FRAMINGHAM (04/18/2000) - There's a growing disconnect between American consumers and business on privacy and data protection. Consumers want Congress to step in and pass strong laws to protect information privacy, both online and off-line. A recent BusinessWeek/Harris poll found that 57 percent of Americans believe that "the government should pass laws now for how personal information can be collected and used on the Internet," while only 15 percent believe that voluntary privacy standards are the way to go.
Businesses, on the other hand, argue that the current voluntary standards are working quite well, thank you very much. What's more, say businesses, any regulation would be premature: We're still in the early days of the Internet boom, and any fiddling with the Net's magic formula of pervasive surveillance and unbridled personal data collection might irreparably harm the engine that has been creating so much of the country's new wealth.
But if information really is the oil of the 21st-century economy, then it's unlikely that privacy will remain unregulated for long. Regulation, after all, plays many important roles in our society. By setting rules for business, regulation increases consumer confidence while creating a level playing field for all businesses.
Consider the biggest online privacy gaffes since early last year: DoubleClick Inc., Amazon.com Inc., Microsoft Corp. and RealNetworks were all caught off guard when details of their privacy-invading technologies and policies found their way onto the pages of Web sites, newspapers and magazines. The source of these companies' confusion was obvious: Nothing they were doing was illegal!
Nevertheless, DoubleClick's cookies, Amazon.com's Purchase Circles, Microsoft's registration wizard and RealNetwork's surveillance jukebox all generated public outcry and hostility. Why? Because there's a yawning gap between the privacy rights most Americans think they're entitled to and what they're actually afforded under U.S. law.
This is an unstable situation, one not only unfair to consumers, but also unsettling to business. Innovative services for the information economy will depend on the judicious use of personal information, but companies that develop these services risk being branded as "privacy pirates," even when those services pose no privacy risk to the public. Meanwhile, companies that aren't building massive data banks still suffer the consequences when the public's fear of online privacy violations throws a monkey wrench into the continued growth of e-commerce. According to the BusinessWeek/Harris poll, 63 percent of those who don't shop online say they're "very concerned" that their personal information would be misused if they did.
Instead of fighting privacy legislation, industry should take the lead in developing a workable set of privacy regulations and practices that can work both on and off the Internet. These practices should take into account both the European Union's directive on personal information and the 1980 Organization for Economic Cooperation and Development privacy guidelines. After all, U.S. companies doing business in other countries already must follow local privacy laws based on these principles. The lack of defensible privacy legislation within the U.S. is fast becoming a stumbling block to international e-commerce, since many countries have laws that prohibit the transfer of personally identifiable information to laggard jurisdictions where privacy rights are not legally respected - like the U.S.
Like it or not, it's unreasonable to think that U.S. businesses will be able to stave off meaningful privacy regulation when the subject has such widespread appeal. The only question that's really open is: When will the regulation come?
Surprisingly, the answer is simple: the sooner, the better. Privacy protection will be a "must have" for worldwide e-commerce. The longer it takes for the U.S. to catch up, the further behind our companies will fall in privacy-protection practices and technologies. Likewise, the longer our companies spend harvesting ill-gotten gains from violating consumer privacy, the harder and costlier it will be for us to break that habit.