April 18, 2001, 4:36 PM — It's increasingly clear that U.S. consumers are eager for policymakers to establish rules protecting online privacy. After several years of awaiting effective industry self-regulation to protect consumers, the Federal Trade Commission (FTC) last year conceded that self-regulation alone was insufficient and recommended that Congress act.
Technological tools: I have long believed in technology's potential to solve some of the problems it poses. I'm particularly encouraged by the growing cadre of software engineers and entrepreneurs who have developed and begun to market technologies that permit consumers to enhance their own privacy.
We must also recognize that privacy-enhancing tools have policy limitations. Relying solely on technology puts privacy at the trailing edge of a never-ending process of technological one-upmanship. Moreover, consumers can't be expected to fully protect themselves through technology, because not every consumer -- at least in the short term -- will be savvy enough to utilize such technology. That's why remedies beyond technological tools are necessary.
For privacy notices to work, they must be conspicuous and in plain language. It serves neither consumers nor online commerce if posted notices are hard to find or difficult to understand.
Conversely, if a company doesn't post a policy and then engages in personal information highjacking, it's legally able to continue on its merry way. The company is shielded by the "privacy paradox": As long as it never promises to protect privacy, it can never be accused of deceiving its customers.