While all businesses must maintain consumer trust to succeed, Internet businesses that maintain virtual interaction with consumers are particularly dependant on consumer confidence. Absent trust in the integrity of electronic transactions, consumers will be hesitant to use online services and e-commerce and the benefits of online interactions may not be fully achieved. Businesses generally understand the need to maintain the integrity of consumer data and, therefore, consumer confidence. The issue is how best to balance the legitimate needs of consumers to maintain their privacy, the desire of consumers to have the best possible online experience and the ability to reap the benefits of online interactions. This must be achieved in the context of a global community of Internet businesses and users, each with unique cultural requirements and attitudes impacting their level of desired privacy.
Impact to Business
In 1995 the European Union (EU) issued a Privacy Directive banning the flow of personal data to third parties without "adequate privacy protections". In 2003, a Directive on privacy and electronic communications translated the principles of the Data Privacy Directive into specific rules for the telecommunications sector. A number of Member States still need to implement this Directive.
Following passage of the 1995 EU Directive, negotiators from the EU and US developed the Safe Harbor Agreement. The Agreement establishes a series of rules whereby private companies can be deemed in compliance with EU regulations. Once companies have achieved Safe Harbor status, they are eligible to receive EU data.
In the US, a number of state and federal bodies continue to consider privacy issues. The U.S. Federal Trade Commission (FTC) is satisfied that self-regulation is an effective means to protect consumer privacy. The FTC favored government regulation in 1998 unless industry could implement "broad-based and effective self-regulatory policies" by the end of the year. By 1999, the FTC was urging the U.S. Congress not to pass any new Internet privacy laws, finding self-regulation the least intrusive and most efficient means to ensure fair information practices. This success is due in part to business efforts to promote privacy and establish trust with consumers, as well as efforts of neutral watchdog groups such as the Better Business Bureau Online and TRUSTe.
In October 2001, the FTC announced an aggressive, pro-consumer privacy agenda to address a number of consumer privacy issues. The initiative most likely to impact the online community includes efforts to enforce voluntary privacy notices posted by companies and ensure compliance with the US-EU Safe Harbor Agreement.
In the Asia Pacific Economic Cooperation (APEC) Electronic Commerce Steering Group (ECSG), discussions are ongoing to develop a set of APEC principles for data protection and privacy.
As of January 2005