Self-Regulation is Next, Net Conference Told

After signing the e-commerce law, the government should now focus on self-regulation initiatives to build trust among users and consumers. This was put forth by high-level officials speaking at the Global Information Infrastructure Commission (GIIC) Asian Regional Conference held here in July.

Anne Carblanc, principal administrator of the Information and Communications Technology Division of the Organization for Economic Cooperation and Development (OECD), and Stephen Lau, privacy commissioner for Personal Data in Hong Kong, both said that ensuring privacy, consumer rights and security, by way of facilitating the use of authentication, are key initiatives toward this goal.

"First, establish the ground rules, enhance the information infrastructure by ensuring access, and then maximize the economic and social benefits," said Carblanc.

Lau, on the other hand, focused on the issue of privacy, which involves collection of data, control of personal place, freedom from interference with one's person as well as communications and surveillance.

"Governments with e-commerce in place should also consider that every individual has the right to be left alone and the right to self-determination," Lau pointed out.


Carblanc outlined the OECD's multilateral, multicultural and multidoor approach to building trust in e-commerce. She said the first step is through an efficient and secure environment. "And this can be done by way of electronic authentication and securing information systems," she said.

Protecting consumer rights is the second step, Carblanc added. The OECD Council has approved a set of guidelines for consumer protection in the e-commerce environment based on the principle that "consumers should not be less protected when shopping online than when buying from their local store or ordering from a catalog."

"Make sure there will be a forum for redress on consumer complaints experienced in online transactions," Carblanc said. She added that the agency is also forming an online alternative dispute resolution mechanism for consumer-to-business interactions.

Carblanc noted that protecting privacy is also an utmost concern. "This could be addressed by analyzing privacy instruments and mechanisms, as well as using privacy-enhancing technologies," she said.

The OECD is also set to release a Privacy Policy Statement Generator, an HTML tool that will assist any private or public organization, either a large company or a small business, in expressing its privacy policy in a form of a statement that can be posted on its Web site.

"Trust can also be built by using codes of conduct for e-commerce as well," observed Carblanc. "This could be a self-regulatory tool that governments and organizations can use."


Citing data from Forrester Research Inc., Lau noted that 90 percent of online consumers want to have control over how their personal data is used once it has been collected.

"And the same research showed that two out of three people say that they have reservations about giving out personal information online," he said, adding that misuse of personal data is a global concern.

"Data privacy issues on the Internet abound," said Lau. "As they say, you may be looking in the window, but now the window is looking at you."

Such privacy issues that a typical Net surfer encounters include sites that have no personal information collection statement or no data privacy policy. Even e-mail addresses and cookies can be tools to collect data without consent, Lau said.

He said the misuse of data can result in data crimes such as spamming, identity theft and the use of data different from the original purpose of collection.

"This is why governments should encourage industries to draft codes of conduct or ethics on personal data protection to safeguard consumers," Lau said.


Lau, who heads the Personal Data Commission of Hong Kong, explained that the personal data ordinance one policy that is effective in protecting privacy and enhancing e-commerce growth.

"This ordinance has two objectives. One is to protect the individual's right to privacy with respect to personal data," Lau explained. "The other is to safeguard the free flow of personal data to Hong Kong from restrictions by countries that already have data protection laws."

This privacy ordinance is based on six principles, namely: 1) purpose and manner of collection; 2) accuracy and duration of data retention; 3) disclosure of use; 4) security of personal data; 5) transparency of information; and 6) subjects' right to access and update their personal data.

"Compliance with these principles bring improved customer and employee relations, as well as provide better record management and information systems practices and more effective planning and operations on the part of the government and businesses," Lau said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Forrester ResearchOECDOrganization for Economic Cooperation and Development

Show Comments