Web Site Privacy Policy Changes Challenged
"If you operate a web site, you should take note of a recent Federal Trade Commission ('FTC') consent order, In re Gateway Learning Corp., which is the first FTC case to challenge deceptive and unfair practices in connection with material changes to an online privacy policy.
Specifically, the FTC's complaint charged Gateway Learning Corporation ('Gateway Learning') deceived consumers by materially changing its already established privacy practices, revising its privacy policy to reflect these revisions, and retroactively applying the materially different privacy terms to personal information that was collected from consumers under the original privacy policy...
The lessons learned are that a web site must take steps to ensure that it fully complies with each promise set forth in its posted policy privacy and elsewhere on the web site, and that a web site cannot change its privacy practices without consumer consent. A mere statement in a privacy policy that the web site may change its policies and post those changes on the web site does not give the web site the right to retroactively apply the changes to data previously collected. Web sites should also evaluate how they notify consumers when a privacy policy is revised."
From this findlaw article viathis Stark County Law Library Blawg post.