Web sites, as is well known, frequently collect information about us when we visit, and they often sell it to others. Rep. Cliff Stearns (R‐Fla.) has proposed legislation to require online and even main street firms to reveal what information they collect and share, and allow customers to “opt out.” Meanwhile, the Senate Commerce Committee has approved a bill by Sen. Ernest Hollings (D-S.C.) that would require a much more restrictive opt‐in standard for “sensitive” consumer information like religion and financial information, whereby no information may be used until a consumer grants permission.
But is all this fuss over information‐age marketing justified? Some people are surely bothered by it. Yet as author Michael Lewis put it, when it comes to companies trafficking in personal information to better target what they try to sell, most people don’t care. They’re “willing to feign outrage on command, until they see the benefits of relinquishing their privacy,” says Lewis. Free‐flowing information means we all get more stuff more cheaply.
Business use of our personal information to move merchandise may sometimes be irritating, but is hardly worthy of federal regulation. Regulation will unnecessarily hurt e‐commerce — and consumers. It will also affect small businesspeople more than larger companies that have already assembled databases or can afford to purchase them.
There is no one level of privacy safeguards appropriate for everyone that can be configured in federal legislation. The concept of privacy encompasses varying relationships between consumers and businesses. Sure, some people are secretive. But at the other extreme, some post all their dirty laundry on personal Web sites. Privacy regulation undercuts the principle of free speech. That doesn’t vanish because it may be a businessman doing the talking.
But there is a greater problem with Washington’s privacy push: The same Washington supposedly so eager to protect privacy is itself the leading offender. Post‐September 11 has been an era of rising government surveillance. New pushes for mandatory national ID cards, escalated monitoring of our emails facilitated by the USA Patriot Act, and ubiquitous surveillance cameras reveal a government more capable of invading citizens’ privacy rather than protecting it. And these incursions raise serious constitutional issues. Here is where any serious congressional privacy debate must be focused. Neither Hollings nor Stearns would let us “opt out” of government information collection. Businesses would be regulated but Washington would continue to violate privacy unhindered. While one can oppose government encroachments and still support privacy legislation that affects the marketplace, Washington does not have a track record that inspires confidence as a protector of personal information.
Governments have long mandated the forfeiture of the most sensitive and abused information in the first place, such as driver’s license and Social Security numbers, and even our detailed finances to the Internal Revenue Service. The reality is that government doesn’t need to protect our privacy‐it needs to allow it in the first place.
Government forces us to disclose information. In the private sector, however, there are profit incentives to back up one’s assurances of privacy, which are essential to Web commerce.
As businesses respond to consumer preferences, more stringent privacy protections will emerge and are emerging. The notice and choice allegedly sought in privacy legislation already exist. Most highly trafficked sites already feature privacy policies. Users can set their Web browser to reject information gathering. Barring that, free software tools that warn when information is being collected can further empower consumers. The market even provides tools for anonymous surfing.
Some companies are developing techniques for anonymous shopping in response to privacy concerns. Inevitably, the marketplace increasingly forces sites to develop online privacy policies knowing that ever‐more‐efficient browser “policing” software will alert users on the level of security.
Mistakes will be made. But restrictive, government mandated policies can hinder evolving privacy technologies before they mature and even put consumers at risk against malicious spies and hackers by creating a false sense of security.
In the evolving, jumbled world of e‐commerce and varied individual preferences, the government’s proper role is not to dictate the terms of privacy contracts ahead of time, but to enforce privacy contracts that companies have made with consumers, along with targeting fraud and identity theft.
Outside that role, the government needs to look inward. When it comes to privacy, the government’s collection of information about us is the matter of primary concern, not the fact that marketing goes on in America.