The European Union and the US look set to agree on how to protect
Net users' right to privacy. But without an element of compulsion
the policy will be of little use.
After nearly 15 months of tortured negotiations on the best way of
protecting users' privacy on the Internet, the European Union and
the US are said to be close to an agreement.
The European view of privacy protected by legislation, and the
US model of self-regulation could be satisfied by a compromise
solution based on the use of a "safe harbour" strategy in which US
companies would sign up to regulations voluntarily but would then
be bound by them.
The irony is that had Europe stood its ground, it could probably
have had the upper hand in negotiations. Self regulation appears
not to be working, and disclosures of privacy infringements on the
Net are becoming commonplace.
The latest was DoubleClick, which created anonymous digital
snapshots based on people's Web surfing habits, and planned to link
profiles with more specific information, from databases that cover
90% of the US population.
The problem is, as Business Week suggested recently, that it is
only going to get worse. You want to have access to information
wherever you are via your Wap phone? You got it - plus a whole load
of suitably targeted junk e-mail and probably voice-mail too.
If you're passing a bookstore, expect to get prompts for
discounts on books; and if you like burgers, you'll probably only
have to pass one with your phone switched on to get "a small drink
with fries".
The US - and they have the biggest problem with privacy
violations - would have you believe that all this can be controlled
by self-regulation.
According to one survey, disappointingly from the Federal Trade
Commission which has attempted to be hawk-like on privacy, more
than 66 per cent of companies had privacy policies.
Correction: 66% had something on their Web site which purported
to be a privacy policy. If put on the spot, actually I'd guess most
of them couldn't tell you what the policy even was.
The same applies to the well-meaning "trust" schemes being set
up in the UK from a string of organisations. As one person I met
this week asked, "How do you know sites really comply with these
'tick' schemes. All you see as a user is a tick - that proves
nothing."
Business Week suggests a four-point plan for privacy:
- Display your practices - and write them in plain
English
- give people a choice - opt-in rather than opt-out;
- Show me the data - you have a right to see it - it is about
you
- Fair play or pay - unscrupulous sites should pay for
violations.
So, when it comes to safeguarding privacy, the European
Commission should stick to the European convention that privacy is
a human right. And not roll over to a little US arm-twisting.
If users should stand up for their privacy rights, while they
are about it they might think about ensuring that they have an
effective voice in Net affairs too. And that particularly goes for
business users.
The Internet Corporation for Assigned Names and Numbers (ICANN)
is to offer the Net a "free vote" to ensure they can appoint a
series of "at large" directors to safeguard their interests, rather
than have to put up with appointments that are jobs for the
boys.
It almost goes against the grain to say it, but users must take
advantage of the chance to have their say.
Trademark holders, above all, must ensure that when we
eventually get an explosion in new top level domain names (eg .shop
and .firm) they have some control over the implementation process
and timescale. Going to the ICANN Web site - www.icann.org - is a
good place to start.
David
Bicknell