As the House of Representatives considers proposed legislation that would regulate Internet privacy, particularly with respect to unsolicited e-mail, or “spam,” a study written in part by a Yale School of Management professor is shedding new light on the debate.
The study compares e-commerce practices in the United Kingdom, which has heavily regulated Internet privacy, with practices in the United States, where computer users’ rights have not been federally-controlled. The study indicates little difference between the actual levels of Internet privacy invasion in the United Kingdom and the United States. In response, the authors propose that social regulation may be a more effective tool than legislation in ensuring Internet privacy.
SOM professor Shyam Sunder, one of the study’s three authors, said the study’s principle finding is universally useful.
“All aspects of our lives are not best governed by rules and laws,” he said. “When we see a problem, it’s easy to jump to the conclusion that we should make laws and try to enforce them against undesirable behavior. I’m not sure that is the best approach.”
Sunder conducted the study with one of his former students, University of Alberta accounting professor Karim Jamal, and University of Iowa accounting Ph.D. candidate Michael Maier.
For one part of the study, the authors created fictitious identities and tracked how much correspondence they received after using Web sites’ opt-in choice — in which users provide personal information to the site — and the opt-out option, which allows users to prohibit the sites from distributing personal data.
The results of the study indicate that most of the Web sites tested were well-behaved, with a few outliers in each case responsible for the bulk of unwanted correspondence.
Jamal said problems with Internet privacy legislation stem from loopholes, the complexity of the regulations and the law’s inability to keep up with the rapid progress of new technology.
Both professors said that although they are not opposed to the legal regulation of Internet privacy, self-regulation may be a better solution to the problem.
“Good [business] people have incentives to fix problems themselves and make things work, and maintain the trust of their customers,” Jamal said.
Sunder said said the top 100 U.S. Web sites and comparable U.K. sites were used for the study.
Last month, the Senate approved the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or CAN-SPAM Act. Like many other bills which have been proposed this year by both Congressional parties, the act would require Web sites to label unsolicited commercial e-mail messages, include opt-out instructions and provide the sender’s physical address to recipients.
The bill also endorses creating a do-not-spam list comparable to national do-not-call lists for telemarketers.
The measures provided in the federal bill are similar to those already adopted in over 30 states. In California, the nation’s strictest anti-spam legislation yet will take effect next year.