12.7 Conclusions

In this chapter, we addressed the increasingly important field of privacy protection and anonymity services. More specifically , we overviewed and discussed some privacy enhancing technologies (PETs) that can be used to anonymously browse through the Web and/or anonymously publish on the Web, as well as some voluntary privacy standards (i.e., privacy seals and P3P). Unfortunately, it is not clear what technologies and/or standards will be used and widely deployed in the future. In fact, the handling of personal information is a hotly debated topic. The need to maximize users privacy is at odds at a fundamental level with businesses need to minimize fraud. The first goal seeks to maximize users anonymity, whereas the second goal requires users to be strongly and unequivocally identified and authenticated. Somehow, a compromise must be struck for this dilemma. As of this writing, this compromise has not been found yet.

Last but not least, it s important to note that many countries have data privacy or data protection laws that make it a legal obligation for people storing, processing, and transmitting personal data to adequately protect the privacy of the data. This is particularly true for European countries . In fact, the European Commission s Directive on Data Protection went into effect in October 1998, and prohibits the transfer of personal data to non-European Union nations that do not meet the European adequacy standard for privacy protection. While the U.S. and the European Union share the goal of enhancing privacy protection for their citizens , the United States takes a different approach to privacy from that taken by the European Union. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these different privacy approaches, the Directive could have significantly hampered the ability of U.S. companies to engage in many trans-Atlantic transactions. In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce (DoC) in consultation with the European Commission developed a safe harbor framework. The framework is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. As of this writing, it is too early to tell whether the safe harbor framework will be successfully deployed on the marketplace .