Academic journal article Journal of Corporation Law

Do You Want Milk with Those Cookies?: Complying with the Safe Harbor Privacy Principles

Academic journal article Journal of Corporation Law

Do You Want Milk with Those Cookies?: Complying with the Safe Harbor Privacy Principles

Article excerpt

Do You Want Milk with Those Cookies?: Complying with the Safe Harbor Privacy Principles*

"The right to be let alone-the most comprehensive of rights, and the right most valued by civilized men. "

Judge Louis Brandeis1

"You have zero privacy anyway .... Get over it. "

Scott McNealy, CEO of Sun Microsystems2


The color of your car, the brand of laundry detergent you prefer, and what movie you rented last Saturday night, all of this information and more is stored on databases maintained by stores you frequent. Imagine now if the people keeping track of what brand of toothpaste you use could know how long you looked at the various choices, whether you considered buying the whitening formula rather than the cavity control you normally use. When you shop on the Internet, the Web sites you frequent know exactly what you look at and for how long.3

The Internet has, for better or worse, fundamentally changed our lives and revolutionized the way we work, communicate, and shop. Millions4 use the Internet to correspond with friends or co-workers, to find out who won the game last night, to buy the newest paperback thriller, or to get the latest weather forecast. Many Internet users surf the Web blissfully unaware that every time they access a new site, the company or entity maintaining the site is probably obtaining personal information about them, and storing it in a database or selling it to direct marketing databases.5

Internet commercial transactions (e-commerce transactions) are becoming increasingly important to the United States economic infrastructure. The term ecommerce refers to any commercial transaction conducted over the Internet.6 Ecommerce sales transactions were estimated at $25.8 billion in 2000.7 Online advertising expenditure and revenues have also exploded. In 1996, $267 million was spent on

Internet advertising; in 1999, companies spent over $4.6 billion on Internet advertising.8 The development of extensive databases using information collected online from consumers has helped contribute to this growth.

Collecting information about site visitors to create databases, without their knowledge or consent, is a widespread practice among commercial Web sites in the United States. Databases are used as an "intangible asset" in creating targeted advertising and developing marketing strategies.9 An average American's profile is on twenty-five to one hundred commercial databases.10 A Federal Trade Commission (FTC) study revealed that ninety-seven to ninety-nine percent of commercial Web sites sampled collect at least one type of personal information from site visitors.11 An overwhelming majority of these Web sites collected personal information such as social security numbers, gender, and age.12

Vendors compile raw information collected by various gathering mechanisms to produce "'new' lists tailored to specified interests."13 Web sites located in the United States view this acquisition of personal information about their users, its compilation into lists, and sale for profit as a necessary measure for surviving in the "emerging electronic marketplace" created by the Internet.14 There may be "lists of expectant mothers and their due dates and lists of middle class (above $75,000 in annual salary) Latino men under 6 feet who voted Republican in 1988 and drive European sports cars originally purchased for over $50,000."15

Until recently in the United States, data collection practices associated with ecommerce transactions, advertising databases, and vendor lists had few limits because regulation of consumers' privacy-whether online or offline-had met with considerable industry resistance.16 In the European Union, however, this compilation and transfer of personal information without explicit consent from the individual targeted is illegal

regulation of consumers' privacy has been achieved since 1998 through the European Union's Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (Data Protection Directive). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.