AN ALTERNATIVE PRIVACY FRAMEWORK

By J. Bradley Jansen, Deputy Director, Center for Technology Policy, Free Congress
Foundation
The Free Congress Commentary, From the "Endangered Liberties" Television Program,
July 31, 2001

At a time when we are sorting through billions of privacy notices informing us of

our ability to "opt in" or "opt out" of having our information sold or shared by
financial institutions, no one seems to be happy with the status quo. Most
consumers are either ill-informed, or, according to some privacy advocates,
discouraged and confused by the legalese required by the recent implications of
the Gramm-Leach-Bliley Act which rewrote most of the financial regulations since
the Great Depression.

Financial companies are not happy with the status quo either. The law is poorly
written and burdensome according to many. No one seems to think that the consumer
is well served in the current situation. Rather than rush in with myriad solutions
in search of a problem, the usual Washington, DC practice, there some other
regulatory frameworks to consider.

One obvious possibility would be to defer to the consumer as an adult and let the
buyer beware. Ultimately it is the individual consumer who knows what he or she
wants. Regulators should step in to enforce anti-fraud provisions as a way of
enforcing contracts protecting consumer choices. It is unlikely however that
Beltway politicians and interest groups will not suffer from the fatal conceit of
thinking they know best.

While such an attitude might seem cavalier, consumers are already well protected
under contract law. Professors Bruce Kobayashi and Larry Ribstein from George
Mason University School of Law have issued a study explaining their views. The
study is called "A State Recipe for Cookies: State Regulation of Consumer
Marketing Information" and can be found at
http://www.federalismproject.org/conlaw/ecommerce/cookies.html. The report was
presented earlier this year at American Enterprise Institute. While focusing on
the privacy and consumer protection aspects of computer cookies, the principles of
their arguments apply more broadly.

Their paper explains, "Federal law would perversely lock in a single regulatory
framework while Internet technology is still rapidly evolving. State law, by
contrast, emerges from 51 laboratories [50 states plus the District of Columbia]
and therefore presents a more decentralized model that fist the evolving nature of
the Internet."

The reputation of companies would be of increased importance. Under such a

scenario, companies could and would compete on privacy in order to attract
customers. Rather than the static, homogeneous policies dictated by politicians,
privacy policies would always be improving as each company tries to gain a
competitive edge over its competitors.

Under this type of competition, most consumers would probably value their time
having to look up and understand each of the companies' privacy policy less highly
than many other enjoyable ways of spending time. Not too worry, according to
Professors Kobayashi and Ribstein: "infomediaries" would develop in the market to
help us. Rather than dismissing such explanations as dreams, we should consider
how the real world works.

Information brokers develop in every market where there is a demand and as markets
become more sophisticated: Real estate agents help us narrow our home search, the
Better Business Bureau helps eradicate the bad apples, the Good Housekeeping Seal
of Approval or UL (United Laboratories) seal give consumers a ready, substantive
way to make more informed decisions. The current campaign of the Privacy Rights
Clearinghouse concerning the privacy policies of financial institutions is another
great example; they are offering people an easy way to "opt out" of their
information shared or sold, are collecting and posting privacy policies of
hundreds of institutions which gives us an easy way of comparing and contrasting
these otherwise confusing policies. Of course, we should even give credit to Ralph
Nader in a way for educating consumers and helping to make comparison shopping
easy with his contributions to Consumer Reports.

Perhaps the best, realistic alternative regulatory framework would be to set up a

"home state" functional regulatory policy on privacy. Under this scenario, every
financial institution operating in the country would have to claim on state as its
domicile or headquarters. The company could then operate throughout the entire
country but only have to follow one set of rules. The economic benefits to the
company are clear. The benefits to the consumer are real.

Consumers would be able to comparison shop for the privacy regulations they want.
Simply decide what regulations fit your individual preferences, find the state
that reflects your preferences, and choose an institution from the ones domiciled
in that state.

In short, consumers could benefit from all of the advantages of competition--not

just of companies competing for their business, but of state regulators competing
for business by offering the best regulations that consumers and shareholders
want. Let regulators beware.