Privacy seal
A privacy seal is a type of trust seal or trustmark granted by third party providers for display on a company's website. Companies pay an annual fee to have an image of the third party provider's seal pasted onto their homepage or privacy policy page. Users can oftentimes click on the seal and be redirected to the web assurance seal service's website which verifies the validity of the privacy seal. They are meant to act as a visual assurance for consumers that the website in question meets a certain standard of privacy. The idea of a privacy seal originates with its physical manifestation – companies have long sought seals of approval like Good Housekeeping to be placed on their tangible products in order to draw in customers who value "quality". While all web assurance seal services follow the guidelines set by the Federal Trade Commission, some providers may have additional requirements. Checks are then conducted on a regular or random basis to ensure compliance. Privacy seals can be applied to various types of e-commerce websites. Some seal providers even create a special privacy seal that is geared toward a certain product like mobile apps or accounting. There are many privacy compliance technology companies, most notably TRUSTArc, CPA Canada WebTrust, PwC Privacy and BBBOnline.
The U.S. does not regulate e-commerce privacy as stringently as Europe or other countries in the world. With this in mind, U.S. companies have more freedom when it comes to disclosure notices and selling data to third parties for advertising purposes. American based privacy seal companies make a pivot toward the broader field of reliability assurance and complaint resolution in the European marketplace. Privacy seals also have a major presence in the accounting industry of Canada and in general e-commerce in Japan and South Korea.
Privacy seals are meant to boost customers' perception of a company's website safety and regard for their privacy protection. Web assurance seal services also aid in online dispute resolution. A hot button public policy issue has been whether the U.S. government should regulate privacy in e-commerce. Past controversies and concerns have caused the need for privacy seals to come into question.
Origin
Privacy seals have been around since the 1990s – with the TRUSTArc seal program being founded in 1996 and BBBOnline's in 1998. Privacy seals are self-regulatory tools that were invented to combat privacy concerns without governmental legislation. With the rise of e-commerce, it became apparent that privacy concerns were deterring potential customers. When purchasing online, customers are prompted to provide private information such as name, address, credit card information, and sometimes age or birthdate. This information can be sold to third-parties for advertising purposes or be used by the company for data profiling purposes. Companies can price discriminate by using the information collected to predict the highest price point a customer is willing to pay.Except for Federal Trade Commission guidelines, first established in a 1999 report, privacy protection is mainly self-regulated in the United States. Self regulators argue that governmental intervention would harm e-commerce because its inflexibility does not allow for each company to experiment with their policies and disclosures. They believe that legislative practices are too slow and bureaucratic to be effectual; this makes regulations more burdensome than helpful in e-commerce. Self regulation allows for quick adaptations that will ultimately create the most ideal privacy practices. In theory, businesses will be forced to create privacy policies that satisfy customers' concerns because their economic success relies on being able to draw in more and more customers. Because privacy is a major concern for customers, they will purchase from websites they feel secure using. This relation between a consumer's perception of a company's website and their intention to purchase is the cornerstone of privacy seals.
Some detractors of self regulation and laissez faire regulation believe a "race to the bottom" effect will occur if there are no regulatory penalties. Strauss et al. found that seal programs seem effective in regards to privacy but believes lack of regulation is why privacy seals have not seen high rates of participation. They note the conflict resolution and investigative aspect of privacy seal programs, but state that they have limited power to redress the situation. They are not given any powers for punitive action against companies in violation of privacy standards. Research by Jamal et al., however, suggests that lack of regulation should not be a concern. Even without governmental or financial threats, e-commerce companies still adopt policies and practices of privacy protection and disclosure. This is despite no general federal or state law requiring them – there are slight overlaps in the case of protecting health information or children. Proponents of governmental regulation believe legislation would officialize rules that are already being followed by many already. FTC guidelines are already followed by most companies. Proponents also state that legislation in the United States could be less specific than the European Union's – wiggle room for how a business uses the data collected could still exist.
Privacy seals assure consumers that a company is taking measures to protect their privacy and data. Companies must undergo a process of inspection by the seal provider to make sure they meet certain standards. Checks are then conducted regularly to ensure compliance. Although FTC guidelines act as a bare minimum, additional standards can differ between seal providers. For example, SecureAssure resorts to an opt-in practice rather than disclosure measures. They do not allow companies participating in their seal certification service to share any information beyond its primary use – i.e. no selling to advertisers. People using these websites must opt-in to receive promotional material. Privacy seals usually come with a fee that ranges from a few hundred to several thousand U.S. dollars. The Entertainment Software Rating Board Privacy Certification program utilizes a sliding scale that is based on the annual revenue of the company seeking certification.
Many privacy seal providers also serve as complaint resolution services. Participating seal service providers mediate conflicts between customers and the website in which their seal is displayed. They will also on occasion launch a formal investigation. The most severe action a privacy seal provider can enact is revoking the privacy seal from a company and thus producing negative attention. Action cannot be taken to remove the website or to enact a sizable financial penalty.
Uses
Privacy seals can be placed on many different types of e-commerce websites. Companies may also have different motives for wanting a privacy seal. Studies in the past have looked at the effectiveness of privacy in general e-commerce, as well as in specific categories like loan providers, travel booking, and online bookstores. ESRB has several types of privacy seals. Their Kids Online Compliance seal certifies companies whose target market are children. There are special laws that stipulate extra measures of protection and privacy for children – e.g. Children's Online Privacy Protection Act. This seal is meant to indicate compliance to those additional standards. ESRB entered the privacy assurance space in 1999 and also introduced a privacy seal for mobile app services in 2013.A study conducted by Mai et al. examined online stores that sold e-books, textbooks, and audiobooks found that websites with privacy seals are able to charge a price premium because customers are willing to pay more if the website is deemed "safer" by them. Customers' perception of trustworthiness results from the presence of a privacy assurance tool like a privacy seal and the reputation of the company in question. Customers using websites with seals have higher rates of satisfaction and intention to purchase again. Privacy seals also desensitizes customers' perceptions of service performance. Kimery et al. found in their study that privacy seals only had a slightly positive impact on trust where unfamiliar e-commerce retailers were concerned. This means that well-known brick and mortar companies may after consideration decide that privacy seals are not worthwhile.
While privacy seals do not inform users about privacy like disclosure notices, they serve as a learning tool. Users can go to the seal provider's website to learn what privacy protection practices are used by the participating company, as well as if the company is in good standing.
Privacy seals do not make customers more informed about their internet safety. This is because most customers do not read privacy policies and therefore do not know the actual policies and privacy practices of a company. Still, company privacy practices usually align with what customers' expect in websites with privacy seals. Even though most customers do not take the extra step of clicking the seal, there is still accountability. Privacy seal providers would lose business if they did not uphold privacy and data protection to a certain extent or did not shape their policies to the desires of customers. Additionally, a study by Ruppel et al. which followed four fledgling websites states that businesses will build websites to reflect their values. A brick and mortar store that has established trust with consumers would be unlikely to build a website that would jeopardize that relationship. For this reason, websites may start off with the intention to promote product rather than facilitate actual transactions.
Effectiveness
There are four main privacy seal providers: TRUSTArc, BBBOnline, WebTrust, and PwC Privacy. Companies must make a decision on how much they want to pay, in addition to deciding which seal provider is the best fit. Companies can fall into the same trap that users fall into: perception of trust. Reputation from brick and mortar companies often translates to the online business place even though it may be unearned. When BBBOnline first started they had less clients then the already established TRUSTArc, but they were able attract big clients like American Airlines, eBay, Dell Computers, and AT&T. This is because they were already established as the Better Business Bureau, a global credential evaluator, in the brick and mortar marketplace.Sheng et al. used eye tracking in their experiments to determine what draws consumers' attentions and the amount of information retained. They found that regardless of risk condition, fixation times were longer for privacy icons then for privacy text or non-privacy content.
Research by Miyazaki et al. has compared perceived risk in e-commerce to other forms of shopping, more specifically mail order and purchases made by telephone. They found that consumers perceive online shopping as more dangerous than these other methods, but privacy seals are effective in mitigating concerns.
Although privacy seals have shown to work in attracting customers, they have experienced limited success. In the case of the WebTrust privacy seal program which is a joint venture between the U.S. and Canada, a study was done to determine the cause of its slow growth. The authors of this study, Lala et al. suggest it might be a marketing issue. Consumers are unaware of what privacy seals look like, as well as their purpose. BBBOnline Privacy Seal service ceased taking new applicants in 2007 and stopped their service in 2008, but this has not stopped websites from displaying their privacy seal to this day.