UK companies doing business online should avoid tying themselves into stringent privacy statements, or risk making the same mistakes as their US counterparts, says the Office of the Information Commissioner.

The US Federal Trade Commission (FTC) cleared Amazon.com last week, after allegations that it breached its confidentiality statement by selling classified customer information.

But the company has been under fire from US consumer groups that are petitioning the FTC to conduct a thorough audit of its privacy practices.

Online travel company eTour is also under investigation by the FTC after trying to sell its database of 4.5 million registered users to web-based search engine AskJeeves, despite the privacy pledge on its website which says it will not share customer data "for any reason, at any time, ever".

Flexibility, not guarantees

Assistant information commissioner Phil Jones says UK companies should ensure they describe how data will be used but build in enough flexibility in case circumstances chance.

"In our view, cast-iron privacy guarantees, such as eTour's, are unnecessary. They tie the hands of those who may wish to use the data later, and make it very difficult to sell data in the UK," he said.

Eversheds ecommerce lawyer Jonathan Armstrong says privacy statements should also make allowances for how data could be used if business conditions change.

"A company must lay out future scenarios describing what will happen to the data if the company merges with another, is bought out, or goes belly-up."

'Cleansing' data before sale

Jones says a company can legally "cleanse" data before selling it, by emailing registered customers to let them know about the change in management.

But information cannot be passed on to a purchasing company until customers have been invited to opt out, he says.

Armstrong says companies purchasing a database can cleanse the data, as AskJeeves is currently doing with the eTour database, but warns that it is a time-consuming process with a high failure rate.

"Companies can lose up to 90 per cent of subscribers if they ask them to re-register, and this is a huge financial burden," he said.