I have pushed quite hard for the US government to pass some meaningful laws to protect the privacy of Internet users. Some readers have challenged me to describe any laws that could do anything useful. I'll give it a try.
I think there are three principles:
Tell me clearly what you are going to do with my data.
Don't change your mind.
Don't use data from other sources without my consent.
There are certainly problems with a local government, such as that of the US, defining laws to regulate the very international Internet, but the US government can regulate how US companies obtain and use information.
The government can do both of these things, but I'm not sure it should do the latter. I don't think it's productive for any government to say what information can be used in what ways because of the speed of change in the Internet landscape. But I do think that some basic laws would help a lot.
Law No. 2: The Web site's policies cannot be changed to invade privacy in any additional way without clear notice and without discarding all information obtained under the previous policy. A site should have the option to ask individual users for their permission to retain the information about them, but must not retain information without specific individual approvals.
Law No. 3: No company doing business in the US may use any data from Web sites that was not collected following the restrictions in the above laws.
Basically, individuals should be able to decide for themselves what level of privacy they are willing to give up. And they should be able to be sure that the companies, at least the U.S. ones that they are dealing with, will not lie to them. The European sites are already under far stricter rules than I ever expect to see here. The penalties for companies violating these laws should be significant.
Some observers claim the US Federal Communications Commission already has the needed laws, but empirical evidence shows this not to be the case. Let's get this problem behind us once and for all.
Disclaimer: Empirically, Harvard's reputation is subjective, but the university has not expressed an opinion on Web privacy. Thus, the above laws are my suggestion.
Bradner is a consultant with Harvard University's University Information Systems. He can be reached at email@example.com.