Academic journal article Journal of Broadcasting & Electronic Media

The Safe-Harbor Agreement between the United States and Europe: A Missed Opportunity to Balance the Interests of E-Commerce and Privacy Online?

Academic journal article Journal of Broadcasting & Electronic Media

The Safe-Harbor Agreement between the United States and Europe: A Missed Opportunity to Balance the Interests of E-Commerce and Privacy Online?

Article excerpt

During the first half of 2000, two high-profile incidents heightened public concerns about the privacy of personal data on the Internet. These incidents involved the e-commerce toy retailer Toysmart.com and DoubleClick, the largest online advertising company in the United States. Coincidentally, the Commission of the European Communities issued a document in July 2000 outlining the main features of the safe-harbor agreement it had concluded with the U.S. to ensure the protection of personal data collected by U.S.-based companies about residents of the European Union (E.U.).

The Toysmart.com and DoubleClick cases were interpreted by many as examples of the failure of the U.S. reliance on industry self-regulation to protect personal data privacy, and at least some saw the main features of the safe harbor agreement as suggesting an attractive alternative approach. The safe harbor's existence, coupled with growing public concern about online privacy, had created an unusual opportunity for a fundamental policy shift in the U.S. approach to online data privacy.

This study traces the fate of attempts to shift from an approach based mostly on industry self-regulation to one more in harmony with those systems of legal protections being adopted in Europe and elsewhere. The study then demonstrates the value of the work of political scientist John W. Kingdon (1995), especially his concept of "policy windows," when analyzing such attempts at major policy change. It ends by suggesting why attempts to change to a new system of online data privacy protection have so far failed and what lessons can be learned from these events by those who study personal data privacy and the policy-formation process.

In June 2000 the e-commerce toy retailer Toysmart.com filed for Chapter 11 bankruptcy protection. Shortly afterwards, the company offered its customer database for sale in an advertisement in the Wall Street Journal (Simpson, 2000). The sale of this customer information violated the company's stated privacy policy, which was reported to have included the statement: "You can rest assured that your information will never be shared with a third party" (quoted in Richtel, 2000, p. C2). Several similar cases emerged where e-commerce retailers had violated their privacy policies, bringing into question the value of industry self-regulation (As Online Firms Go Bust, 2000).

A few months earlier, the online advertising company DoubleClick announced that it would start linking its online data about the users of the Web sites on which it advertised with information about the purchasing habits of those users at a number of major retailers, catalog companies, and publishers (Will, 2000; Shen, 2000). DoubleClick was able to combine these two sets of personal data through its earlier acquisition of Abacus Direct, a corporation that compiled information on the purchasing habits of millions of consumers. This linking of personal data with the often anonymous Web site data led to a brief storm of protest, perhaps best summed up in a Boston Globe article's title: "DoubleClick's Double Cross" (Bray, 2000). A few months later, responding to this pressure--and perhaps not least to a drop in the value of its shares--DoubleClick announced that it would put on hold the plan to combine these two sets of data.

In both cases, negative publicity, pressure from Wall Street investors, and intervention in the dispute by the Federal Trade Commission led to at least a temporary resolution that offered some level of privacy protection for those whose personal data were involved. However, protection for personal data in the future relied mostly on the willingness of the businesses involved to sustain the agreements rather than the force of any existing body of law.

In sharp contrast, had those Toysmart.com customers been residents of a member state of the European Union, and had the safe-harbor-agreement negotiated between the U. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.