Imagine you're at home eating a TV dinner you just purchased from your local grocery. Suddenly, a sly-looking store clerk appears in your dining room window and starts taking pictures of you.
"Hey, buddy!" you complain, angrily pointing at the camera. "What gives you the right to come in here with that thing? This is private property."
"Well," he replies, "you bought those groceries at my store, you see-and we have a right to keep our shelves stocked with the latest in popular consumer products. It's for your own good, you understand." He grins, and continues taking pictures of your lawn, your bathroom, your bedroom, your pantry, etc.1
It sounds like something out of a bad B-movie-the scary grocer digging through all of your private belongings while you stand by, unable to stop him from invading every inch of your personal space. It sounds like a bad movie, but it is not. It is the reality in which most modem consumers live. When the U.S. Congress first implemented the Social Security system, citizens feared that the federal government would track them through their number.2 While that particular fear has, to a large extent, subsided, some citizens have become leery of a new menace-the menace of losing control over one's personal privacy. Unlike previous generations, advances in technology have given modern retailers the ability to gather "every tidbit of relevant information" that consumers leave along the electronic paper trail.3 As a consumer in the modern age, one's personal preferences (everything from what type of deodorant one prefers to what restaurants a person frequents-even the preferences of a person's pet) are all being tracked.4 Unless one always pays in cash and does not possess a bank account, drive a car, surf the web, make phone calls, or use any type of service that requires a computer chip, "your personal information, habits, and preferences are essentially fair game for anyone who wants to know about them."5
The growing concern over personal privacy has sparked a revolution of protection laws in many countries. While the European Union (EU) chooses to protect consumer personal information through legislation (i.e., the passage of directives and national laws), the United States chooses to protect consumer privacy through market mechanisms and the promotion of industry self-regulation. The following pages will examine the divergent paths these two entities have chosen and the successes and failures they have experienced in the pursuit of consumer privacy protection. The ultimate goal of this comment is to provide a checklist of issues to consider for nations that are now in the process of considering the creation of national consumer privacy protection policies.
Part II will begin by examining the intersection between privacy and the Internet. What is privacy? How has the Internet changed the ability of consumers to protect their personal information? And how is consumer online privacy protection different from traditional consumer privacy protection? Parts III and IV will explore the history and the reasons for the diverging EU and U.S. policies toward personal privacy. Why have these entities chosen their particular paths? Part V will examine the successes and failures these two entities have experienced in their pursuit of privacy protection. Part VI will examine the lessons other nations should learn from these two examples. Is one method better than the other? Or should a nation choose some combination of these two methods to protect consumer privacy? What is the best path for a nation to choose?
II. PRIVACY AND THE INTERNET
If we are to understand the importance of consumer privacy online, we must first understand the importance of privacy. What is it and why is it important? In general, privacy can be divided into four major categories. For the purposes of this comment, privacy refers to informational privacy, or that "which concerns the control or handling of personal data. …