Jewish World Review July 18, 2000 /15 Tamuz, 5760
James K. Glassman
But last week, the FTC launched another suit against a company in the digital economy, and we're all for it. On July 10th, the Commission sued bankrupt retailer Toysmart.com for misrepresentation, a violation specifically mentioned in the law that gives the FTC its authority. The FTC alleges that Toysmart promised its customers that it would never share their personal information with any third parties, and then offered to sell its customer data to other companies. Clearly, the bankrupt firm should do its best to pay creditors, but if they promised not to share the data, they shouldn't share the data. This is exactly the kind of case that the FTC should be pursuing, and it's a useful reminder of the appropriate role of regulators.
By law, the FTC is supposed to prosecute companies for misleading or deceptive sales practices. A company promises its nutritional supplement will make you younger, richer and happier. A marketing firm processes credit-card orders with no intention of delivering the promised Elvis memorabilia. A consumer lender misrepresents the rate it will charge on a loan. A website promises to safeguard your data and then sells it.
The problem is that lately the FTC has tried to move beyond the mundane task of investigating consumer rip-offs to assume the role of lawgiver of cyberspace. The Commisssion has made up its own list of things it would like companies to do in the area of online privacy. And now it's pressuring companies and legislators to get with the program.
But the Toysmart case is a perfect example of why we don't need new privacy laws. The website and its customers mutually agreed on acceptable terms for doing business. Toysmart apparently assured customers that their private information, such as names, addresses, buying preferences and kids' birthdays, would not be shared with other companies. Then the company tried to sell the data, and so now the Feds are landing on the company with both feet. Isn't that how it's supposed to work? What's the need for new laws? This isn't a situation like the campaign finance scandals, in which the President's campaign broke the law and was allowed to escape punishment. This system is working.
In fact, for those who favor market solutions to problems with online privacy, this case has another interesting twist. The FTC was alerted to Toysmart's activities by TRUSTe, the private group of which Toysmart was a member. Toysmart had agreed to a set of consumer safeguards, paid to register with TRUSTe, and earned the right to display the TRUSTe seal on its website. When it became apparent that Toysmart might be mistreating consumers, TRUSTe responded. This is a success story for the free marketplace, not an argument for more laws.
If people want even greater privacy safeguards than a promise to abide by certain standards, then the market can certainly deliver them. Think of the Audit Bureau of Circulation, which audits the circulation figures of various magazines and newspapers, or Underwriters Laboratories, which checks out consumer electronics devices. If people really care about online privacy and are willing to spend time and/or resources to ensure it, the tools are there.
Government regulation, on the other hand, is by definition not a response to consumer demand. It imposes inflexible standards on businesses and consumers, who may not even want them. Maybe consumers want different options, depending on the situation. Maybe they want to sell their personal information, or accept frequent flyer awards for agreeing to share personal data.
We also should remember that no matter how much we restrict private
companies from collecting personal informaion, the government ensures that
your affairs can not remain completely private. Whether it's your birth,
your driving record, or the size of your mortgage, much of your life ends up
in the public
07/13/00: Silicon Valley East