It was recently reported that thousands of websites—including www.whitehouse.gov—have been using advanced persistent tracking mechanisms unbeknownst to visitors and potentially in violation of the sites’ own privacy policies.
One such website-visitation tracking mechanism—canvas fingerprinting—secretly extracts a persistent, long-term fingerprint that is much harder for visitors to block or opt out of than cookies. The White House’s privacy policy specifically mentions its use of cookies, but not canvas fingerprinting. It also provides a link to a detailed explanation of the types of cookies it employs, how third-party providers analyze the collected data, and how visitors can manage their browser settings.
Although the policy’s clarity and candor are commendable, privacy advocates could argue that the White House gives visitors the misleading impression of a comprehensive and thorough disclosure, when the White House reportedly uses a canvas fingerprinting provider and merely includes a link to the provider’s website among links to many other third parties whose content or functionality may be included on the White House’s site.
Because omitted information in the context of a seemingly thorough privacy policy could be deemed deceptive, and because rapidly changing technology could create gaps or inconsistencies, companies and other website operators should carefully consider the appropriate level of detail to provide in their policy statements.