Online businesses know a lot about their customers. An online merchant knows every product that you look at, every product that you put in your “shopping cart” but later take out, and anything that you’ve ever purchased from them online. Online merchants also know when you shop, if you shop from home or from work, and—if they care—what your credit rating is. Furthermore, unlike the offline world, an online merchant can correlate your shopping profile with your web browsing habits.
Internet service providers can learn even more about their customers because all information that an Internet user sees must first pass through the provider’s computers. ISPs can also determine the web sites that their users frequent—and even the individual articles that have been viewed. They can analyze email messages for keywords. By tracking this information, an Internet provider can tell if its users are interested in boats or cars, whether they care about fashion, or even if they are interested in particular medical diseases.
What standards should online businesses and organizations follow with regard to the personally identifiable information that they gather?
History provides strong precedents for helping to understand the rights and responsibilities of online services and providers. These issues of personal information, computers, and large networked databases ...