internet/senate-testimony.html.
24. Online Profiling: A Report to Congress, Part 2, Recommendations, Federal Trade Commission, July 2000, http://www.ftc.gov/os/2000/07/onlineprofiling.htm. Network Advertising Initiative Self-Regulatory Principles for Online Preference Marketing by Network Advertisers, http://www.ftc.gov/os/2000/07/NAI%207-10%20Final.pdf. Also see Online Privacy Alliance Guidelines for Online Privacy Policies, http://www.privacyalliance.org/resources/ppguidelines.shtml.
26. Network Advertising Initiative Self-Regulatory Principles, page 20. There is also some discussion of "robust" in Online Profiling: A Report to Congress under "Choice". However, it is difficult to say whether these will always be true or are provided as examples.
"Robust" notice and opt-out choice (appearing at the time and place of information collection and before data is entered) is required for prospective use of personally identifiable information for profiling, including the merger of personally identifiable online and offline data.
(a) Information on file; sources; report recipients. Every consumer reporting agency shall, upon request, and subjectto 610(a)(1), clearly and accurately disclose to the consumer:(1) All information in the consumer's file at the time of the request, except that nothing in this paragraph shall be construed to require a consumer reporting agency to disclose to a consumer any information concerning credit scores or any other risk scores or predictors relating to the consumer.
Each agency that maintains a system of records shall--(1) upon request by any individual to gain access to his record or to any information pertaining to him which is contained in the system, permit him and upon his request, a person of his own choosing to accompany him, to review the record and have a copy made of all or any portion thereof in a form comprehensible to him . . .
Additionally, in the vast majority of circumstances, where there is third party distribution of individually identifiable information, collected online from the individual, unrelated to the purpose for which it was collected, the individual should be given the opportunity to opt out.
33. Organization for Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, "PART TWO. BASIC PRINCIPLES OF NATIONAL APPLICATION", "Purpose Specification Principle" and "Use Limitation Principle", http://www.oecd.org/dsti/sti/it/secur/prod/PRIV-EN.HTM.
34. See "TRUSTe Declines Real Probe", Wired News, November 9, 1999, http://www.wired.com/news/technology/0,1282,32388,00.html; "All Eyes on Hotmail Audit", Wired News, September 10, 1999, http://www.wired.com/news/technology/0,1282,21691,00.html; "Microsoft Off Truste's Hook", Wired News, March 22, 1999, http://www.wired.com/news/technology/0,1282,18639,00.html.