[3][4] Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.
The exact contents of a certain privacy policy will depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions.
In 1969 the Organisation for Economic Co-operation and Development (OECD) began to examine the implications of personal information leaving the country.
All this led the council to recommend that policy be developed to protect personal data held by both the private and public sectors, leading to Convention 108.
[5] In the United States, concern over privacy policy starting around the late 1960s and 1970s led to the passage of the Fair Credit Reporting Act.
One such group was an advisory committee of the United States Department of Health and Human Services, which in 1973 drafted a code of principles called the Fair Information Practices.
In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program.
[13] In some cases, private parties enforce the terms of privacy policies by filing class action lawsuits, which may result in settlements or judgments.
The California Online Privacy Protection Act of 2003 – Business and Professions Code sections 22575-22579 requires "any commercial websites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site".
[26] Both Nebraska and Pennsylvania have laws treating misleading statements in privacy policies published on websites as deceptive or fraudulent business practices.
[27] Canada's federal Privacy Law applicable to the private sector is formally referred to as Personal Information Protection and Electronic Documents Act (PIPEDA).
The purpose of the act is to establish rules to govern the collection, use, and disclosure of personal information by commercial organizations.
The Commissioner investigates complaints, conducts audits, promotes awareness of and undertakes research about privacy matters.
Article 8 of the ECHR provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions.
In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program.
Since 2010 Safe Harbor is criticised especially by German publicly appointed privacy protectors because the FTC's will to assert the defined rules hadn't been implemented in a proper even after revealing disharmonies.
This applies when a corporate body possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates.
These implementations also require users to have a minimum level of technical knowledge to configure their own browser privacy settings.
In June 2009 the EFF website TOSback began tracking such changes on 56 popular internet services, including monitoring the privacy policies of Amazon, Google and Facebook.
[55] Privacy policies suffer generally from a lack of precision, especially when compared with the emerging form of the Data Use Statement.
One study uses natural language processing and deep learning as a proposed solution to automatically assess the efficiency of companies' privacy policies, in order to help the users become more aware.