They should: it’s a very big deal.
Moving in opposite directions on protecting the future of consumer privacy online, the U.S. and Europe nevertheless are both heading toward the same cliff—and dragging with them billions of dollars and Euros in e-commerce along with the confidence of consumers.
“Never has privacy been more important than today, in the age of the Internet, the World Wide Web and smart phones,” President Obama wrote in February 2012, urging “Americans … to . . . apply our timeless privacy values to the new technologies and circumstances of our times.”
On January 25, 2012, the European Commission (EC) issued a privacy proposal to require “data controllers” (online merchants, advertisers, etc.) to provide more transparent and accessible information to data subjects (individual Internet users). The proposal asserts a right of EU citizens “to be forgotten,” thereby obliging data controllers to delete personal data on request. Data controllers would be prohibited from collecting data unless the subject gives express consent. In the meantime, the United States has proposed precisely what the EU has already vehemently rejected: voluntary industry self-regulation, subject to limited federal enforcement.
The differences between the EU and the U.S. threaten the global interoperability of e-commerce; companies operating under U.S. law will fail to satisfy proposed EU law and may find Europe’s doors barred to them—with fines mounting, revenues dwindling, and economies eroding.
This is the privacy cliff.
Real though it is, the privacy cliff is shrouded in a fog of uncertainty. Unlike the fiscal cliff, falling off has no set deadline. The EU proposal remains a proposal, the implementation date yet to be set. The U.S.? It has yet to act. And we are left asking: What powers will governments have to enforce privacy laws? How will differences between European and U.S. laws impact trade? And will a fall over the privacy cliff entail the very consequences predicted for the fiscal cliff, precipitating the world into a new, deeper financial crisis?
Speaking on December 4, EU Justice Commissioner Viviane Reding suddenly took the focus off individual privacy rights and argued instead that government privacy regulation will promote the growth of e-commerce by creating legal certainty and consumer trust.
Legal certainty is always good for business, but the notion that the consumer trust created by law will stimulate e-commerce is a self-defeating argument. In fact, e-commerce has exploded in the absence of stringent privacy laws. So why assume, absent laws, this spectacular growth will stop? Since the Internet’s inception, successful companies have risen on the free market, not climbed up any legal framework dealing with privacy.
With the utility of privacy law in question, and the U.S. unwilling to relinquish industry self-regulation, we are left with a choice. Continue the march toward the privacy cliff or find an alternative to both the EU’s “government-centric” and the U.S.’s “industry-centric” regulatory approaches.
The most viable alternative, and the way back from the cliff, is to empower consumers to motivate corporate respect for privacy by giving them the technology to control their own data online.
For example, continue deploying do-not-track (DNT) tools that afford consumers some control over whether advertisers track their browsing. And encourage the advertising industry to more effectively publicize programs such as the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.