E-commerce stores should consider data protection and privacy

Are you processing personal data through your website in order to faciliate commerce?  In simpler terms, are you asking customers to provide information about themselves through your website, app, or email addess, followed by using that information in order to carry out your business?

One of the questions of the self-assessment written by the Information Commissioner’s Office (ICO) states: “Do you only process personal data for staff administration, advertising, marketing or public relations, or accounts or records?”  Another states: “Do you process individuals’ information for advertising, marketing or public relations?” And: “Do you process individuals’ information for accounts or financial records?”  If the answer to any of these is ‘no,’ then you need to register with the ICOIf you are meant to register but have not, the ICO might come knocking on your door with more than just a slap on the wrist.

Of key interest to online retail store owners would be the last question about accounts and financial records, and the ICO provides guidance on this in the self-assessment:

You should answer ‘Yes’ if you:

  • only process information necessary for undertaking and managing transactions with your suppliers and customers; and 
  • only share the information with people and organisations necessary to do this. Important – if individuals give you permission to share their information, this is also allowed; and
  • keep the information while you have a relationship with the supplier or customer it refers to or as long as necessary for your accounts and financial records.

So as long as you are doing just the above, this should be sufficient, but in case of any doubt, seek legal assistance.  Just as well, the other aspects of the assessment must be met properly regarding communications (advertising, marketing, and public relations).  It may be prudent to register with the ICO voluntarily, which can indeed be considered to be a mark of integrity and credibility with customers who can have confidence their personal data is used in accordance with the law.  Don’t forget to secure your data, too.

Lack of uniformity in data protection laws

When regulators set different rules as to what is insufficient practice, what are the consequences for the marketplace?  Furthermore, what might this say about what players in the marketplace and their priorities, especially regarding privacy and security?

When data breaches occur, there are consequences for the victims who may be directly or indirectly tied to such data, the legal owners of that data, the legitimacy of the systems managing that data, and the companies who manage those systems.  However, the laws regarding data protection are not uniform, and today we may look no further than the recent PlayStation Network data breach to observe this reality.

In the European Union, a number of member states have regulators that monitor and impose duties upon controllers of data, whereas in the United States, there are no such duties, although public opinion would set expectations.  However, while in the European Union the regulators will impose fines upon data controllers for breaches, in the United States the only reasonable recourse is to target the company in class-action litigation.

In a global, interconnected world, where the “cloud” is the future, in which data travels and is stored across multiple jurisdictions at lightning-fast speeds, some form of uniformity regarding duties should be imposed upon any party deciding to engage in activity that deals with data that is expected to be secure.  If a general expectation of privacy and security to be provided by a party exists, a subsequent general duty to meet that expectation for the sake of the consuming party should also exist.  For that reason, continental regulation is not enough.  In the situation in which a party may be breaching laws in one country yet may not be in another is not good enough, especially when the law in question deals with material that is intended either to be used or to be stored from around the world.  In the situation in which a party may be facing a class-action lawsuit yet not a regulatory fine, while the same party may face the latter elsewhere, the law is confusing and counter-productive.

Either everyone should adhere to a system of data protection regulation and incur penalties as necessary, everyone should adhere to civil litigation, or both.  Data controllers should be reminded that their actions have global consequences, but they should also have a reasonable expectation of a consistent penalty regarding those consequences.

Shifting from brick and mortar commerce to electronic commerce

Work in progress, sources to be cited.

Technology dramatically changes markets.  It could be considered both the cause and the effect of economic activity, including recessions.  From the agricultural revolution to the industrial revolution and now the information revolution, business will continue to change, particularly with the exponential increases in technological development.  Rules, regulations, laws, and business methods will undergo modification in suit for the purpose of maintaining market stability.

Structural Adjustment

Structural adjustment policies implemented in countries since the recent global economic recession have come to define the winners and the losers in the marketplace.  Businesses with enough capital will typically acquire these losers, and with such acquisition comes change.  Structural adjustment policies break down trade barriers, and they inevitably open up affected markets to the greater world for competition.  To compete in the global market, the application of the latest technologies applicable for an industry is a must.

Brick and Mortar

Selling goods in the past required general observation of the local marketplace, sometimes traveling around to determine the best suppliers and distributors.  In 2007, when I was taking a class on Intellectual Property and E-Commerce, it was sincerely the first time I heard of the phrase “brick and mortar” as applied to types of businesses.  It is a retronym, signifying the progressive road to redundancy of businesses with simply a physical presence.

Trade Liberalization

With the breakdown of trade barriers and tariff reductions, as done in North America through NAFTA and in the European Union, competition is encouraged and increased.  The World Trade Organization and its members have implemented policies which foster this kind of trade. With the target market now based anywhere delivery services will go, having a store to drive to – or even worse, to fly to – is not what customers want.  They save that kind of traveling for tourism.  Instead, for better or for worse, customers are hooked up to the Internet, and at the convenience of typing a website URL, hitting enter, searching for a product, and clicking ‘buy’, going to the physical store is not helpful.  To be fair, this will not apply so well for the fashion retail market when it comes to handling the fitting room issue, or for large, expensive goods such as boats and cars, but there are stores that do allow for this, whether on digital auction or classifieds websites.  The fashion retail market takes advantage of e-commerce as well, sometimes offering apparel exclusively online.

Why the Change?

What happened to the businesses that failed?  Were they so outdone by their competitors that they had no chance to succeed?  Or were their business methods outdated?  It depends on the market in question, but business methods regularly become outdated.  For video rental services, going to the physical store used to be necessary.  Then it became possible to request videos for delivery, and now it is possible to watch videos on demand via the Internet, entirely removing the need for the physical store.

In the media market, access and convenience is so crucial that media piracy, particularly in the entertainment sector, was ahead of its time, siphoning off what would have been legitimate sales.  Businesses eventually accepted the reality, and many leading businesses have pioneered digital media sales, offering music, television, and film online and at a cheaper cost than physical media.  Production and distribution of media on a physical medium has proven to be inefficient and is certainly out of touch with the market.

If the customer has the convenience of not requiring transportation services to be productive, then the customer will use that convenience, especially if there is little to no hassle in terms of cost and time to achieve that desired productivity.  In some cases, customers are willing to pay for the convenience of staying wherever they are at the time of purchase.

Structural Unemployment

Regarding employment in the retail market, what happens to businesses that realize their old business methods required personnel trained in those old business methods?  Typically, unless those exact personnel can be trained to adhere to the new business methods, they will soon become unemployed.  Brick and mortar employees do not carry out the same activities as employees of a digital enterprise, and due to there being typically just one ‘store location’, fewer employees are needed altogether.

On a positive note, the capital raised by companies allows for investment in existing and potentially new sectors, eventually allowing structural adjustment to take place with the retraining of individuals on unemployment benefits to fit the new job sectors and their growth.  In the United States, a push towards renewable energy and high-speed rail infrastructure is taking place, and recognition of structural unemployment encourages investment and lobbying in this area.

Challenges and Opportunities

The information revolution has become so pervasive that profit models have changed along with it.  With the entertainment sector fully aware of the troubles of piracy and its effect on sales, some pioneers have decided to offer music, television, and film entirely free for consumers, though there is one caveat.  The advertising sector will continue to see its profits soar as companies will find easier ways to market their products and services to consumers, and one of the easiest ways is to advertise their products and services on a free product or service itself.  The business benefits from receiving advertisement placement fees, advertising companies increase their competition to provide appropriate advertisements for businesses interested in paying the original business for distributing their advertisements.  This may annoy some consumers who prefer advertisement-free content, but the solution is only part of another profit model, freemium.

Freemium gives an e-commerce business the advantage of offering a free product or service in addition to premium products or services.  Customers who prefer no advertisements will either pay or continue to be unsatisfied.  The freemium model is not highly conducive for tangible products and labor-intensive services as physical materials and actual personnel will have some kind of associated resource cost.  However, it is arguable that businesses offering ‘free consultation’ can now do so online, greatly expanding their market to the entire globe, if that is their desire.  This model also acts as free marketing for a business, informing customers of other products and services they offer without requiring the customer to look for such offers on their own.

Financial and legal advisers to companies will have to focus on these rapid, ongoing market changes to properly advise their clients, determining which business models are applicable and which ones are affordable given potential regulations and laws in effect.


Today, a fruit shopkeeper in a random town or city no longer sells just to customers in the local area.  Today, the sales and distribution will take place anywhere people are willing to pay for delivery.  Today, information is moving from physical media to digital media, and the transition happens to recognize the move towards sustainability and environmental preservation.

Electronic commerce is both cost effective and environmentally friendly.  This may not factor out the resources used or the pollution caused by product allocation and distribution, but such effects alone cannot discount the benefits of advanced commerce.  These negative effects can and will eventually gain the focus required to sustain competition in reducing these negative effects, through the development of more efficient and sustainable energy and transportation infrastructure, further benefiting the economy and society as a whole.

The tipping point for data protection to become the norm

With consumer security becoming highlighted constantly in the wave of online account phishing attacks, consumers becoming further concerned their communications could be compromised, and the PR message that consumers need to “watch what they are doing online” failing to modify consumer behavior on a wide scale, the tide in secure communications is turning.

In January 2010, Google began offering secure authentication access for its search engine.  For the first time in the competitive search market, security in searches became a reality.  Google had already offered HTTPS (Hypertext Transfer Protocol Secure) support through Gmail, which major email player Hotmail added only in November.  Google has also led the way in online collaborative office work through Google Docs, which uses HTTPS to protect confidential materials.  Yahoo! Email in the United States has yet to join the bandwagon, which it ought to as allowing consumer data to flow freely around public wireless hotspots is not preferable, and consumers have been continually gaining awareness about privacy and security.

Facebook, arguably now the world’s most popular website with over 500 million users, has also been using Yahoo!’s strategy in the United States only to allow HTTPS for logging in, to protect the password.  However, and with respect to Privacy Day that passed only yesterday, Facebook has set the stage for HTTPS to become the norm by beginning its roll out of full HTTPS support throughout the Facebook website.  This is data protection compliance at its fullest, as it ensures the consumer is obtaining the highest amount of security based on current consumer and professional standards.

Most e-commerce businesses, including financial services, have an obligation to implement HTTPS onto their websites, as consumer and client information must be kept fully confidential.  With Facebook’s induction into the secure world, commerce has stepped past the tipping point in security, and any company looking to enterprise today cannot only consider security in project management, it must implement that security as well.  This has always been the case for e-commerce, financial services, health services, and generally any service intended to be confidential, but it is clear the the intention today is moving towards guaranteed confidentiality throughout the Internet.

“Net neutrality” and potential legislative impact

A work in progress, incomplete.

“Net neutrality” legislation has taken on different forms, and it has recently impacted the United States legal framework in telecommunications as of December 2010, with the approval of new rules that govern the Internet.

What is “net neutrality”?

In general terms, net neutrality as a principle means preserving equal access to legal Internet content without bandwidth discrimination, so businesses cannot pay for their content to be delivered faster than other businesses’ content, discriminating market advantage.  Therefore, if customers of an Internet Service Provider have subscribed to a package that offers downloading and uploading of content at a certain speed, all customers using that package plan should be able to access  any content online without any certain content owner’s content having priority to be accessed based on the Internet Service Provider’s preference which could be altered through businesses paying the provider to prioritize them.

What impact can the rules have on business?

Proponents suggest regulation for it will sustain consumer rights over the network so that access to any content will be granted equally and not determined by the content’s priority.  Opponents suggest that regulation will have the negative effect of decreasing service provider competition, thus leaving consumers with the high prices based on the few choices they have to access the Internet.  There are several other points of contention, but these are basics from which we can gain an understanding of the whole debate.

In 2008, a major ISP suffered through expensive litigation over the way it discriminated Internet traffic and bandwidth.  There is no certainty in future legislation, but the ruling made in December 2010 by the FCC on protecting net neutrality sets a precedent.  The European Union has its own legislative framework concerning competition, and Council of Europe member states must protect expression under Article 10 EConvHR, but businesses should consider U.S. markets as it represents about a third of telecommunications market revenue.*

One issue that may be overlooked is the extent to which regulations protect net neutrality.  The rules passed in the U.S. do not cover the mobile network market, legally silent on discriminating market advantage.  Commercial lawyers must consider the global market in telecommunications, as clients are often multinational in nature, and therefore conduct business in multiple jurisdictions where the rules may differ.

What impact can the rules have on general Internet freedom?

Without the rules and with network providers discriminating bandwidth depending on services or websites accessed, the most popular and most commercially successful content providers will be able to fully satisfy their consumers, leaving consumers no need for concern, however, for the other services or websites that may not be as popular, consumers may struggle to have the same kind of quality of service in terms of speed.

With the rules in place, there is a hope that all content, no matter where it comes from, will be afforded the same opportunity for access, of course so long as the hosting providers of these services or websites are reliable, which is separate from the network providers discriminating against how quickly the content is transmitted.

* Source: Telecommunications Industry Association