Article Preview
Top1. Introduction
Advancements in digital technology have enabled e-business activities, such as: online marketing which is based on collecting, storing, processing and transferring personal information obtained from cyber users who transact over companies’ web sites. This type of online activities has created some concerns for users, regulators and legislators regarding the privacy right of e-commerce customers. These concerns are based on real-life practices where privacy right has been breached and personal information of users have been compromised through data selling, data leakages, data hacking, data misuse and data theft (Wang, 2019). Hence, some e-commerce users started to doubt the safety of engaging in business transactions over the Internet despite the necessity of such engagements (McGuffin & Mitchell, 2014). Particularly for online transactions, trust is one of the vital elements that all relevant parties require (Tripathy & Mishra, 2017). Therefore, it was quite understandable for some scholars – in the absence of a robust, effective laws and regulation on e-commerce activities - how e-commerce companies have chosen to focus on improving their business model rather than engaging in enhancing the security level of personal information of their customers (Castro & Mcquinn, 2015).
The current study will base its investigation on the USA business environment, where researchers (seeSolove, 2004; Kauffma et al, 2011) have indicated that personal information or the right to privacy is often compromised in e-commerce, and that more robust governance is needed in this area to curb malpractices and mishandling regarding personal information of online business customers. The focus of the USA legal system is to protect the individual privacy against the intrusion made by the government rather than that made by the private sector. In fact, protecting privacy right is not a straightforward procedure since it is often claimed and argued that the USA constitution does not consider the privacy right as an explicit fundamental right (Cain, 2002; Kauffma et al, 2011). Again, in the USA there are various laws and legislations on privacy right, but they are not comprehensive in scope. These laws are specific ones that cover specific areas such as personal medical information, the Family education rights and privacy etc. (Kauffma et al, 2011). Hence, it is evident that the USA legal system is more interested in curbing the governmental intrusion – an aim that is driven from the libertarian thought or the freedom of individual from the governmental control. In terms of policies and practices associated with the information privacy protection, the US companies embark on applying the self-regulation approach where the company has the freedom of adopting a privacy policy that is suitable to its goals and aims, and the role of the government is limited in the event of egregious breaches of privacy.
The Prossor’s doctrine has been rigidly applied by the USA courts in the related-privacy cases despite the fact that this approach does not redress the damages that are caused by contemporary activities such as the challenges that the Internet presents. In fact, this jurisprudence has created a narrow view that is focused on a narrow idea of the privacy interest that the tort laws should address (Solove & Richard, 2010). Prosser’s perception was based only on four interests where the tort law protects specific emotional, reputation and proprietary injuries caused by public disclosure of private facts, intrusion on seclusion, and depiction of another in a false light and appropriation of another’s image for commercial gain (Prosser, 1960). Thus, Prosser’s jurisdiction does not take the ‘right to be alone’ into consideration, and it ignores the boundarylessness and time acceleration attributed to the process of publishing personal information in the cyberspace – which may exacerbate the reputational and emotional harm. Again, that the USA law does not impose any restriction on exporting or transferring data to other countries unless there is a contractual agreement between parties that may restrict business from transferring data internationally (see King & Raja, 2013)