Electronic Commerce, Consumer Rights and Data Privacy (cont.)

Consumer

It is therefore not surprising the increasing clamour for a "consumer bill of rights" for the electronic age to be promulgated which would establish for the consumer the right:

1. to be informed of and to validate the identity and location of the organisations offering electronic commerce;
2. to procure authentic products and services as specified in the offerings;
3. to have a mechanism for redress of problems arisen from business transactions;
4. to be provided with adequate consumer education of their rights in cyberspace; and
5. with regard to personal data privacy:

• to have the choice and individual empowerment to browse and transact business on an anonymity basis;
• to be informed up-front of the purpose and subsequent? use and disclosure of personal data to be collected by the data users;
• that the personal information collected is kept accurate and secure;
• to have the right of data access and correction;
• to have the right to "opt-out"; and
• the collection of personal data from children should have parental consent and control.

Organisations Offering Electronic Commerce

Policy on Data Privacy

To protect the data privacy rights of the consumers, organisations offering electronic services should:

• provide a choice of anonymity for browsing visitors and customers;
• have a policy on personal data privacy which should include purpose specifications of data collection, subsequent usage and disclosure of data collected, the availability of opt-out, data access and correction procedures, complaint and redress mechanisms, and where relevant a policy on the collection of data from children which should involve parental consent and control;
• display the afore-mentioned policy at the website; and
• provide encryption facilities for the collection of sensitive data.

In addition, business organisations should provide for their employees on-going education on the importance of data privacy and instil a "privacy conscious" culture.

Privacy Seals

Accreditation with a recognised "privacy seal " provides further assurance to the consumers on the credence to the organisation's compliance with an adequate privacy policy. Examples of such seals are:

Privacy Enhancing Technologies and Tools

Business organisations should keep up to date with and implement relevant privacy enhancing technologies and tools for their online operations to enhance consumers' trust and confidence. Solutions based on such technologies should provide a practical response to consumer concerns while still preserving business interests.

A good example is P3P (Platform for Privacy Preferences) ⁸ developed by the W3C (World Wide Web Consortium) which allows websites and consumers to describe their privacy practices in a common language and format, and allow seamless access if the profiles match or allow for conscientious overrides through negotiation if the profiles mismatch.

Business/Industry Sectors

Sectoral representative bodies should develop for their members codes of practice on data privacy, which provide specific guidelines to their respective sector through application of a set of data protection principles to the unique operational characteristics of the sector. These data protection principles are either based on those enshrined in legislation on personal data privacy or recognised standards established jointly by government and the private sector. Besides their monitoring role, these representative bodies should also have the responsibility to handle and to provide redress mechanisms for complaints from customers on non-compliance of the codes of practice.