Over on Emergent Chaos, Adam Shostack ponders over a privacy policy:
It turns out that it’s very hard to subscribe to many podcasts without talking to Podtrac.com servers. (Technical details in the full post, below.) So I took a look at their privacy statement:
Podtrac provides free services to podcasters whereby Podtrac gathers data specific to individual podcasts (e.g. audience survey data, content ratings, measurement data, etc). This podcast data is not considered personally identifiable information and may be shared by Podtrac with member advertisers. (“Podtrac Client Privacy Statement,” undated, unversioned.)
It’s not clear to me who doesn’t consider what they collect to be personal data, because the passive voice is annoyingly used. So I’ll ask: precisely what data is collected? And under what set of laws or even perspectives is the data they’re collecting is not considered personally identifiable? For example, are they collecting IP addresses, which I understand are PII in the EU?
Enquiring minds with privacy officials might want to ask those officials.
Read more on Emergent Chaos.
I think Adam’s demonstrated great consumer behavior in looking at the policy and questioning it. I’m not sure who, though – other than a consumer – would pose this question to them in our country, where their servers seem to be located. Maybe in the future we will see privacy policies that tell us which laws the entity asserts they are in compliance with.