Privacy

Many formal and informal surveys have shown that potential econsumers are wary of using the Internet because of concerns about their privacy. If ecommerce is to realize its potential the econsumers must be confident that their personal information is protected against misuse. Electronic commerce will thrive only to the extent that individuals' privacy concern are addressed adequately and personal information is protected.

Privacy is the right to be left alone; the right to control one's personal information, which not only includes identity but also image and biometrics; it also involves the ability to determine if and how that information should be obtained and used. Referred to as informational self determination, it is protected by constitutional courts in some countries. While many countries use this type of concept, in others, most personal information is not protected and market forces and self-regulation are relied on to provide controls[3], [11], [12], [18],[23]. This laissez faire attitude puts very little restrictions on a wide range of activities relating to the collection, retention, use and disclosure of personal information[20].

Privacy also entails confidentiality which ensures the safe keeping of personal information and the guarantee that such information must not be propagated without the express consent of the subject concerned⁴.

Many polls made for the direct marketing and advertising industries have shown that notice, choice, security, and access are necessary elements of fair information practices online. Hence, the individual right to privacy which involves the access to and use of, her personal information should be unconditionally assured. Furthermore, personal information should be accurate, relevant and used only for the purpose for which it is provided and used. Hence, when data is gathered by a site on the Internet, the individuals should be informed about what information is being collected and how and why this information would be used. The individuals should be provided with an easy method to limit the use of any such information collected and limit their propagation to other organizations. An example of a simple web page wherein an ecommerce enterprise makes the information recorded for an econsumer available by a simple click is given in Figure . The econsumer has the choice of deciding what the enterprise can do with this information and can change it at will.

The OECD recognized the need for privacy, confidentiality and security in the eighties and issued a directive[16], which has been used as a model by various governments[2], [5], [8]. A ten point guideline has been proposed as an International standard⁵[6].

Many governments have recognized the need to introduce laws to protect privacy and thereby reassure potential econsumers that ecommerce is a safe environment for browsing and shopping. However, the existing patchwork of jurisdiction, while meaningful decades and centuries ago, is a possible stumbling block⁶. Additional measures to monitor that privacy, confidentiality and security safeguards are being followed should also be taken. This is a natural extension of the practice such as periodical certification of weights and measures used in traditional commerce to ecommerce. Furthermore, steps should be taken to assure econsumers that adequate measures are in place for econsumers to redress if their personal information is inaccurate, outdated, incomplete, irrelevant or improperly used or disclosed. Cost of such redress should not be borne by the ordinary econsumer. The burden of proof should not be placed on the econsumer, a large majority of whom may not be legally or technologically informed to be able to protect her privacy.

This approach, is quite different from one proposed in the U.S. which would allow ecommerce companies to establish a level of privacy protection offered in a self-regulatory marketplace with minimum government regulations[3], [4], [9], [11],[21], [22]. What is puzzling is the present privacy debate in the U. S., where the leading civil liberties and consumer groups even though critical of the privacy violations on the Internet, are suspicious of U. S. Federal government's involvement in the regulatory process. In the meantime, the attitude adopted in the U. S. seems to be to warn econsumers of the danger rather than campaign for comprehensive legislative guarantees for privacy protection[12]