X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Almost anyone would agree that some regulation of privacy on the Internet is necessary. For example, no one wants personal financial data made public, nor does one want personal data about health to become public record. However, the federal government already has passed laws to protect consumer privacy in each of the above situations. Title V of the Financial Services Act, with related privacy and security rules, sets out a complex administrative scheme for electronic privacy that must be followed by any institution that engages in significant financial transactions with consumers. This scheme involves notice of data privacy and security practices before a consumer becomes a customer and receives annual notices thereafter. The act also sets out the information that must be included in such notices and provides a mandatory opt-out opportunity for consumers. Similarly, the Health Information Portability and Accountability Act, and the regulations and proposed regulations issued by the Department of Health and Human Services thereunder, define strict electronic privacy and security requirements for the health care industry. The act not only regulates health care entities directly, but it also imposes a duty on such entities to impose similar obligations on their business associates. Finally, the act imposes liability on health care entities for the acts of business associates. For the most part, these statutes are not controversial. Certain rules have come under criticism, such as the privacy rule under HIPAA, which requires health care entities to obtain consent from patients before using their data to treat them. However, such criticisms tend to focus on specific terms of the regulations, rather than whether there’s a need for such regulation. A different question arises when state lawmakers start imposing stricter standards in addition to the federal standards. State lawmakers, bolstered by polls suggesting consumers are worried about privacy, have rushed to add regulations that are even more stringent than the federal standards. For example, there are currently 70 bills in the Texas Legislature related to privacy. The potential that these proposals will have negative unintended consequences is not discussed often. However, privacy regulation can have unforeseen consequences. For example, in 1996 Minnesota passed a strict law on health care privacy that required specific authorization from a patient before using that patient’s data in an outcome study. This law hampered the ability of an internationally known health care institution to conduct research. Thus, although the Minnesota lawmakers believed they were acting to protect consumer privacy, they impaired the ability of health care institutions to conduct medical research, which also benefits consumers. CONSUMERS PICK UP TAB In addition to the unintended consequences, the specter of a patchwork of varying (perhaps even conflicting) state privacy regulations will impose burdens on businesses. In the end, it’s consumers who will pay the costs that businesses incur in complying with different privacy schemes in every state. Additionally, when those businesses are in industries that must be accessible to the poor, such as health care and banking, legislators should be particularly concerned about driving up costs. It can be argued that the goal of protecting sensitive information may counterbalance some of the unintended consequences. However, this goal appears to be absent in privacy regulation of other industries. For example, it’s clear that consumers have a strong interest in protecting sensitive health information, such as HIV status, or whether they have been treated for mental illness. It’s less clear what the consumer interest is in protecting the fact that the consumer purchased the latest CD from their favorite rock band or ordered running shoes online. Even if a business shares this type of information with its associates (a practice that has been going on for years in the brick and mortar world), it’s unclear how the consumer will be harmed. The most likely result of such sharing is that the business will change its product offerings to match consumer preferences, or it will seek to interest the consumer in additional goods or services of a similar nature, just as brick and mortar businesses do. Without harm to the consumer, there is little justification for regulating such behavior and thereby increasing the costs consumers have to pay. While many regulations are necessary and bring about positive change, all regulations have the potential to be hidden taxes. Additional privacy regulations, with the burden they put on e-commerce companies, will mean those companies take on additional costs not only in implementing the regulations but in responding to legal challenges that inevitably arise. Despite these costs, limited privacy regulations that protect clear consumer interests — such as sensitive health care or financial information — while also carefully protecting the ability of banking and health care industries to perform their functions, tend to be a worthwhile endeavor. However, regulations that are more strict than necessary and impinge on valid activities, and additional regulations in areas where such clear interests are lacking, increase costs to businesses and consumers and raise the possibility of unintended negative consequences.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.