Home > Past Releases and Reports > AEI-Brookings Study: Consumer-Driven Privacy Protection Beats Bureaucratic Regulation
For Immediate Release
July 26, 2003
Contact: Jim Harper
AEI-Brookings Study: Consumer-Driven Privacy Protection Beats Bureaucratic Regulation
U.S. Privacy Protection Found Equal or Superior to European Regulation by a Number of Measures
Washington, D.C. — A study recently issued by the AEI-Brookings Joint Center for Regulatory Studies explodes the widespread
assumption that European-style privacy regulation is better than the consumer-focused privacy protections dominant in
the United States.
The study, entitled "Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy
Disclosure and Practice in The U.S. and The U.K.," compares U.S. and U.K. e-commerce Web sites' notice and disclosure practices, their adherence to
promises about secondary uses of e-mail addresses, and the state of the market for privacy assurance programs
in the two countries.
Jim Harper, Editor of Privacilla.org, commented: "This study reveals the difference between privacy 'rights' and
actual privacy. American consumers are better positioned to get privacy on the terms they want it than
The study finds that U.S. e-commerce Web sites provide more, and more accessible, privacy notices. This jibes with a
recent Progress and Freedom
Foundation study finding that 100% of the most popular commercial Web sites collecting personal information
have a privacy disclosure. In 2001, Consumers International found U.S. Web privacy practices to be equal or better
to European practices, despite the existence of heavy regulation in Europe.
U.S. and U.K. Web sites are roughly equal in their adherence to commitments they make not to use e-mail
addresses for secondary purposes. In each country, the majority of sites honor consumers' choice not to receive
e-mails. A small number of sites disregard consumers' wishes and inundate them with e-mail.
The AEI-Brookings study finds that the U.S. has a market for privacy assurance services that the U.K. does not.
Seals from organization like Truste and BBB Online communicate to American consumers that Web sites meet certain
privacy and security standards. No similar market for privacy assurance exists in the U.K. under the regulatory model.
Harper: "While Europe has built a creaking privacy bureaucracy, America is poised to move forward with new innovations
that benefit consumers. Countries that follow the bureaucratic model will stand on the sidelines as U.S. consumers
consistently enjoy more goods and services at lower prices, along with the privacy protection they want. Europe may
have all the regulations, but the American system delivers real privacy for real people."
Privacy in the U.S. is protected by a number of subtle processes. Foremost, consumers harness commercial information
practices by rewarding good actors with their dollars and shunning bad actors who might invade privacy. Privacy statements
provide U.S. consumers a contractual basis to sue if businesses do not adhere to privacy claims. And the common law
torts allow anyone to sue a person or business that has wrongfully publicized embarrassing private facts.
In 1995, the European Union's Data Protection Directive commanded European countries to enact a variety of regulations
nominally aimed at privacy. Eleven of the 15 EU Member states missed the 1998
deadline for adopting the Directive's terms in their national laws. Significant differences in the way Member states
have implemented the Directive are impeding information flows in Europe, and internationally as well. Despite requests
from four Member countries, the European Commission recently declined to propose simplifying or harmonizing changes to
All content subject to the Privacilla