TCS Daily

The Disappearing Problem of Online Privacy

By Jessica Melugin - April 3, 2000 12:00 AM

The Federal Trade Commission announced to some fanfare recently it would be investigating various health care Web sites, along with Internet advertising agency DoubleClick, Inc., for possible privacy violations. Whatever the merits of these specific cases, it's important to note that the online privacy concerns on which they hinge are common among consumers. Too often, however, the issues are misunderstood by the press, the public, and the regulators.

Information about where people go online and what they buy is important to businesses seeking to streamline their marketing. The Internet is proving a fertile source for this type of data. The increase in ease and frequency with which consumer preferences are recorded, cross-referenced with other information, or sold has resulted in calls for new regulations, laws, and restrictions.

These measures may not be needed. That doesn`t mean the public's privacy desires are unimportant. But rarely discussed in the debate are the incentives currently encouraging businesses to cater to and address consumers' privacy concerns-without the prompting of government.

In fact, government-imposed privacy dictates would set a dangerous precedent, leading to government meddling on the Internet and wasting untold dollars in compliance and enforcement costs.

A number of bills to regulate online privacy are under consideration by Congress. A proposal sponsored by Sen. Conrad Burns (R-MT) would require Web site operators to identify themselves, and to detail what information is collected from patrons of the site, how it's used, and what aspects might be shared with other companies. Sen. Robert Torricelli (D-NJ) has introduced another bill focusing on the use of "cookies" (tiny files that Web sites send to users' hard drives to monitor where they go and what advertisements catch their attention). This bill would mandate that sites gain permission from users before cookies can be used. Ideally, the bills would ensure that consumers are in control of their personal information and notified of what information about them is collected and who will see it. Sounds reasonable, right?

So reasonable, in fact, that it's already happening without federal regulations. Consumer demand has already made privacy policies commonplace on the Internet. In 1998 the Federal Trade Commission reported to Congress that while more than 85 percent of Web sites collected some form of personal information, only 14 percent provided some type of notice to their patrons. But a January 1999 Georgetown survey found that almost 66 percent of sites posted some type of privacy disclosure. Today the number is even higher. Such a swift and widespread response may be due in part to the threat of regulation, but more fundamentally it's being driven by consumer demands.

Even with this industry response, proponents of privacy regulations argue that we still need laws because consumers remain powerless on any website that doesn`t voluntarily post its privacy policy or whose posting is insufficient. In fact, just as discerning consumers may choose not to deal with offline businesses whose standards and policies prove disagreeable, so too will they avoid Web sites whose privacy standards fall short.

Think about it. It's in the interest of businesses to give consumers what they want. Simple as that sounds, it's a notion foreign to bureacrats and legislators casting about for a piece of valuable regulatory turf. As more consumers make known their preference for privacy, more websites will respond accordingly. And in the meantime, savvy Web surfers can stick to sites they trust, choose not to fill out registration forms, and set their browsers to consult them before accepting any cookies (for more information visit New technologies allow for anonymous Web browsing, browsing under digital pseudonyms, and automatic screening of privacy policies.

The market is already giving consumers greater control over their personal information online than they`ve ever had in the offline world, making federal regulations unnecessary. Unfortunately, government action could still do a lot of damage.

There would be the inevitable unintended consequences. We`re still waiting for the details of a scheme for enforcing Internet privacy regulations, but you know there will be costs, some immediately apparent, others showing up only after it`s too late to stop the regulators. The Internet is as decentralized as it is vast; an enormous amount of time and money would be needed to patrol it.

Whatever the FTC ultimately decides about DoubleClick and the health sites under investigation, Congress should practice restraint and choose not to mandate Internet privacy policies. Privacy concerns are already being addressed. Rules and protocols are being hashed out by the parties involved - website operators and their customers. Legislation from Washington would only lead in the wrong direction.

Jessica Melugin ( is a policy analyst at the Competitive Enterprise Institute.

TCS Daily Archives