Page 254 - E-Bussiness and E-Commerce Management Strategy, Implementation, and Practice
P. 254
M04_CHAF9601_04_SE_C04.QXD:D01_CHAF7409_04_SE_C01.QXD 16/4/09 11:11 Page 221
Chapter 4 E-environment 221
privacy may be infringed. In 2003 an interesting survey on the perception and behav-
iour with regards to cookies was conducted on cookie use in the UK (RedEye, 2003).
Of the 1,000 respondents:
50% had used more than one computer in the last three months;
70% said that their computer was used by more than one person;
94% said they either accepted cookies or did not know what they were, although
20% said they only accepted session cookies;
71% were aware of cookies and accepted them. Of these, only 18% did not know
how to delete cookies, and 55% of them were deleting them on a monthly basis;
89% knew what cookies were and how to delete them and said that they had
deleted them once in the last three months.
Legal constraints on cookies
The new PECR law limits the use of cookies. It states: ‘a person shall not use an elec-
tronic communications network to store information, or to gain access to information
stored, in the terminal equipment of a subscriber or user unless the following require-
ments are met’.
The requirements are:
(a) the user is provided with clear and comprehensive information about the purposes
of the storage of, or access to, that information; and
(b) is given the opportunity to refuse the storage of or access to that information.
Privacy statement (a) suggests that it is important that there is a clear privacy statement and (b)
Information on a web site suggests that opt-in to cookies is required. In other words, on the first visit to the
explaining how and why
an individual’s data are site, a box would have to be ticked to agree to the use of cookies. This was thought
collected, processed and by many commentators to be a curious provision since this facility is already avail-
stored.
able in the web browser. A further provision clarifies this. The law states: ‘where
such storage or access is strictly necessary for the provision of an information
society service requested by the subscriber or user’. This indicates that for an
e-commerce service session cookies are legitimate without the need for opt-in. It
is arguable whether the identification of return visitors is ‘strictly necessary’ and
this is why some sites have a ‘remember me’ tick box next to the log-in. Through
doing this they are compliant with the law. Using cookies for tracking return visits
alone would seem to be outlawed, but we will have to see how case law develops
over the coming years before this is resolved.
Viral e-mail marketing
Viral marketing One widespread business practice that is not covered explicitly in the PECR law is ‘viral mar-
In an online context, keting’. The network of people referred to in the definition is more powerful in an online
‘Forward to a friend’
e-mail used to transmit a context where e-mail is used to transmit the virus – rather like a cold or flu virus. The com-
promotional message bination of the viral offer and the transmission medium is sometimes referred to as the ‘viral
from one person to
another. ‘Online word of agent’. Different types of viral marketing are reviewed in Chapter 9, p. 524.
mouth.’ There are several initiatives that are being taken by industry groups to reassure web users
about threats to their personal information. The first of these is TRUSTe (www.truste.org), spon-
sored by IBM and with sites validated by PricewaterhouseCoopers and KPMG. The validators
will audit the site to check each site’s privacy statement to see whether it is valid. For example, a
privacy statement will describe:
how a site collects information;
how the information is used;
who the information is shared with;
