Those of us at
TechCentralStation, are not big fans of litigation. We don't view plaintiff attorneys as selfless heroes just trying to help the little guy. And we're even less enthusiastic about government lawyers who sue great technology firms. The Microsoft case, instigated by competitors who would rather whine to Washington than compete in the marketplace, is an absolute disgrace. Ditto the Federal Trade Commission's 1998 anti-trust suit against Intel, which was settled in 1999.
But last week, the FTC launched another suit against a company in the digital economy, and we're all for it. On July 10, the Commission sued bankrupt retailer Toysmart.com for misrepresentation, a violation specifically mentioned in the law that gives the FTC its authority. The FTC alleges that Toysmart promised its customers that it would never share their personal information with any third parties, and then offered to sell its customer data to other companies. Clearly, the bankrupt firm should do its best to pay creditors, but if they promised not to share the data, they shouldn't share the data. This is exactly the kind of case that the FTC should be pursuing, and it's a useful reminder of the appropriate role of regulators.
Advertisement - story continues below
By law, the FTC is supposed to prosecute companies for misleading or deceptive sales practices. A company promises its nutritional supplement will make you younger, richer and happier. A marketing firm processes credit-card orders with no intention of delivering the promised Elvis memorabilia. A consumer lender misrepresents the rate it will charge on a loan. A website promises to safeguard your data and then sells it.
The problem is that lately the FTC has tried to move beyond the mundane task of investigating consumer rip-offs to assume the role of lawgiver of cyberspace. The Commission has made up its own list of things it would like companies to do in the area of online privacy. And now it's pressuring companies and legislators to get with the program.
But the Toysmart case is a perfect example of why we don't need new privacy laws. The website and its customers mutually agreed on acceptable terms for doing business. Toysmart apparently assured customers that their private information, such as names, addresses, buying preferences and kids' birthdays, would not be shared with other companies. Then the company tried to sell the data, and so now the feds are landing on the company with both feet. Isn't that how it's supposed to work? What's the need for new laws? This isn't a situation like the campaign finance scandals, in which the president's campaign broke the law and was allowed to escape punishment. This system is working.
In fact, for those who favor market solutions to problems with online privacy, this case has another interesting twist. The FTC was alerted to Toysmart's activities by
TRUSTe, the private group of which Toysmart was a member. Toysmart had agreed to a set of consumer safeguards, paid to register with TRUSTe, and earned the right to display the TRUSTe seal on its website. When it became apparent that Toysmart might be mistreating consumers, TRUSTe responded. This is a success story for the free marketplace, not an argument for more laws.
Advertisement - story continues below
If people want even greater privacy safeguards than a promise to abide by certain standards, then the market can certainly deliver them. Think of the Audit Bureau of Circulation, which audits the circulation figures of various magazines and newspapers, or Underwriters Laboratories, which checks out consumer electronics devices. If people really care about online privacy and are willing to spend time and/or resources to ensure it, the tools are there.
Government regulation, on the other hand, is by definition not a response to consumer demand. It imposes inflexible standards on businesses and consumers, who may not even want them. Maybe consumers want different options, depending on the situation. Maybe they want to sell their personal information, or accept frequent flyer awards for agreeing to share personal data.
We also should remember that no matter how much we restrict private companies from collecting personal information, the government ensures that your affairs cannot remain completely private. Whether it's your birthday, your driving record, or the size of your mortgage, much of your life ends up in the public record.