Should governments be responsible for protecting consumers' rights in the Internet economy? If the answer is yes, how can governments safeguard their citizens' interests when they do business from a home computer with companies on the other side of the globe? These are the key challenges facing governments in the Internet age. Apart from consumer protection, policy makers have to decide what to do about privacy, taxation, copyright and a whole series of other issues that have acquired a new importance because of the digital revolution.
Some governments express a preference for regulation, others for self-regulation, and still others for co-regulation. But a simple "one size fits all" approach may not provide the best guidance for developing policy in the complex, fast-changing online realm. In matters of privacy and consumer protection, governments should seek to establish enforceable rules to safeguard users' interests. This would promote the stability and predictability needed for commerce to flourish. But when it comes to the content of the information that flows across the Internet, governments should avoid legislation. The open exchange of information and ideas is critical to the continued growth of the information economy and the protection of citizens' basic rights.
This approach does not fall neatly into the basket of regulation, self-regulation, or co-regulation. Instead it seeks to encourage governments to adopt the policies and roles that are most likely to produce economic growth, protect the interests of the individual and build on the open nature of the new communication infrastructure. It has become increasingly clear, for example, that the absence of a clear legislative framework has contributed to public concern about loss of privacy. This in turn has made it difficult for businesses to establish trust and confidence in new services and business models.
Even where companies have pledged to safeguard their customers' interests, competitive pressures and market opportunities have often forced them to revise their policies, invariably to the detriment of the customers. For example, the Doubleclick company announced that it would match anonymous web surfing data with customer purchase information. This led to a public protest, private litigation, and government investigation. In the end, Doubleclick went back to the original plan, but public scepticism of Internet advertising was widespread and the sector has suffered greatly. The problem is all the more challenging as consumers now have the opportunity to buy goods and services from companies all around the world.
The OECD anticipated the need for international standards to protect privacy in a world of transborder data flows almost 20 years ago. The OECD Privacy Guidelines, which set out eight basic principles for the collection and use of personal information, remain the most robust framework to safeguard personal privacy in the age of a global economy. Although the guidelines do not have the force of law, they provide the basis for national law in Europe, North America, and Asia. And the guidelines contributed significantly to the Safe Harbor Arrangement on transatlantic privacy protection reached by the US and EU in March 2000, avoiding what could have been a significant barrier in the emerging online economy.
The challenge now is to implement and enforce these privacy protection standards at both the national and international level. New technology can help in this process. The Internet has made it possible for organisations to make clearer to people how the information gathered about them will be used. This helps build trust and confidence. New encryption techniques may also make it possible to carry out anonymous transactions, avoiding the need for collecting personal information at all. This was anticipated by the OECD Cryptography Guidelines of 1997 that have also contributed significantly to the development of international policies favouring the protection of privacy and the growth of economic opportunity.
Safeguards and diversity
National governments can ensure that their new legal frameworks are compatible with those of the leading industrial nations by following the approach on privacy protection set out by the OECD. And as the convergence of the information economy accelerates, these standards may soon provide the basis for a global agreement on privacy protection.
Similar framework legislation is now needed in the area of consumer protection. What assurance do consumers have when they purchase goods and services online that the safeguards available under their national laws will cover them if they have trouble with a business in another country? Here the experience of the OECD is more recent and, as yet, untested. The recently issued Guidelines for Consumer Protection in Electronic Commerce address critical issues for the online economy. The guidelines cover issues such as transparency; fair business, advertising and marketing practices; as well as payment, dispute resolution and redress. These principles offer guidance to governments and reflect common ground in the effort to establish "rules of the road" to safeguard consumers and promote business. As with privacy protection, new technologies can assist in consumer protection by ensuring that payment mechanisms are secure, that billing is correct and that redress procedures are fair, transparent and easily pursued.
But it is perhaps significant that the OECD has been reluctant to issue standards for regulating the kind of information that could flow across the Internet. It is important to ensure that the traditions of specific countries and cultures are respected. But it is equally important that no one country determine the information that is appropriate for others to receive. The Internet must maintain its diversity of opinion, beliefs, and perspectives in order to develop. Openness remains the key to innovation, freedom and progress.
Where there are specific challenges, they are best addressed under national law, with due regard for international norms that seek to preserve the free exchange of information and ideas, such as the Universal Declaration of Human Rights. And as governments continue to explore the appropriate role for legislation, it will always remain vital to ensure that the public voice is represented in decisions concerning the future of the Internet. Business and government alone cannot make the rules. Civil society should always have a seat at the table. This will promote public understanding and awareness of new policy issues as they arise.
• Marc Rotenberg, The Privacy Law Sourcebook: US Law, International Law, and Recent Developments (EPIC), see http://www.epic.org/pls/.
©OECD Observer No 224, January 2001