FTC Hears Debate About Whether Privacy Polices Can Work

You might not expect consumer advocates to laud a major bank these days, but Chase has done at least one thing that privacy expert Chris Hoofnagle finds praiseworthy: The company came up with a clear way to inform checking account customers that they will lose their overdraft protection unless they opt in.

Speaking at the Federal Trade Commission's roundtable discussion about online privacy, Hoofnagle, a lecturer at the UC Berkeley law school, noted that Chase's document includes passages in red ink that tell consumers in no uncertain terms that debit card transactions will be denied if they don't have money in their account, unless they sign up for overdraft protection. "We don't see privacy notices that say anything that clearly or that urgently," Hoofnagle said. Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University School of Law - Bloomington, was likewise critical, calling privacy policies "an unmitigated disaster." He proposed that once the FTC decided to enforce privacy policies as if they were contracts, any hope that such policies would communicate information was lost. That's because companies loaded up their policies with legalese-ridden terms that were aimed more at avoiding liability than at explaining to Web users how their data was being collected and used.