Skip navigation

FTC URGES PRIVACY CAUTION FOR ON-LINE GROCERS

SAN DIEGO -- Players in the on-line grocery business, and even those considering joining the game, need to pay close attention to the national debate raging about Internet privacy, said Charles Harwood, director of the Federal Trade Commission's Northwest Region, Seattle, during the iGrocer conference here last month.The privacy rules and laws that apply to other types of retailers, such as Amazon.com,

SAN DIEGO -- Players in the on-line grocery business, and even those considering joining the game, need to pay close attention to the national debate raging about Internet privacy, said Charles Harwood, director of the Federal Trade Commission's Northwest Region, Seattle, during the iGrocer conference here last month.

The privacy rules and laws that apply to other types of retailers, such as Amazon.com, apply equally to on-line grocers, he said. Because they collect even more sensitive data, they need to take more precautions, Harwood told SN after his presentation.

"Because of the volume of information that grocers collect, they need to be very careful about the security of the information," he said. "Unlike a bricks-and-mortar grocer who may be collecting sales information but isn't necessarily collecting very much information about the individual shopper, an on-line grocer is collecting not only information about products being sold, but also personal, identifiable information.

"The potential exists at least to tie all that information together, that kind of extraordinarily personal information needs to be safeguarded to a very high degree."

In his presentation, Harwood listed four information practices that at this time are suggested by the FTC:

Provide notices of the kinds of privacy policies the retailer embraces.

Explain to consumers the kinds of choices they have as to what information they want to provide.

Tell consumers the kind of access they have to the information that is collected from them.

Tell consumers what kind of security steps have been taken to ensure that the information not be disclosed.

"The FTC has recommended that these four fair information practices be incorporated into some kind of legislation," he said.

Shortly after Harwood's presentation at the iGrocer conference, Sen. John McCain (R-Ariz.), chairman of the Senate Commerce Committee, introduced a bill doing just that. The legislation would enable consumers to sue companies with Web sites that violate the bill's provisions for up to $22,000.

Following McCain's announcement, the FTC commended a plan by a group of major Internet advertising companies, the Network Advertising Initiative, that contained many of the FTC's recommendations. However, the FTC will continue to push for the legislation as the NAI includes only a small percentage of Internet advertisers.

Citing a 1999 research study, Harwood said 93% of all commercial Web sites collected personal information from consumers, but only 10% of those embraced the four practices of notice, choice, access and security, as recommended by the FTC.

Another study found the use of privacy disclosures in the most popular Web sites increasing, from 71% in 1998 to 93% in 1999 and 100% in 2000. "But when you begin to look at what kind of information they are providing, you run into problems," he said.

Only 42% of the most popular Web sites complied with all four of the FTC's recommendations, and in a separate random sample of all web sites, only 20% followed all the recommendations.

When it came to third-party cookie placement on consumer's computers, 78% of the most popular Web sites allowed cookie placement and 51% posted a notice. The random sample of all web sites found that 57% allowed cookie placement, with 22% posting a notice.

Another problem found by the FTC was inconsistent language about privacy, even within the same Web site, he said. "Often there is ambiguous language about what would happen if you did not want to provide information or have information removed," Harwood said.