Your E-mail:

An Alternative Privacy Framework

By J. Bradley Jansen
July 31, 2001

At a time when we are sorting through billions of privacy notices informing us of our ability to “opt in” or “opt out” of having our information sold or shared by financial institutions, no one seems to be happy with the status quo. Most consumers are either ill-informed, or, according to some privacy advocates, discouraged and confused by the legalese required by the recent implications of the Gramm-Leach-Bliley Act which rewrote most of the financial regulations since the Great Depression.

Financial companies are not happy with the status quo either. The law is poorly written and burdensome according to many. No one seems to think that the consumer is well served in the current situation. Rather than rush in with myriad solutions in search of a problem, the usual Washington, DC practice, there some other regulatory frameworks to consider.

One obvious possibility would be to defer to the consumer as an adult and let the buyer beware. Ultimately it is the individual consumer who knows what he or she wants. Regulators should step in to enforce anti-fraud provisions as a way of enforcing contracts protecting consumer choices. It is unlikely however that Beltway politicians and interest groups will not suffer from the fatal conceit of thinking they know best.

While such an attitude might seem cavalier, consumers are already well protected under contract law. Professors Bruce Kobayashi and Larry Ribstein from George Mason University School of Law have issued a study explaining their views. The study is called “A State Recipe for Cookies: State Regulation of Consumer Marketing Information” and can be found at The report was presented earlier this year at American Enterprise Institute. While focusing on the privacy and consumer protection aspects of computer cookies, the principles of their arguments apply more broadly.

Their paper explains, “Federal law would perversely lock in a single regulatory framework while Internet technology is still rapidly evolving. State law, by contrast, emerges from 51 laboratories [50 states plus the District of Columbia] and therefore presents a more decentralized model that fist the evolving nature of the Internet.”

The reputation of companies would be of increased importance. Under such a scenario, companies could and would compete on privacy in order to attract customers. Rather than the static, homogeneous policies dictated by politicians, privacy policies would always be improving as each company tries to gain a competitive edge over its competitors.

Under this type of competition, most consumers would probably value their time having to look up and understand each of the companies’ privacy policy less highly than many other enjoyable ways of spending time. Not too worry, according to Professors Kobayashi and Ribstein: “infomediaries” would develop in the market to help us. Rather than dismissing such explanations as dreams, we should consider how the real world works.

Information brokers develop in every market where there is a demand and as markets become more sophisticated: Real estate agents help us narrow our home search, the Better Business Bureau helps eradicate the bad apples, the Good Housekeeping Seal of Approval or UL (United Laboratories) seal give consumers a ready, substantive way to make more informed decisions. The current campaign of the Privacy Rights Clearinghouse concerning the privacy policies of financial institutions is another great example; they are offering people an easy way to “opt out” of their information shared or sold, are collecting and posting privacy policies of hundreds of institutions which gives us an easy way of comparing and contrasting these otherwise confusing policies. Of course, we should even give credit to Ralph Nader in a way for educating consumers and helping to make comparison shopping easy with his contributions to Consumer Reports.

Perhaps the best, realistic alternative regulatory framework would be to set up a “home state” functional regulatory policy on privacy. Under this scenario, every financial institution operating in the country would have to claim on state as its domicile or headquarters. The company could then operate throughout the entire country but only have to follow one set of rules. The economic benefits to the company are clear. The benefits to the consumer are real.

Consumers would be able to comparison shop for the privacy regulations they want. Simply decide what regulations fit your individual preferences, find the state that reflects your preferences, and choose an institution from the ones domiciled in that state.

In short, consumers could benefit from all of the advantages of competition-not just of companies competing for their business, but of state regulators competing for business by offering the best regulations that consumers and shareholders want. Let regulators beware.