Contrast the patchwork approach of the United States to that of the European Union, Canada, Australia, New Zealand, and Hong Kong. These countries have enacted omnibus data protection acts covering all processing of personal data. Although the United States has a similar understanding as to what constitutes the protection of privacy rights, there just hasn’t been as comprehensive a law as the European Union Directive on the Protection of Personal Data adopted in 1995, for example. This directive laid out a number of specific conditions to be met before personal data could be legally processed:
- data can only be "collected for a specified, explicit, and legitimate purpose"
- no further processing which is incompatible with the original purpose is permitted
- data may be stored "no longer than is necessary for the purposes for which it was collected"
- processing can take place only if the subject "has unambiguously given consent"
- the data subject has extensive legal rights to access the data, the name of the processor, the purpose of collection, and recipients of the data
Cookies and other clickstream technology can be easily leveraged to violate these conditions in the pursuit of the construction of customer profiles.
|