Ethical and Legal Issues of Target Marketing - Coursework Example

WORK It has become a problem in many business enterprises, and is the root of many new crimes. It occurs as unsuspecting persons use internet sites and services for purchases, window shopping and browsing, making inquiries, or even just keeping up to date with the latest in breaking news, sports and fashion. It covers all facets of our daily internet usage, and has become prime target for some people who devise ways to make money off of it. Of course, what I am talking about is how records of how we access the internet, where we go and what we do is collected and sold to companies for purposes of marketing, increasing knowledge of customers, telemarketing and phone sales, and even to some extent, user fraud and identity theft. a) To what extent are such practices permitted today under existing laws and codes of behaviour The first question is how and why are such practices allowed To answer this, it is necessary to see how progressive our laws and regulations are on the matter of privacy. Basically the concept is one of fundamental laws. Many states' constitutions or charters provide a clause which basically provides the fundamental right to privacy. In the United States, federal statutes have been passed which implements the right to privacy in the context of the digital realm, ensuring that the people are informed of their rights of privacy and the manner in which they exercise them. The Gramm Leach Bliley Act1 (1999) requires banks and financial institutions to clearly disclose to customers any intention to share to a third party personal information, giving them the option of nondisclosure. The Health Insurance Portability and Accountability Act2 (HPIAA) (1996) requires health care providers similar legal obligations in informing the customers how their health information is used and ensures confidentiality of health care information. The HPIAA giving the consumer access to their own health information, and explicitly requires the authorization of the consumer before their health information can be disclosed to anyone. Another similar legislative act is the Children's Online Privacy Protection Act3 (COPPA) (2000) which regulates how any information acquired from children under 13 may be used. First, the operator of any website that collects personal information from a child under the age of 13 would be criminally prosecuted. Also, websites that collect a child's info needs verified parental consent in collecting, using or disclosing that info. In the United Kingdom, as well as the other members of the European Union, legislation has been based on the European Convention for the Protection of Human Rights and Fundamental Freedoms4 on the concept of privacy vis--vis the freedom of expression. In addition, other Conventions and Treaties provide additional specialized legislation on the matter, such as the United Nations' Guidelines for the Regulation of Computerized Personal Data Files5, the Organization for Economic Cooperation and Development (OECD)'s Guidelines for the Protection of Privacy and Transborder Flows of Personal Data, and the European Council's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data6, the European Parliament and the Council of October 24, 1995's Directive 95/46/EC7 and Directive 97/66/EC of the Council of November 4, 19978 all will the same objective in mind, proper use and regulation of how personal information is used and transmitted. How our personal information gets on the internet in the first place, is basically of our own doing. We sign up with email accounts, shopping accounts, newsgroups and forums, all the while sharing bits and pieces of our identity. A name here, a credit card number there, and all these come together to our disadvantage, and the advantage of others. A good example is if we sign up for the very popular free email service of Yahoo! Inc., which is also one of the biggest search engines, and offers all sorts of services to their members and non-members like a customized start page where you can choose what content you want available to you. You choose your movie times and listings, local news, sports scores, horoscope, and all the while, they need the information from you to provide you that same service. For your horoscope they need your birthday. For movie times, they need your local city and state. It is a give and take relationship, and from how I see it, Yahoo! has been very responsible in their usage of the information we give them. Yahoo! has outlined the steps they take to keep our information safe and sound in their Privacy Policy9, including the normal promise not to "not rent, sell, or share personal information about you with other people or non-affiliated companies except to provide products or services you've requested"10 I was particularly impressed with the fact that Yahoo! goes to the extent of limiting their employee's access to our personal information with a few exceptions, where the employee would need to have that access to do their jobs at Yahoo! But even then, they have implemented physical and electronic means to keep that treasured information safe. Among the instances where Yahoo! admits to sharing our information still legally keep that information under protection, such as with marketing partners who are bound by confidentiality agreements and are limited to use only with regard to promoting Yahoo! offers. Another instance is in investigation of a user's abuse of the Yahoo! services for illegal motives and actions, which in effect is a violation of the terms and conditions the user signed up for in the first place. b) What constitutes "informed consent" for the user to agree to the redistribution of personal information For example, is it sufficient to give users the option of not participating in the redistribution of personal information May users be offered financial incentives (e.g. reduced rates for using the system) if they agree to participate How comprehensively should possibilities be described to users to illustrate the ramifications of redistribution As mentioned earlier, one instance where Yahoo! shares our information is when we permit them to do so, whether expressly or impliedly. Thus we bring in the concept of informed consent and its use in the sharing of our information. By simple definition, Wikipedia (2002) may define it as "a legal condition whereby a person can be said to have given consent based upon an appreciation and understanding of the facts and implications of any actions."11 Of course, a legal prerequisite of giving consent is that the person must have the capacity to do so by law, which eliminates consent acquired through fraud, machinations, violence, or consent obtained from a child or mentally ill person. Now the question lies in how does one go about in acquiring the informed consent. The North Lanarkshire Council12 outlined good practices in getting the consent for information sharing through full disclosure of practices of sharing, explaining what will be shared and the effects and a leaflet explaining all aspects of the personal information shared all work together in educating the individual before acquiring the person's consent to share his personal information. Another good set of guidelines is the Protocol of Information Sharing without Consent by a joint venture of a number of councils in the U.K.13 From all legal viewpoints, it is obvious that the final choice is still with the individual whose consent is being acquired and whose information would be shared. There is nothing in the law or in custom that prohibits acquiring the consent to share personal information by means of exchanging or giving incentives in return. One intuitive individual wanted to put up a system where he splits the profit earned from selling personal information with the individual whose information was sold. The only clear requisite still lie in the laws which clearly and as discussed above, mandate the clear and educated consent given by the individual, knowing fully well the degrees and ramifications of having his personal information sold to a third party. c) How are secondary and tertiary redistribution to be controlled, if at all With regard to any possible secondary or tertiary redistribution, this is subject thus far only to contract law, such as that mentioned earlier in the Yahoo! Privacy Policy, where the information of the user would be shared with a partner marketing firm, but still subject to the terms of their contract, preserving the confidentiality and integrity of both source and secondary companies. It is a matter of negotiation between the companies to state the terms and conditions of how the information is used between them, and should any violation occur, the responsibility lies on the partner to take the proper legal actions to protect the confidentiality of the individual who gave his consent. However, any control over secondary or tertiary distribution is clearly a difficult concept to consider, and entails quite a bit of understanding as to how that system works. There has to be a system of liabilities that can arise if the information was improperly used, such as through law or contract. Without that, it would be very difficult to control that kind of further distribution. d) Once users have granted permission for redistribution, should they have the option to revoke it How does revocation apply to secondary and tertiary uses The same rules go with regard to the individual who may eventually want to revoke his consent, also dependent on the contract between the collector of information and the individual himself. Generally under contract law, consent may be revoked at any time unless otherwise provided by law or contractual stipulations. In my opinion, the limitations lie between the finer points of the contract which would determine who is the rightful owner of the information. If the individual agreed to sell his information in the first place, through incentives and other perks, then it would be obvious that the collector has bought the right to the information. On the other hand, it is also seen if the individual retains the ownership of the information he have. This would determine the effect and possibility of any revocation of the consent of the individual. Even if the information has been sold or shared already prior to the revocation of consent, the individual must be aware of that fact. The same goes on with regard to any further passing on of that information. e) With what granularity should various characteristics (e.g., cigarette and alcohol purchases, regular sign-ons to the gay and lesbian bulletin board) be associated with the user (At one extreme, the individual is in a group of one. At the other, every user of the service is a member of the group.) Characteristics-wise, there must also be a fine line determined by the individual as regards what information should be divulged and shared. This must be cleared with the customer as regards the degree of his personality the information gives. It would be easy to show that one may purchase cigarettes, but the frequency of purchases may be too personal for that person to divulge. Also, assigning certain characteristics to an individual user due to spending habits cannot be treated as evidence of that individual availing of a certain service or product. It is very common to find an individual purchasing for another, or for another objective altogether. Indeed, the information developed on the spending habits of an individual can be treated on that basis alone, or classified into certain groups for better understanding or for a larger view of that class. Just like in the example, a person may purchase cigarettes for himself or for another, and that information is relative as to him. He may also frequent homosexual information boards, and this may also be a means of classifying him into that particular group, given he is open of such fact. This in itself makes the information of a larger scope, covering the spending habits of a typical homosexual, for example. The purchase earlier mentioned would only form a small part of that group statistic. f) How is this situation similar to and/or different from supermarkets that track customer purchases and preferences through scanners and check cashing, credit cards, and personalized coupons In comparison, however, there are quite a few differences in how these forms of acquiring personal information and how supermarkets track and assess our spending habits. The main difference again still lies in how the consent is made. In the earlier discussions, consent has to be acquired clearly and the individual has full knowledge of the facts and possible effects and ramifications of his giving his personal information for sale. The supermarket would not have satisfied the legal and ethical requirements, as we simple go there to shop. Indeed, by analyzing our receipts and past purchases and piecing them together with our financial information through our payments, credit card use, etc., the supermarkets have as much information as they or anyone else would need to take advantage of the information we unwittingly give them. There is presumably an element of trust involved when we make purchases at our favourite grocery or supermarket that they will simply charge what is due to them and will not use any information without the individual's consent. Indeed, in our learning that ethics is the study of a system of rules of conduct and principles of evaluation such as social justice, we can clearly see that even in the information age, ethics has already transgressed what legislation has not. As persons, we can easily and readily see what certain actions would be unethical and immoral, and we would deplore such act. However, legality must also play the valuable role it was always meant to play, enforcing the rights and regulating the proper actions of individuals to best balance a peaceful and civilised society. As we saw in this discussion, the fine line between legally and illegally collecting and selling someone else's personal information is to simply get the permission of that person by showing him or her the complete picture. On a small scale, I commonly do so, such as when someone asks for another friend's number, I respectfully decline to give that until I know that my friend has given permission for me to give that number. That is, in the very least, the minimum an ethical person would do anyway, in sharing information regarding others. Works Cited Aberdeen City Council, Aberdeen Council, Moray Council and NHS. (2005) [Online]. Protocol of Information Sharing without Consent. (URL http://www.aberdeencity.gov.uk/acc/Services/jfp/Protocol.pdf). (Accessed 08 April 2006). Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. 95/46/EC Strasbourg. 28 January 1981. ETS No. 108 E.CN. 4/1990/72 European Parliament and Council. Data Protection Directive. 24 October 1995. 95/46/EC European Parliament and Council. ISDN Directive. 4 November 1997. 97/66/EC North Lanarkshire Council. (2002). Appendix 6B- Good Practice Guidelines for Obtaining Consent to Sharing of Information. [Online]. (URL http://www.northlan.gov.uk/your+council/policies+strategies+and+plans/a+joint+future/appendix+6b+good+practice+guidelines.html). (Accessed 08 April 2006). OECD. Guidelines for the Protection of Privacy and Transborder Flows of Personal Data. 1980. Rome. European Convention for the Protection of Human Rights and Fundamental Freedoms. 4 November 1950. European Treaty Series No. 5. United Nations. Guidelines for the Regulation of Computerized Personal Data Files. US Congress. Health Insurance Portability and Accountability Act. August 1996. US Congress. Children's Online Privacy Protection Act. April 2000. US Congress. Gramm Leach Bliley Act. 17 November 1999. Wikipedia. (2002). Informed Consent. [Online]. (URL http://en.wikipedia.org/wiki/Informed_consent) (Accessed 11 April 2006). Yahoo! Privacy Center, (2002). Privacy Policy. [Online]. (URL http://privacy.yahoo.com/privacy/us/). (Accessed 11 April 2006). Read More