Privacy Policy Drafting Lessons From The Presidential Inaugural Web Site

Privacy policies seem very easy to draft, until you actually deal with the complexities of explaining the technicalities of information collection and sharing. One key lesson that is well known is to be very careful of simply cutting and pasting from other web sites. You are bound to make mistakes by using language that is at odds with your actual practices.

Consider these doozies from the web site of the 58th Presidential Inaugural Committee.

"Since most of the entertainment discussed on this site is not accessible to those under 21 years of age, we expressly do not target and are not seeking to do business with those under the age of 18." 

Well, this seems to be copied from a casino web site, unless there is an adult entertainment or gambling section not accessible to those under 21 on the inaugural site?

"Personal information that you provide that is not Personal Information also resides on a secure server and is only accessible via password, viewable to employees and contractors of 58th Presidential Inaugural Committee."

Personal information that you provide that is not Personal Information? Huh?

Use of Cookies for Advertising - We use third party service providers to serve and host our advertisements. These third parties use persistent cookies to track the number of times our site is accessed and whether the site was accessed from the advertisement........In addition, we do not use cookies to gather information concerning your visits to other websites....Pixel Tags: The third party service providers mentioned above serve and host our advertisements on other sites. To track the effectiveness of our advertisements on other sites, we use pixel tags (also known as clear gifs, beacon gifs, 1-by-1 gifs, or web bugs). Pixel tags are not visible to the user of the site and consist of a few lines of computer coding. If you are visiting our site from an advertisement on another site, the pixel tag references the cookie you received when you clicked on the advertisement.

So this says that our vendors DO track you across other web sites using cookies. And then it says we DO NOT track your visits to other web sites with cookies. And then it says we DO use cookies to track the ads you see on other sites with cookies.

We do provide some of our services through contractual arrangements with affiliates, services providers, partners and other third parties (collectively, “service partners”). We and our service partners use your Personal Information to operate our sites and to deliver their services. For example, we must release your credit card information to the card-issuing bank to confirm payment for any products and services purchased on this site; release your address information to our service partners in order to fulfill the contracts into with we may enter with you; and provide order information to third parties that help us provide customer service.

We will encourage our service partners to adopt and post privacy policies. However, the use of your Personal Information by our service partners is governed by the privacy policies of those service partners, and is not subject to our control.

We have vendors that we provide your personal information, but we have no control over what they do. What kind of negotiating is that?

However, we can end this column with some good news. The policy says: Unless we obtain your express authorization, we do not sell, trade, or rent your Personal Information to others. Political organizations almost always share or rent their email lists with other political committees, with candidates or with like-minded causes. IF this clause was intended, it's very nice to see.

Trump supporters, don't be offended - The Obama team stumbled into a cookie related privacy flap on their transition team web site and then on the White House web site on the first day of the new Administration. Even with top legal talent around, privacy is hard to get right. Take counsel from the tech and legal privacy experts at the agencies and in the privacy practitioner community.