Personal electronic data protection : United States. Chapter 3

• Pages: 46-60
• DOI: 10.10520/EJC74043
• Date: 01 January 2005
• Author: Leani Marlie Van Schalkwyk
• Published date: 01 January 2005

CHAPTER 3

PERSONAL ELECTRONIC DATA PROTECTION:

UNITED STATES

1. Introduction

The similarity between the provisions regarding data protection con-

tained in the Electronic Communications and Transactions Act214

and regulations emerging internationally is evident. In many juris-

dictions (importantly those of our major trading partners), data

protection is legislated: be that by way of sectoral legislation as is

found in the US or in general data protection legislation which is found

primarily in Europe (under the banner of the European Union). It

seems that data protection is no longer an area where the private

sector is able to regulate itself without some sort of legislative in-

terference. The United States is the only country which persists in

its policy of self-regulation. Furthermore, most countries have now

recognised that the creation of legislation in this area without some

kind of enforcement mechanism doesn’t protect the data subject’s

right to privacy adequately.

The Data Protection Authority in the Netherlands, the “College Be-

scherming Persoonsgegevens”(CBP), in conjunction with its Spanish

equivalent, did an investigation on the manner in which service pro-

viders collect and treat information.215 It seemed that it was not clear

to what extent information about consumers were used for market-

ing purposes. They found that the Spanish service providers give

better information to their customers than the Dutch counterparts.

The Spanish service providers mostly had a privacy policy and re-

quired the consent of the customers to make information known to

third parties.This was not the case with the Dutch service providers.

The investigation emphasised the fact that there exists uncertainty

over the determination and use of personal data by the providers

and that they are often unaware of the rules that protect the privacy

of their subscribers. It is normally difficult for the subscriber to get

insight into the manner in which the service provider treats his or

her personal data. When a person applies for subscription more

information than what is necessary for access to the Internet, is

often required. The service provider often does not make it clear

for what purposes this information will be used. It was also found

that service providers who supplied free access to the Internet do

46

214 South Africa Act 25 of 2002.

215 This was published in the annual report of the CBP (Available at

www.cbpweb.nl/structuur/pag_handel.htm).