Privacy settings need to be opt-out, not opt-in warns DLA Piper

Internet users could be leaving their personal data exposed by not checking or changing their privacy settings, according to new research commissioned by global legal services organisation, DLA Piper. The vast majority of internet users (83%) have never read or don’t remember ever reading the terms and conditions or privacy statements relating to the search engines they use despite the fact that their search data can be stored for up to 18 months and often not deleted or anonymised.

In the week that sees Google celebrate its 10 year anniversary, the YouGov research reveals that search engine users remain unconcerned about their privacy when browsing online. This is despite the fact that over one in ten (13%) have had experience of their private information being accessed or misused online. Internet users are equally casual when it comes to social networking sites. Over half (57%) of internet users who regularly use sites like Facebook, Bebo and MySpace admit to having never read the terms and conditions or privacy statements of the site. Whilst some have changed their default privacy settings since registering a significant proportion (39%) have yet to do so.

As 'phishing' and false social networking profile scams increase in sophistication, and social media advertising and behavioural targeting spreads, DLA Piper warns that the law may soon need updating to mandate an opt-out for the sharing of personal information. Google has itself recently conceded to pressure adding a link to its privacy statement on its home page(i) and reducing its data retention time limit from 18 to 9 months(ii) and other search engines and social networking sites could soon face similar scrutiny.

As it stands, there are no standard minimum default privacy settings which social networking sites or search engines are obliged to use. Nor is there one global set of rules as to how website operators who process personal information should behave. In England, the website is obliged to let you know who they are and how it will use your personal information, including whether it uses cookies or other tracking systems to collect data. Privacy terms and conditions must also be prominently displayed at any point on the site where personal information is being collected and users have the opportunity to refuse for information to be collected. As long as sites comply with these basic principles, the obligation is on the individual.

Ruth Hoy, a digital media law specialist and partner within DLA Piper's Technology, Media and Commercial group commented: "Recent cases, such as that of businessman Mathew Firsht who successfully fought against a false Facebook profile, have highlighted the need for individuals to be careful about the personal information they make available online. Some sites have settings which are automatically set to the most private level; others will allow all the information you post to be seen by all other users. But, it’s up to you to check. If you fail to do so, you are putting yourself at risk. Until there is a unified set of privacy laws and global minimum standards to protect personal data online (and that time is most certainly coming) individual users need to be more savvy about the information they're making available and where it might end up."

Online privacy – the legal outlook:

• Decline of self-regulation: Search engines, social networking sites and other online publishers need to be prepared for greater regulatory scrutiny – the days of self-regulation on issues relating to privacy, inappropriate content and libel are numbered. In the UK, we expect the Information Commissioner to be issuing guidance on best practice in due course.
• Move to international standards: A global and uniform set of standards relating to websites’ use of personal information may be ambitious, and some time in development, but it is certainly on the horizon. As the number of cases of breaches and misuse of data increase, current privacy restrictions will be tightened and standardised both here and across the globe.


For further information:
Tom Pearson, Firefly Communications, Tel: 0207 386 1568 or email

Nick Bell, Media Relations, DLA Piper, Tel: +44 (0)20 7153 7127 or email

(i) In July 2008, Google’s made its privacy police accessible via its homepage. The link directs users to the following:
(ii) In a recent blog posting, Google announced a new log retention policy:

Notes to editors:

1. DLA Piper is the largest global legal services organisation in the world with over 3,700 lawyers across 64 offices and 25 countries. From its offices across Asia, Europe, the Middle East and the United States, legal and business advisers provide a range of services to local, regional and international businesses.

2. The Technology, Media & Commercial group (TMC) is made up of specialist information technology, telecommunications, publishing and media, sport, intellectual property and commercial lawyers. The group has an unrivalled understanding of the converging TMC sectors and offers a unique, global full-service capability. With over 130 partners and over 270 lawyers worldwide, the group is recognised by legal directories and industry members as one of the leading groups of its kind globally. In 2007, the group was awarded 'TMT/IP' team of the year at the prestigious British Legal Awards.

3. For further information about our organisation and services, please visit our website:

4. All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2,216 adults. Fieldwork was undertaken between 20th and 22nd August 2008. The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+).

Published on: 12:00AM on 12th September 2008