Consumer Right to Privacy in E-Commerce and Zero Liability Term Paper

Abstract

Assuring people of their constitutional rights to privacy in the United States and Canada is a complex task that both nations admit that it is almost impossible to achieve. The gravitational forces for the preservation of the people’s dignity in Canada and the preservation of the people’s liberty at the expense of constitutional downfalls are issues that are propagating excess legal dilemmas in both of these nations. Customer’s zero liability in the instances where there is a considerable breach of personal privacies and considerable financial losses due to an unauthorized collection, use, and disclosure of personal information are still a mere dream for both the Canadians and the Americans.

The demand for laws that promote excess freedom from government surveillance is a considerable harm to the American constitution and increased vulnerability to a breach of personal privacy. In the internet purchases and transactions, consumers and online retailers or website operators exchange various forms of information, such as the customer’s preferred payment method, shipping address, and personal information for collection purposes. What tends to worry the American and the Canadian consumers most is the size of primacy that their laws have over these ‘let us alone’ online attitudes. Amendments will be suitable for no one knows when he or she will be a victim.

Introduction

Since the inception of new technologies that boost business in advertising and instant financial transactions, the world of business has experienced several dilemmatic situations. Across the world, e-commerce is increasingly becoming one of the most relied-upon business advertising and transaction platforms, where sellers and buyers meet through customized websites that support regular online purchasing services. According to DeVries, e-commerce is a modern business practice in which consumers and commercial firms engage in purchases and financial transactions over the Internet or customized websites.¹

Over the past few years, the numbers of e-commerce transactions of both purchases and payments have augmented unprecedentedly following the widespread use of internet across the world. Nonetheless, what worries people most is the growing evidence that reveals massive lapses in the protection of the consumer’s rights to privacy and limited financial liability. In the United States and Canada, cases of defrauding consumers, loss of consumer’s money, and ambiguous monetary liabilities have persisted.

Recent security concerns in the e-commerce have made consumers inquisitive about their safety in the online purchases and transactions, given the rising spectra of deadly global events such as terrorism, cyber attack, and online defraud.² More frequently, most of the user-generated content delivered through either personal compilation or through a second party transfer of personal information that happens on a daily basis is utterly unethical, unconstitutional, and illegal in both the US and Canada.

Nonetheless, whether or not these online vendors and clients are compliant with the rules and regulations that protect consumer rights to privacy or whether the rules themselves are inadequate and ineffective are still questionable matters.³ It is in the context of the above issues that this research paper seeks to evaluate the issues of consumer right to privacy in e-commerce and zero liability through a comparative study of the legal frameworks related to these two important issues in the American and Canadian privacy laws.

The Plight of the Consumers in E-commerce Privacy

One thing that should stick in the minds of many is that consumer payment innovations have made online transactions easier than during the conventional era.⁴ However, these online consumer payment innovations have raised several regulatory and constitutional dilemmas for both the United States and Canada.⁵ While the American consumers fight for their liberty in the privacy legislations to avoid government surveillances, the Canadian consumers are enjoying legislations that only promote dignity and not the safety of their personal information. As both laws continue to make crucial advancements towards enhancing, the privacy laws that meet the persona demands of the civilians and not for the ethically and legally justifiable privacy protection reasons for the at-risk consumers, consumer right to privacy, and zero liability continue to be dilemmatic issues. Millions of consumers engage in online purchasing and transactions without considering the power of the legislations in protecting their privacy in personal information and financial records.⁶

The governments’ powers to protect the consumers from infringement of personal user information on the internet are increasingly receiving legal and constitutional challenges due to the changes in the online purchasing and transaction platforms that consumers themselves have failed to control their information privacy.⁷ In Canada and the United States, the existing rules are just in the constitution to protect the personal interests of the consumers due to the public demands that regularly influence the amendments and reforms tailored towards ensuring the preservation of dignity and liberty of the consumers. Historically, Visa and MasterCard credit cards, which are increasingly becoming the payment options regularly used in the online purchases and transactions, have continued to be prone to fraud and intrusions. According to Sprat, the two countries are at gravitational pressures to meet the personal interests and obligations of the people in the laws rather than the sole interest of the rule of law.⁸

Apart from the laws that are incompetent in a manner that all of them are valuable in limited circumstances, “but cannot serve as the basis for a generalized protection of informational privacy”⁹, some situations are complex and inevitable. Ensuring the consumers of their right to privacy and zero liability in Canada and the United States is complex especially when people consider the players involved in the provision of the online purchasing and payment services.¹⁰

The assumed accountability, purpose, consent, and limited collection, disclosure, and retention of personal information are just but rules that can apply in limited circumstances where specificity and accuracy of the interpretation of the laws are fundamental issues in Canada and the US. When assessing the issue of privacy, people need to take into account the direct and undeterred consumer-to-business mobile or internet payment models that significantly lack regulations on privacy issues.¹¹

Constitutional right to privacy in Canada

In Canada, consumer protection against all forms of exploitation has existed, but regulators have always considered the legal protections to be controversial and sometimes incompetent in protecting the consumer.¹² The consumer’s protection against online exploitation has somehow been achievable, although with numerous challenges and unforeseen predicaments. Canada is one of the developed nations with serious lapses in its constitutional framework given the fact that the country contains no explicit legal right to personal privacy.

The first main privacy law in Canada was the 1990 privacy law under the mandate of the Federal Privacy Commissioner, who would responsibly monitor violations, arrest lawbreakers of the private laws, and ensure that the offenders or the information gatherers were culpable. The government later came up with the Personal Information Protection and Electronic Documents Act (PIPEDA), which became effectual in the year 1999. Nonetheless, the PIPEDA law only protected people’s privacy in the public sector to enhance trust and confidence in e-commerce.

The first main aim of the PIPEDA law was to help establish confidence and trust concerning the transactions made through the electronic commerce. The second main aim of the PIPEDA law was to conform to the demands of Article 25 of the EU privacy Command that considered privacy as an integral aspect of cooperative trade between nations.¹³ Following the EU pressures on the Canadian government to enhance individual’s protection in the electronic commerce and international business transactions, the Canadian government drafted an enacted the PIPEDA law just for the sake of protecting its international trade relations as required by Article 25.¹⁴ PIPEDA mostly establishes regulations that govern “the collection, use and disclosure of personal information in a manner that balances the right to privacy of all individuals with the need for organizations to collect, use and disclose personal information for a reasonable purpose”¹⁵.

Until today, PIPEDA is one of the commonly recognized Canadian laws that protect the consumers from exploitation and assure them of their security in business transactions.¹⁶ PIPEDA had undergone several reforms and implementation processes from the year 2001 when the law became increasingly important in safeguarding the privacy of the citizens. In the year 2001, PIPEDA legislation applied to all the federal activities and various other international and inter-provincial trade undertakings where the collection and use of personal information are inevitable.

The PIPEDA law later transformed in the year 2002, when the Canadian government made it applicable to issues of personal information gathered, used and disclosed within the health care sector. In the year 2004, the law became applicable to all public and private organizations that gather, use, or disclose personal data during their professional and commercial undertakings. After Quebec, British Columbia and Alberta passed the legislation, PIPEDA became the law for all commercial activity.

PIPEDA has the largest legal responsibility of protecting the collection, use and disclosure of personal information in Canada as the government has modeled it to suit the Canadian Standards Association (CSA).¹⁷ The PIPEDA law supports the protection of personal information and consumer privacy using ten privacy principles enshrined in the CSA’s Model Code for the Protection of Personal Information.¹⁸

The Mode Code came into existence in the year 1996, when business people and consumer groups, and the Canadian government harmoniously agreed to establish the Model Code for strengthening the national standards for consumer protection.¹⁹ The law ensures the consumers of privacy through accountability, ensuring purposeful use of data, appropriate consent, accuracy, and ensuring safeguard. The PIPEDA law assures people of their privacy in commercial transactions by ensuring accountability of the commercial companies for collecting and disclosing the information to the consumers. Accountability in PIPEDA means that the offenders must be responsible.

Identifying purposes as the second principle of privacy means that the company collecting and disclosing information must have a reasonable purpose before and during the collection of the information. Consent is another principle of privacy in the Model Code, and in the PIPEDA regulations.²⁰ Consent means that the commercial companies must seek informed consent from the consumers to collect, use or disseminate personal information about the owner.²¹

Before the internet operates and the online retailers collect, use or disseminate the personal information of the consumers popularly known as the user-generated data, they must seek permission and inform the owners about any use or disclosure of personal information.²² Another privacy principle under the Model Code of the Canadian PIPEDA legislation is the limiting collection principle, which states that commercial transactions with people’s personal information must put into consideration the collection and use of information only, which is necessary for the intended purpose.

In the same note concerning limiting collection, firms or individuals seeking to collect, use or disseminate people’s personal information, must adhere to the lawful means of collecting, using or distributing individual’s personal information. Limiting use, disclosure, and retention, is another privacy principle that governs the collection, use, and disclosure of the people’s personal information. In the principle of limited use, disclosure and retention, the PIPEDA law and the Model Code stipulate that the information used must be used solely for the intended purposes for its collection, unless when consented by the owners of the information. The retained information shall be stored and reused only under the initially stated purposes. The sixth privacy principle that governs the collection and use of personal information is the principles of accuracy that requires firms to ensure that the collected information is complete, accurate, and well updated as it is imperative for the purpose for which the information is necessary.

The seventh privacy principle that is important in the PIPEDA regulation and the Model Code is the principle of safeguards.²³ The principle of safeguards requires that personal information gathered from the consumers must be safeguarded through designated safeguard measures due to the sensitivity of the information. The eighth privacy principle is the principle of openness that requires organizations dealing with e-commerce transactions to make specific policies and practices that ensure accurate management of personal information that is already available in the public.

Incase of a breach of this principle, the law allows individuals to dispute the completeness and accuracy of the publicly disseminated information.²⁴ The ninth privacy principle of the PIPEDA regulations is the principle of individual access, which states that individuals whose information is in use by an organization should be informed about its existence, its use, and its disclosure, and must be granted the freedom to access it and challenge its accuracy and completeness.

The tenth and the last privacy principle of the principle of compliance is challenging in which, “an individual may bring a challenge to the organization’s designated accountable individual alleging a failure of compliance with the principles of the legislation”²⁵. As per the above principles, the Canadian privacy principles tend to conform to the principles and regulations stipulated by the EU Privacy Directive just to make the EU understand and appreciate that the government is working towards ensuring an adequate protection of the people’s personal information as required by Article 25 of this Directive²⁶.

Nonetheless, the enforcement of this legislation lies solely under the responsibility of the Privacy Commissioner and the Canadian Federal Court. The Privacy Commissioner has the responsibility of investigating complaints, auditing compliance, mediating disputes, and appeal to the federal court for any appropriate remedy. The federal court will in turn order companies to conform to the PIPEDA rules and make necessary compensations.

Controversial Issues in the Canadian PIPEDA Privacy Laws

Due to the slightly disoriented organization of the constitutional set up of the Canadian PIPEDA regulations, the Canadians have experienced some problems related to breach of privacy in the collection, use, and disclosure of people’s personal information.²⁷ Based on the understanding of right to privacy in Canada, the Federal Commissioner of Canada states that the right to “privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses”²⁸.

Regardless of its stringent measures in protecting the dignity of the consumers towards promoting their constitutional right to privacy, zero liability for lost property or lost financial and personal data is still a contestable issue in the Canadian constitution. Consumers are engaging in various online purchasing and selling activities, but the fear for their information privacy and safety is still high among the subscribers.

PIPEDA has not been unambiguously safe for the consumers who make regular online purchases and transactions, and the only trust between the internet retailers and the consumers is what keeps the business viable.²⁹ In a 2008 research that analyzed the disclosure obligations of the financial payment institutions in the e-commerce transactions, analysts discovered several policy and legal lapses in the Canadian PIPEDA regulations. A review of the existing payment options for most of the online purchases and transactions sets a lot of curiosity and fear over the safety and privacy of the consumers against the infringements made to their private personal and financial data.³⁰ When considering the payment options as an impediment to the accurate implementation and interpretation of the ten PIPEDA privacy principles, it should be noted that the overall jurisdictional mandate of the law in the payment system is still scarce. The law itself should not infringe the privacy of the financial institutions.

In the Canadian legislations and Bank Act, the Canadian government has a list of federally regulated financial institutions (FRFIs) and a list of non-federally regulated financial institutions (Non-FRFIs). In the 2013 research, bank-issued credit cards, bank-issued debit cards, non-federally regulated financial institutions (Non-FRFI’s) debit, and credit cards ensure limited liability against loss of personal and financial data.³¹ In the Canadian perspective, the financial institutions tend to assure people of their limited disclosure obligations but fail to provide optimal policy and legal related solutions.

Most of the direct-to-carrier, online prepaid services, gift cards, and mobile payment methods assure no obligations to issues of liability against unintentional losses, fees and charges, account statements, and personal contact information. According to Whitman, most of the financial regulations managing the transactional activities and communication activities of the federally regulated financial institutions (FRFIs) are not effectually applicable in most of the non-federally regulated financial institutions (Non-FRFIs) due to policy lapses.³²

PIPEDA has forthrightly dealt with a wide range of organizations in the line of data security, ranging from the federally owned institutions to the telecommunications and unknown online companies, but its principles are still not binding.³³ The exceptions on the liabilities to lost data and personal information in some of the online consumer payment methods raise many concerns regarding the overall jurisdictional capacity of the PIPEDA regulations against some hidden privacy violations in the online purchases and transactions.³⁴

Within the PIPEDA principles of responsible collection, use, and dissemination of people’s personal information, there is the identity concept that sounds rather complex and threatening to the PIPEDA privacy legislation.³⁵ According to Whitman, the PIPEDA principle of identity requires that a case presented against the violation of an individual’s privacy in the commercial transactions must involve the identification of the real information owner, which is often a rather complex task for the Federal Privacy Commissioner.³⁶

PIPEDA requires a case against a breached privacy to have substantive foundations in which the first element should be the question as to whether the information is of ‘an identifiable individual’³⁷. Based on its definition of an identifiable individual, PIPEDA excludes the name, the title of the person, the business address, or the telephone number of the individual. According to PIPEDA, a person is identifiable only if there is a serious likelihood that he or she is identifiable using the involved information, single-handedly or in combination with other pertinent information.³⁸

When the information of the users across the widely spread internet platforms undergoes serious distortions and alterations in the process of hacking-related activities, the possibility of getting compensation or a successful lawsuit against the offenders is very minimal.³⁹ Such lapses make the PIPEDA privacy policies very intricate and constitutionally vulnerable to attack especially when powerful organizations collude with corrupt persons to cause harm.

Constitutional right to privacy in the United States

The United States has had several measures pre-designed to ensure that the Americans at least enjoy freedom, the right to privacy, and protection from intrusion and public nuisance. However, what keeps on terrifying the Americans is the manner in which numerous privacy legislations cause conflicts and controversies among the policymakers, the regulators, and within the common law itself. In the year 1974, the American government, through the House and the Senate passed the Privacy Act of 1974.⁴⁰

Nonetheless, given the complex nature of the Acts of Law and the Common Law, policymakers and regulators have found the issues of the right to privacy in the e-commerce sector to be rather complex, debatable, and contentious. Americans have always wanted to distance themselves from the government scrutiny and have always lamented about the excess intrusion, thus, prefer that the government leave them alone.⁴¹ However, several security issues have inspired the enhancement of the privacy laws.

Regardless of the strict attitudes that the Americans have always placed against the government, the United States has one of the controversial legal systems. Several rules and regulations protect the consumers and civilians from an intrusion of their privacy and safety of their financial and private information. The first American legislation that assures civilians of their right to privacy is the Privacy Act of 1974.⁴²

The Act stands out as the primary legislation that protects informational privacy, but it applies only to the data processing actions that involve only the federal government and not the private sector nor the state governments. The Act requires the federal agencies that interact with people’s personal information to only collect personal information directly from the targeted individuals, to retain and reuse the data only when relevant and necessary, and to maintain enough and comprehensive records. Apart from these conditions, personal access to the collected data is unrestricted and mandatory.

In the United States, a situation popularly known as the ‘routine use exceptions,’ the U.S federal government only uses or transfers personal information of the civilians under restricted conditions. Moreover, the federal agencies must to provide individuals “with rights of access to review and have their records corrected and to establish safeguards to ensure the security of the information”⁴³. The second fundamental legislation that protects the use and disclosure of personal information is the Electronic Communications Privacy Act of 1986 (ECPA).

The ECPA regulation stipulates that government officials who intend to obtain or intercept any personal information of the people from the electronic communications such as emails and other electronic data, including the Internet Service Providers (ISP) logs, must seek and receive owner’s permission delivered through the Title III order.⁴⁴ The ECPA underwent some alterations and amendments under the PATRIOT Act, which also forms part of this discussion.

The Privacy Protection Act of 1980 is another legislation that acts to protect and safeguard the rights of privacy of the American citizens. Regardless of its title, the law protects the privacy of the individuals in free speech and supports the First Amendment rights.⁴⁵ In its stipulations, the Privacy Protection Act of 1980 forbids the government from searching or making any seizing attempts any privately held information by a person seeking to disseminate the information to the public through the public communication means such as the newspapers, the books, or other digital broadcasts.

The Family Educational Rights and Privacy Act (FERPA) is another consumer privacy and protection right law that serves to protect the students’ information at all educational institutions that receive government funding through the federal funding. The FERPA restricts all federally funded institutions from disclosing the personal information of the students to other third parties without seeking an informed consent from the owners of the information.

The Rights to Financial Privacy Act is another American legislation that exists to protect the collection and disclosure of the people’s personal information without the informed consent of the owners. The act prohibits the state department of motor vehicles from disclosing the personal financial information of the owners without expressly seeking their consent.⁴⁶ The Act is in existence to provide protection to the confidentiality of the citizens of their personal financial records and provides constitutional protection of the Fourth Amendment article that prohibits the law enforcement agencies and the financial institutions from collecting and using people’s personal information without seeking proper authorization.⁴⁷ Most of the above laws and acts predominantly act as the protectionist laws against the long arm of the American government. From an assessment of the above laws, it is indicative that the Americans are seeking protection and their privacy from unnecessary government intrusion and nuisance. However, several private privacy acts are still available, but inefficient.

The Americans concerns over the breaches of their information by the private sector are minimal as compared to the fear the citizens have concerning their information privacy against their government. The Fair Credit Reporting Act (FCRA) is one of the legislations that enhance information privacy of the individuals in the American private sector.⁴⁸ The FCRA came into existence in the year 1970 and went through two major amendments in the year 1996 and the year 2003.

The FCRA gives an authorization by the Federal Trade Commission to monitor and regulate the actions of the private sector in the realm of credit reporting. The Consumer Reporting Agencies (CRA), which are the main institutions mandated to report credit information to the consumers, must always ensure accuracy and fairness in credit reporting.⁴⁹ Nevertheless, although this regulation understands the need for consumer’s right to privacy as a fundamental issue, consumers still have the liberty to access their credit data freely, without questions.

Such circumstances indicate that the FCRA exists solely to ensure credit accuracy and promote the goal of enhancing marketplace efficiency. These lapses in the FCRA have given the Consumer Reporting Agencies the free will to collect and disseminate people’s personal information to any interested persons with legitimate interests, such as the insurance companies and prospective employers, without seeking any authorization from the owners.⁵⁰ The Financial Modernization Act is another important act in the realm of protecting personal financial information from intrusion by the private sector businesspersons.

The Act became operational in the year 1999 and was the first legislation that began efforts to restrict government intrusion to personal monetary information. This Financial Modernization Act requires the financial institutions to have predetermined privacy policies that their customers are aware of their existence. Although the Financial Modernization Act explicitly defines the involved financial institutions, the legislation still lacks the appropriately defined principles that should govern the nature and state of the institutionally predetermined privacy policies.

Due to the lapses in the policy framework of the Financial Modernization Act, customers still have the freewill to quit, and the affiliated businesses have the liberty to share the information of the consumers freely regardless of the involvement of the Free Trade Commission (FTC). The Identity Theft and Assumption Deterrence Act is another privacy legislation that the government enacted in the year 1998, with an intention of incarcerating and charging people involved in the unauthorized use and disclosure of people’s personal information for purposes defined as offensive.⁵¹

The Act authorizes the government to impose an imprisonment and a maximum punitive fine of up to US$250,000 against the felonious individuals. The legislation also allows the government to establish the victimized persons and support them to seek compensation for any considerable losses incurred.⁵² Still under the administration of the FTC, the Act still lacks protective measures for enhancing individual’s privacy and safety.

Concerning such issues, the Identity Theft and Assumption Deterrence Act, therefore, exists only to create criminal sanctions for invaded privacy and to prevent identity theft. The Cable Communications Policy Act is another American legislation that monitors and regulates the cable industry using various intricate privacy measures.⁵³ The Cable Communications Policy Act disallows the cable companies from collecting the personal information of the users without seeking their informed consent.

Additionally, the Cable Communications Policy Act prohibits the disclosure of one’s information to third parties, unless otherwise on condition that the disclosure is essential for service reasons. Nonetheless, this legislation is just but part of the American piecemeal strategy towards the assumed protection of the privacy of personal information.⁵⁴ The Telecommunications Act of 1996 is another America’s policy that shallowly regulates the issues of privacy in the private sector. According to DeVries, the Telecommunications Act of 1996 came to amend the Communications Act of 1934⁵⁵.

The Telecommunications Act of 1996 has specific privacy measures established to prohibit and limit marketing activities made on behalf of the telephone operators. The Act stipulates that all the registered telephone companies must obtain a direct, informed consent from the consumers to collect and use their telephone data for marketing reasons.⁵⁶ Nonetheless, the Act fails to state explicitly how the companies are to obtain the informed consent despite it being part of the FTC-administered policies.

The Children’s On-line Privacy Protection Act of 1998 (COPPA) is another American piecemeal legislation that came into existence in 1998, with a primary aim of prohibiting the collection and misuse of children’s personal information by the commercial websites.⁵⁷ The COPPA regulation requires the commercial website companies and other operators of the online services who deal with children aged twelve years and below to provide the parents of the children with prior notice before they collect the personal information of their children.

The COPPA Act further allows the parents to access the websites and review or correct the collected information at their freewill.⁵⁸ Despite it being unique in its nature and content, the COPPA regulations work hand in hand with the Child Online Protection Act of 1998 (COPA), the Child Pornography Prevention Act of 1996 (CPPA) and the Communications Decency Act of 1996 (CDA). When viewed from a constitutional perspective, all the above-discussed regulations still lack the constitutional powers to offer substantial privacy protection to most of the unsafe American citizens who visit the online chain stores and retail units for various purchasing and transaction purposes.⁵⁹ What sets the most worry about the cluttered privacy regulations is the manner in which they cause various legislative dilemmas and comprise the common law. Levin and Nicholson postulate that, the US “piecemeal approach will always result in various privacy-protecting acts clashing with well-established constitutional rights”⁶⁰.

The Recurrent Dilemmas in the America’s Consumer Privacy Laws

When viewing the US, as a well-established giant economy whose community relies on various privacy policies existing at the common law, the US Constitution, and the federal and state legislations, it should be noted that there is a considerable lack of a constitutional right to Americans privacy. Professional policymakers have always tended to disagree with the notion that the American constitution is complete and efficient in ensuring justice in all forms of abused rights.⁶¹

The attitude of most of the Americans concerning their privacy is just protective and liberal, rather than realistic and morally motivated as most of the Americans fear not their safety against the misuse of their information in the private sector, but have the greatest fear of their information misuse by their federal government.⁶² Based on how the government is handling the issue of the constitutional right to privacy, the American cluttered privacy laws are still frail and prone to distortions.

While most of the acts discussed herein have some limited abilities to ensure the protection of people’s privacy in the commercial space and especially in the internet environment, the existing gaps in these legislations are eminent in the e-commerce sector.⁶³ The questions that arise among most of the Americans who are willing to engage in the electronic commerce transactions is who will protect them from exploitation and commercial abuse, or how will they get compensation in case of financial fraud in the internet payment services.⁶⁴

The gravitational orbit that often predisposes the American constitution to liberty values rather than dignity and legally oriented values puts consumers at a stake of the highly insecure online transactions. The American consumers cannot enjoy zero liability or even ascertain the levels of their safety in their financial data or their personal data.⁶⁵ The American online consumer is in a legal quandary and only enjoys his liberty to privacy.

Despite being in plenty and all working towards ensuring the privacy of the people’s personal information, the above laws are limited to certain circumstances and cannot assure consumers protection when the circumstances favor their specific cases. While trying to understand the manner in which the American constitution predisposes people to infringement of their personal privacy in the online transactions and how these laws offer limited immunity to the consumer’s quest for zero liability, it is important to consider several legal challenges that come from divergent understanding of the constitution. In the online purchasing and transaction activities, consumers engage directly with the online retailers, website companies, and other Internet Operating Firms that are still taking the advantage of the lack of an explicit rule that ensures people off their constitutional right to privacy. First, it is important to start by defining zero liability in the e-commerce sector or the financial services.

The American Fair Credit Reporting Act (FCRA) is just but a piecemeal legislation that only assures consumers of their privacy through ensuring that the Credit Reporting Agencies (CRA) report credit information in a fair and accurate manner.⁶⁶ Consumers in the online transaction services are not safe, and their personal information is not safe neither given the circumstances at which the law safeguards unfair intrusion. The check payments, the credit, and the debit card transactions often allow financial institutions such as the banks to track their payment and purchasing behaviors.

The digital signatures that customers provide are even very vulnerable. Technology has come of age and has left the laws lagging behind without any possible measures to ensure efficient consumer protection from infringements resulting from online informational privacy. The emerging digital trends and communication facilities in the e-commerce platform pose greater risks of exploitation and breach of people’s privacy in the online transactions.

Technological advancements have brought significant problems to the assurance of individual’s right to privacy in the online transactions as the User-Generated Content (USC) spreads with minimal security from the latest Digital Millennium Copyright Act [DMCA].⁶⁷ In the United States, User-Generated Data is widespread and very unsafe given the unlimited autonomy of the consumers over their personal, informational liberty on the internet interactions such as the online purchases and transactions.⁶⁸

Since the Children’s Online Privacy Protection Act (COPPA) is the only existing American law that deals directly with online information privacy, and only in the context of the children’s safety, the online transactions are still unsafe.⁶⁹ People are nowadays purchasing goods online with their Visa and MasterCard credit cards, and with the limited protection of privacy and safety in these transactions, consumers are likely to run losses when their important financial information gets into the hands of the online fraudsters.⁷⁰

Crucial Cases related to Breach of Consumer Privacy

Due to the existing lapses in the Canadian and American rights to privacy regulations that have been predisposing the constitutions to unexpected legal dilemmas, the two nations have experienced some controversial cases regarding the individuals’ right to privacy and zero liability issues in their courts. In Canada, although the government has reported view violations of the PIPEDA privacy policies, there has been a considerable problem in the courts.⁷¹

In December 2006, Canada witnessed a legislative dilemma when TJX Companies suffered a massive security breach against their Internet frameworks. The case, which is popularly known as the Mace vs. TJX Companies, Inc was a critical case where the consumers suffered significantly due to an unauthorized intrusion to their secret financial information including data about the store customer transactions. During this time, the TJX Companies, which is a subsidiary company under the umbrella of Maxx and Marshall’s Holdings, suffered serious unauthorized intrusions into its data systems and lost important customer data to fraudsters.⁷²

The TJX Companies lost personal information of the customers under unclear circumstances through a failure of its computer systems that contained the debit card, the credit card, the check, and the merchandise return transactions information, which was vital to the consumers.⁷³ This intrusion to private financial records resulted in a compromise of over 45 to 97 million credit card information. Apart from facing serious investigation by over 30 state attorneys, the TJX group of companies was liable to answer various class action lawsuits concerning this form of unauthorized intrusion to the customer’s personal data.⁷⁴

The TJX Companies were answerable to Consumer Track Actions litigations, Consolidated Class Action Complaints, and the Financial Institutions Track litigations. Unfortunately, when the judges met to decide the verdict of the case, the PIPEDA regulations received a shock and an embarrassment. The case transformed to other common law compliances that finally denied the plaintiffs their rightfully deserved justice.⁷⁵

The courts were questionable about the legitimacy of the case and subjected the plaintiffs to compliance measures found in other privacy legislations rather than using the PIPEDA policies. The judges stated that for the complaint to prove genuine, the plaintiffs ought to have considered certain verifiable facts. The plaintiffs, in this case, were to prove that the TJX Companies Inc. had the statutory duty of care to the customers, who filed the class action lawsuit, the TJX’s computer security system was foreseeable to vulnerabilities.

Furthermore, the plaintiffs were to substantiate that their computer security system had been below the appropriate standards of care, there was an injury because of the breach, and that there was a proximate or legal reasons to make the company accountable.⁷⁶ The above complaint conditions outweighed any of the reasonable facts presented to the courts for the class action lawsuit, as the plaintiffs could not substantiate their motives.

When it comes to the controversial cases heard and determined in the courts of the United States, the Americans themselves have better testimonies concerning unsuccessful cases dismissed even at the extent of compromising justice.⁷⁷ Since the security of the Americans often appears to be a serious issue in the American constitutions, the government has lagged behind in assuring people of their right to privacy. In two other 2006 American litigations, popularly described as the case of Bell vs. Acxiom Corporation and the case of Guin vs. Brazos Higher Education Services severe constitutional dilemmas arose.

In the case of Guin vs. Brazos Higher Education Services, a private company inattentively permitted an intrusion to the customers’ private information through one of the employees who stored some unencrypted private information on his unsafe laptop that accidently could not deter data theft. The company had not an option than to send notification messages to its 550, 000 customers.⁷⁸

The consumers of Brazos received the information with sorrow, and one of them filed a lawsuit against breach to fiduciary duty and breach of the contract against stipulations and negligence towards duty of care. This case showed how the privacy regulations of the American construction have persistently failed to protect the civilians against breach of their privacy by the malevolent private institution players.⁷⁹

During the verdict, “the court granted the defendant’s summary judgment motion due to the plaintiff’s failure to trace cognizable damages arising from the defendant’s breach of the standard of care”.⁸⁰ In the 2006 case of Bell vs. Acxiom Corporation, the Acxiom Company faced a class action lawsuit when a client managed to beach the computer security systems of the company and access its computer servers, downloaded the information of other clients, and sold a piece of some sensitive data to a direct-mail marketer. The court still released the defendant scot-free.

Recommendations on the U.S and Canada Privacy Laws

Thorough overhauls of both privacy legislations

Neither the United States nor Canada is free from controversial dilemmas surrounding the unauthorized breach of consumers’ private information. The two nations are both lacking efficient policies to safeguard the constitutional rights to privacy of its citizens in the freely accessible and available e-commerce internet platforms. The existing rules are just but piecemeal that cannot assure the Americans and the Canadians of their safety in the online transactions with the highly malevolent online companies.

Statutory Amendments to the controversial clauses

What continues to bite most of the Americans and the Canadians is that their governments are aware of the vulnerability of the online e-commerce platforms, yet they are only passing legislations that conform to the pressures of the civilians rather than the common good of all citizens.⁸¹ Americans are fighting for liberties in their privacy policies while the Canadians are fighting for the preservation of their dignities in the existing privacy legislations.

Separation and formation of the actual internet business rules

The various privacy legislations existing in the American and the Canadian constitution are shallow, unconstitutionally appropriate and are prone to breaches without any significant accountabilities in the misconducts reported.⁸² The more the US and Canada fight towards making the laws following the desires of the civilians, the more the rule of law continues to lack in both of these countries.

Conclusion

As the Canadians and the Americans, enjoy the unlimited access and the use of Internet business services that involve online purchasing and online financial transactions, it should be noted that both of these countries have weak policies to assure their citizens of adequate constitutional rights to privacy. Worst of all these circumstances is that people are circumventing from reality and forcing their governments to amend laws to suit their personal interests in protecting their liberties and dignities rather than the common good of everyone. Inasmuch as the Americans continue to praise and advocate the laws and privacy legislations that assure them of their rights to privacy against government agencies and not the unregulated and unsafe private agencies, their right to enjoy zero liability for any embezzled personal or financial data is also invariably scarce.

References

Chellappa, R., & Pavlou, P. (2002). Perceived information security, financial liability, and consumer trust in electronic commerce transactions. Logistics Information Management, 15(6), 358-368.

DeVries, W. (2003). Protecting Privacy in the Digital Age. Berkeley Technology Law Journal, 18(1), 283-311.

Glickman, L., & Fingerhut, J. (2011). User-Generated Content: Recent Developments in Canada and the United States. Internet and E-Commerce Law in Canada, 12(6), 49-76.

Hutchins, J., & Francois, R. (2009). A New Frontier: Litigation over Data Breaches. The Practical Litigator, 20(4), 47-56.

Levin, A., & Nicholson, M. (2005). Privacy Law in the United States, the EU, and Canada: The Allure of the Middle Ground. University of Ottawa Law & Technology Journal, 1(2), 357-395.

Movius, L., & Krup, N. (2009). U.S. and EU Privacy Policy: Comparison of Regulatory Approaches. International Journal of Communication, 3(2009), 169-187.

Slane, A. (2004). From Scanning to Sexting: The Scope of Protection of Dignity-Based in Canadian Child Pornography. Osgoode Hall Law Journal, 48(3/4), 543-593.

Sprat, J. (2011). An Economic Argument for Electronic Privacy. A Journal of Law and Policy for the Information Society, 6(3), 513-554.

Whitman, J. (2004). The Two Western Cultures of Privacy: Dignity versus Liberty. The Yale Journal, 113(1151), 1151-1221.

Footnotes

1. DeVries, W. (2003). Protecting Privacy in the Digital Age (Berkeley Technology Law Journal), 286.
2. Ibid, 286.
3. Chellappa, R., & Pavlou, P. (2002). Perceived information security, financial liability, and consumer trust in electronic commerce transactions (Logistics Information Management), 359.
4. Ibid, 359.
5. Devries, 289.
6. Ibid, 286.
7. Slane, A. (2004). From Scanning to Sexting: The Scope of Protection of Dignity-Based in Canadian Child
8. Pornography (Osgoode Hall Law Journal), 543.
9. Sprat, J. (2011). An Economic Argument for Electronic Privacy (A Journal of Law and Policy for the Information Society), 513.
10. Ibid, 518.
11. Ibid, 521.
12. Glickman, L., & Fingerhut, J. (2011). User-Generated Content: Recent Developments in Canada and the United States. (Internet and E-Commerce Law in Canada), 52.
13. Ibid, 52.
14. Ibid, 53.
15. Levin, A., & Nicholson, M. (2005). Privacy Law in the United States, the EU, and Canada: The Allure of the Middle Ground (University of Ottawa Law & Technology Journal), 379.
16. Ibid, 365.
17. Hutchins, J., & Francois, R. (2009). A New Frontier: Litigation over Data Breaches. (The Practical Litigator), 52.
18. Glickman & Fingerhut, 54.
19. Hutchins & Francois, 47.
20. Ibid, 48.
21. Ibid, 53.
22. Levin & Nicholson, 395.
23. Slane, 550.
24. Ibid
25. Levin & Nicholson, 380
26. Movius, L., & Krup, N. (2009). U.S. and EU Privacy Policy: Comparison of Regulatory Approaches (International Journal of Communication) 169.
27. Whitman, J. (2004). The Two Western Cultures of Privacy: Dignity versus Liberty (The Yale Journal), 1151.
28. Levin & Nicholson, 392
29. Movius & Krup, 171
30. Ibid.
31. Whitman, 1163
32. Whitman, 1187
33. Slane, 557.
34. Ibid.
35. Movius & Krup, 169.
36. Whitman, 1193.
37. Movius & Krup, 172.
38. Ibid.
39. Ibid.
40. Ibid.
41. Ibid.
42. Slane, 567.
43. Levin & Nicholson, 362
44. Ibid.
45. Ibid.
46. Ibid.
47. Ibid.
48. Ibid.
49. Ibid.
50. DeVries, 309-311
51. Chellappa & Pavlou, 360.
52. Ibid.
53. DeVries, 310.
54. Ibid.
55. Ibid.
56. Chellappa & Pavlou, 362.
57. Ibid.
58. Ibid.
59. Slane, 564.
60. Levin and Nicholson, 367.
61. Chellappa & Pavlou, 364.
62. Levin & Nicholson, 2005
63. Chellappa & Pavlou, 364
64. Ibid.
65. Sprat, 528.
66. Whitman, 1159.
67. Glickman & Fingerhut, 63.
68. Ibid.
69. Whitman, 1153.
70. Ibid.
71. Glickman & Fingerhut, 63.
72. Whitman, 1153.
73. Hutchins & Francois, 54
74. Ibid.
75. Hutchins & Francois, 50.
76. Ibid.
77. Ibid.
78. Hutchins & Francois, 53.
79. Ibid.
80. Ibid
81. Hutchins & Francois, 51.
82. Ibid.