+1 (218) 451-4151 info@writersnest.org

Abstract:  In this paper, I will briefly define privacy and “fair information practices.”  Then I will discuss the regime of self-regulation that is currently in place in the United States to protect these principles as they relate to consumer online data collection and dissemination.  Specifically, I will show that there are some problems with this system.  In particular, I will point out that privacy practices are not universal, and that companies may not be driven to implement fair information practices by market forces because of the strong financial incentives for them to do otherwise.  Finally, I will suggest that legislation like that used in the European Union might be a viable alternative to self-regulation in the United States.
I enjoy shopping online.  As a college student in rural New Hampshire, the abundance of online retailers is a dream come true, as it allows me to buy the latest fashions and other items directly from my dorm.  But what price do I pay for such luxury?  I compromise my privacy as a consumer and open myself up to a world of customer profiling, targeted advertising, and analysis of my online behavior.
Currently, there are no all-encompassing legal restrictions on the collection and use of customer-provided data, clickstream data, and other forms of personal information collected about adult consumers over the Internet.1  Instead, we rely on a system of industry self-regulation, built on a market model, to protect consumer privacy.  There are several problems with this system.  First, it is not universally implemented; sites are not required to disclose their privacy practices.  Second, since online businesses stand to gain financially from the use of personal data, especially in targeted marketing campaigns, and because most consumers are not knowledgeable enough to protect themselves, companies may not actually be driven to protect consumer privacy by the market, as was originally thought.  Instead, legislation, similar to that passed in 1998 by the European Union, may be required to guarantee Americans’ online privacy.
Defining Fair Information Practices
First, it is necessary to define privacy and fair information practices as they pertain to online commerce.  Back in 1973, the US Department of Health, Education, and Welfare developed a Code of Fair Information practices (US Dept. of Health 1973). It is based on five general principles (US Dept. of Health 1973):
* There must be no personal data record-keeping systems whose existence is a secret.
* There must be a way for a person to find out what information about him or her is in a record and how it is used.
* There must be a way for a person to prevent information that was obtained for one purpose from being used or made available for other purposes without his or her consent.