Information privacy and marketing: What the U.S. Should (and shouldn't) learn from Europe

California Management Review

Volumn , Issue 2, 2001, Pages 8-33

  Smith, H Jeff ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0035631803     PISSN: 00081256     EISSN: None     Source Type: Journal    
DOI: 10.2307/41166073     Document Type: Article

References (69)

1. Swedish law requires registration of all such databases. Further, one must secure "explicit permission and a license from the DIB" for files that contain "information on sensitive topics, judgments or appraisals of a person, or on persons with no established relationship with the record keeper. Permission is also necessary if the file in question is derived from any other personal files, subject to certain qualifications." See D.H. Flaherty, Protecting Privacy in Surveillance Societies (Chapel Hill, NC: University of North Carolina Press, 1989), p. 116, from which this quote is taken. For additional discussion of different nationalistic approaches to privacy regulation, including that of Sweden, see C.J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992) and C.E.H. Franklin, Business Guide to Privacy and Data Protection Legislation (Paris: ICC Publishing S.A., Kluwer Law International, 1996). For a cohesive discussion of the history of U.S. privacy regulation, see P.M. Regan, Legislating Privacy: Technology, Social Values and Public Policy (Chapel Hill, NC: University of North Carolina Press, 1995).
2. Swedish law requires registration of all such databases. Further, one must secure "explicit permission and a license from the DIB" for files that contain "information on sensitive topics, judgments or appraisals of a person, or on persons with no established relationship with the record keeper. Permission is also necessary if the file in question is derived from any other personal files, subject to certain qualifications." See D.H. Flaherty, Protecting Privacy in Surveillance Societies (Chapel Hill, NC: University of North Carolina Press, 1989), p. 116, from which this quote is taken. For additional discussion of different nationalistic approaches to privacy regulation, including that of Sweden, see C.J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992) and C.E.H. Franklin, Business Guide to Privacy and Data Protection Legislation (Paris: ICC Publishing S.A., Kluwer Law International, 1996). For a cohesive discussion of the history of U.S. privacy regulation, see P.M. Regan, Legislating Privacy: Technology, Social Values and Public Policy (Chapel Hill, NC: University of North Carolina Press, 1995).
3. Swedish law requires registration of all such databases. Further, one must secure "explicit permission and a license from the DIB" for files that contain "information on sensitive topics, judgments or appraisals of a person, or on persons with no established relationship with the record keeper. Permission is also necessary if the file in question is derived from any other personal files, subject to certain qualifications." See D.H. Flaherty, Protecting Privacy in Surveillance Societies (Chapel Hill, NC: University of North Carolina Press, 1989), p. 116, from which this quote is taken. For additional discussion of different nationalistic approaches to privacy regulation, including that of Sweden, see C.J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992) and C.E.H. Franklin, Business Guide to Privacy and Data Protection Legislation (Paris: ICC Publishing S.A., Kluwer Law International, 1996). For a cohesive discussion of the history of U.S. privacy regulation, see P.M. Regan, Legislating Privacy: Technology, Social Values and Public Policy (Chapel Hill, NC: University of North Carolina Press, 1995).
4. Swedish law requires registration of all such databases. Further, one must secure "explicit permission and a license from the DIB" for files that contain "information on sensitive topics, judgments or appraisals of a person, or on persons with no established relationship with the record keeper. Permission is also necessary if the file in question is derived from any other personal files, subject to certain qualifications." See D.H. Flaherty, Protecting Privacy in Surveillance Societies (Chapel Hill, NC: University of North Carolina Press, 1989), p. 116, from which this quote is taken. For additional discussion of different nationalistic approaches to privacy regulation, including that of Sweden, see C.J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992) and C.E.H. Franklin, Business Guide to Privacy and Data Protection Legislation (Paris: ICC Publishing S.A., Kluwer Law International, 1996). For a cohesive discussion of the history of U.S. privacy regulation, see P.M. Regan, Legislating Privacy: Technology, Social Values and Public Policy (Chapel Hill, NC: University of North Carolina Press, 1995).
5. R.A. Posner, "An Economic Theory of Privacy," in F.D. Schoeman, ed., Philosophical Dimensions of Privacy: An Anthology (Cambridge: Cambridge University Press, 1984), pp. 333-345, quotation on p. 333.
6. A. Westin, Privacy and Freedom (New York, NY: Atheneum, 1967), p. 2.
7. C.J. Williams, "Germans Speak Up to Defend European Privacy Laws," Los Angeles Times, April 2, 1999, p. 5.
8. S. Lyall, "Britain Quietly Says It's Time to Adopt a Bill of Rights," New York Times, October 3, 1999, p. D6.
9. D. Taylor, and S. Chowdhury, "A Field Day for Crackpots," The Express, October 2, 2000.
10. Williams, op. cit., p. 5.
11. G. Hofstede, Culture's Consequences (Newbury Park, CA: Sage Publications, 1984).
12. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities 95/L281.
13. "Data Privacy Deal," Journal of Commerce, March 28, 2000, p. 4.
14. U.S. Department of Commerce, "Safe Harbor Overview," available online at .
15. E. Sanders, "U.S. Firms Abstain From EU Privacy Pact," Los Angeles Times, January 5, 2001, p. C3.
16. Federal Trade Commission (FTC), "Privacy Online: Fair Information Practices in the Electronic Marketplace," Washington, DC, May 2000, available at .
17. Underlined terms are those used in the report.
18. See the FTC report, pp. 23-24, from which these observations have been paraphrased.
19. C. Seward, "eBUSINESS," Atlanta Constitution, September 1, 2000, p. 2F.
20. M. Soto, "New Rules on Privacy for Amazon's Visitors," Seattle Times, September 1, 2000, p. C1.
21. E. Hendricks, "Capital Insights," Privacy Times, September 15, 2000, p. 1. Also, see E. Hendricks, "U.S., UK Advocates Challenge Amazon's Change on Privacy," Privacy Times, October 4, 2000, pp. 5, 6.
22. E. Hendricks, "Capital Insights," Privacy Times, September 15, 2000, p. 1. Also, see E. Hendricks, "U.S., UK Advocates Challenge Amazon's Change on Privacy," Privacy Times, October 4, 2000, pp. 5, 6.
23. "Amazon Betrays Customers With New Privacy Policy," Atlanta Constitution, September 6, 2000, p. 8A.
24. R.D. Hof, "A New Era of Bright Hopes and Terrible Fears," Business Week, October 4, 1999, pp. 84-98. Specific numerical reference is inset on p. 90.
25. G.R. Milne, "Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework Overview of the Special Issue," Journal of Public Policy and Marketing, 19/1 (2000): 1-6. This quote is from p. 1 and refers to G.R. Milne and M-E Boza, "A Business Perspective on Database Marketing and Consumer Privacy Practices," Marketing Science Institute Working Paper No. 98-110, Cambridge, MA, 1998.
26. G.R. Milne, "Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework Overview of the Special Issue," Journal of Public Policy and Marketing, 19/1 (2000): 1-6. This quote is from p. 1 and refers to G.R. Milne and M-E Boza, "A Business Perspective on Database Marketing and Consumer Privacy Practices," Marketing Science Institute Working Paper No. 98-110, Cambridge, MA, 1998.
27. Milne, op. cit., p. 1.
28. K.B. Sheehan and M.G. Hoy, "Flaming, Complaining, Abstaining: How Online Users Respond to Privacy Concerns," Journal of Advertising, 28/3 (1999): 37-51.
29. J. Hagel III and M. Singer, Net Worth: Shaping Markets When Customers Make the Rules (Boston, MA: Harvard Business School Press, 1999), p. 5.
30. "Harris-Equifax Consumer Privacy Survey 1991," Equifax Inc., Atlanta, GA, 1991.
31. G.R. Milne, "Consumer Participation in Mailing Lists: A Field Experiment," Journal of Public Policy and Marketing, 16/2 (1997): 298-309. These quotations are from p. 300.
32. Milne (1997), op. cit., p. 303.
33. Milne (1997), op. cit., Table 1, p. 300.
34. Directive 95/46/EC, Section VII, Article 14(b).
35. P.M. Schwartz and J.R. Reidenberg, Data Privacy Law: A Study of United States Data Protection. (Charlottesville, VA: Michie Law Publishers, 1996), p. 229.
36. L.R. Fischer, The Law of Financial Privacy: A Compliance Guide (Boston, MA: Warren, Gorham, and Lamont, 1991), pp. 7.1-7.24. See also H.J. Smith, Managing Privacy: Information Technology and Corporate America (Chapel Hill, NC: University of North Carolina Press, 1994), pp. 23-24.
37. L.R. Fischer, The Law of Financial Privacy: A Compliance Guide (Boston, MA: Warren, Gorham, and Lamont, 1991), pp. 7.1-7.24. See also H.J. Smith, Managing Privacy: Information Technology and Corporate America (Chapel Hill, NC: University of North Carolina Press, 1994), pp. 23-24.
38. For a general overview of the GLB, see H.R. Cohen and W.J. Sweet, Jr., After the Gramm-Leach-Bliley Act (New York, NY: Practising Law Institute, 2000).
39. Federal Trade Commission, "Privacy of Consumer Financial Information," Code of Federal Regulations (as of January 1, 2001), Title 16 - Commercial Practices, Part 313, which applies to many financial organizations. A parallel set of rules for banks (with essentially the same provisions) has been issued jointly by the Department of the Treasury, Office of the Comptroller of the Currency (12 CFR Part 40, Docket No. 00-10; Board of Governors of the Federal Reserve System (12 CFR Part 216, Docket No. R-1058); Federal Deposit Insurance Corporation (12 CFR Part 332); and the Department of the Treasury, Office of Thrift Supervision (12 CFR Part 573, Docket No. 2000-45).
40. The few prohibitions on secondary uses of data for marketing purposes that exist in federal law (i.e., cable subscriptions, video rental records, credit histories) apply to external transfers. See Schwartz and Reidenberg, op. cit., pp. 312-315.
41. Milne (1997), op. cit., Table 1.
42. Equifax, op. cit., 1996.
43. A.F. Westin, "How the American Public Views Consumer Privacy Issues in the Early 90's - and Why," Testimony before the Subcommittee on Government Information, Justice, and Agriculture of the Committee on Government Operations, U.S. House of Representatives, Washington, D.C., April 10, 1991.
44. Schwartz and Reidenberg, op. cit.
45. E. Hendricks, "Capital Insights," Privacy Times, December 18, 2000, p. 1.
46. E. Hendricks, "Capital Insights," Privacy Times, January 18, 2001, p. 1.
47. M. Rotenberg, "Can We Keep a Secret?" American Lawyer (January 2001), pp. 80, 81; Hendricks (January 18, 2001), op. cit
48. M. Rotenberg, "Can We Keep a Secret?" American Lawyer (January 2001), pp. 80, 81; Hendricks (January 18, 2001), op. cit
49. E. Hendricks, "Colorado, Florida on the Road to Recommendations," Privacy Times, January 18, 2001, pp. 2, 3.
50. M. Benson and G.R. Simpson, "Privacy Measure for U.S. Is Backed by Trade Group," Wall Street Journal, January 18, 2001, p. B6.
51. M. Maremont, "We'll Be Watching You," Wall Street Journal, January 1, 2000, p. R26.
52. L. Sichelman, "Financial Industry's Privacy Policies Due," San Diego Union-Tribune, November 5, 2000, p. I-1.
53. Some contextual hypotheses about approaches that may be more or less effective in this regard can be found in M.J. Culnan and S.J. Milberg, "The Second Exchange: Managing Customer Information in Marketing Relationships," working paper, Georgetown University, McDonough School of Business, Washington, D.C., 1998. An extensive societal mechanism for collection and marketing of consumer data is described in K.C. Laudon, "Markets and Privacy," Communications of the ACM, 39/9 (1996): 92-104.
54. Some contextual hypotheses about approaches that may be more or less effective in this regard can be found in M.J. Culnan and S.J. Milberg, "The Second Exchange: Managing Customer Information in Marketing Relationships," working paper, Georgetown University, McDonough School of Business, Washington, D.C., 1998. An extensive societal mechanism for collection and marketing of consumer data is described in K.C. Laudon, "Markets and Privacy," Communications of the ACM, 39/9 (1996): 92-104.
55. Sichelman, op. cit.
56. G.R. Milne and A.J. Rohm, "Consumer Privacy and Name Removal Across Direct Marketing Channels: Exploring Opt-In and Opt-Out Alternatives," Journal of Public Policy and Marketing, 19/2 (2000): 238-249.
57. M. Rotenberg, "Database Marketing," Sloan Management Review, 35/2 (1994): 8. Rotenberg's comments were in the "Letters" section.
58. Flaherty, op. cit., p. 95.
59. Ibid., p. 115.
60. Study by Annette Kavaleff, cited by Flaherty, op. cit., p. 103.
61. Flaherty, op. cit., p. 131.
62. C.J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992), p. 189.
63. Ibid., p. 189.
64. Ibid., p. 239.
65. J. Baker, testimony before the Subcommittee on Government Information, Justice, and Agriculture of the Committee on Government Operations, U.S. House of Representatives, Washington, D.C., April 10, 1991.
66. E. Weise, "Privacy Is Peter Swire's Domain: Behind the Scenes, He's President's Go-to Guy," USA Today, June 7, 2000, p. 1D.
67. Smith (1994), op. cit.
68. Direct Marketing Association (DMA), Fair Information Practices Manual (Washington, DC: Direct Marketing Association, 1994).
69. E.M. Caudill and P.E. Murphy, "Consumer Online Privacy: Legal and Ethical Issues," Journal of Public Policy and Marketing, 19/1 (2000): 7-19.