Federal Agency Web Policy Worrisome to EPIC
Via beSpacific and the Electronic Privacy Information Center come links to new guidelines (.pdf) for federal agencies using "web measurement and customization technologies," i.e., information storage and tracking software.
EPIC seems concerned about the "Clear Notice and Personal Choice" policy, which it dubs both "weird" and "remarkable," based on an apparent concern that it allows agencies to "routinely disclose personal information of citizens to private companies." I read the memo to say that, where personal information is collected and stored, the agencies will be required to abide by a stricter opt-in policy, rather than the opt-out allowable for more benign preferences-type information. The policy defines "Tier 3" usage as follows:
Tier 3 -- multi-session with PII [Personally Identifiable Information]. This tier encompasses any use of multi-session web measurement and customization technologies when PII is collected (including when the agency is able to identify an individual as a result of its use of such technologies).
And the policy goes on to state:
Tier 3 restrictions. Agencies employing Tier 3 uses must use opt-in functionality.
So, on my reading, agencies are required to get users' express consent to store and use personal information.
EPIC also links to companion guidelines on agencies' use of third-party websites (.pdf) for purposes of communicating with the public.
Posted by Eric Lipman on June 29, 2010 at 12:22 PM | Permalink
| Comments (0)