Privacy by Design - Part 4
Companies should simplify consumer choice
Companies do not need to provide choice before collecting and using consumers' data for commonly accepted practices, such as, product fulfillment
The draft identifies five common accepted practices where companies should not be required to seek consent once the consumer elects to use the product or service in question:
- Product and service fulfillment- where consumer's private data is collected during the ordering process such as, shipping and credit card details.
- Internal operations - where consumers are asked to fill in customer satisfaction surveys from existing customers or the collection of websites visits and click through rates to improve site navigation.
- Fraud prevention - where fraud detection services are used to monitor against fraud such as, checking drivers' licenses when consumers pay by check.
- Legal compliance and public purpose - where businesses report a consumer's delinquent account to a credit bureau.
- First-party marketing - where businesses recommend products or services based upon consumer's prior purchases or offer discount coupons on other services or products.
The practices mentioned above are quite obvious and broadly accepted. For instance, a business collecting the consumer's address solely to deliver a product the consumer ordered should not be added with the extra burden of privacy policies choices. These are obvious engagements according to the draft. Other commonly accepted practices include ISPs monitoring data transmissions for reasons related to providing Internet service, such as to ensure that their service is not interrupted or to detect and block the transmission of computer viruses or malware. This excludes the ISP collecting data to create detailed profiles of users for marketing purposes. Finally, are these commonly accepted practices too broad or too narrow? Do they apply to different business contexts?