Do You Know Where Your Data Is? A Study of the Effect of Enforcement Strategies on Privacy Policies

Numerous countries around the world have enacted privacy-protection legislation, in an effort to protect their citizens and instill confidence in the valuable business-to-consumer E-commerce industry. These laws will be most effective if and when they establish a standard of practice that consumers can use as a guideline for the future behavior of e-commerce vendors. However, while privacy-protection laws share many similarities, the enforcement mechanisms supporting them vary hugely. Furthermore, it is unclear which (if any) of these mechanisms are effective in promoting a standard of practice that fits with the social norms of those countries. We present a large-scale empirical study of the role of legal enforcement in standardizing privacy protection on the Internet. Our study is based on an automated analysis of documents posted on the 100,000 most popular websites (as ranked by Alexa. com). We find that legal frameworks have had little success in creating standard practices for privacy-sensitive actions.