Privacy Precepts Learned the Hard Way: Melugin Op-Ed in Washington Times

For recently bankrupt Toysmart.com, trying to liquidate its customer information database has been more like playing with matches than children’s toys. Last week’s dismissal of an agreement between the recently bankrupt online toy retailer and the Federal Trade Commission by Judge Carol Kenner of the U.S. Bankruptcy Court, doesn’t do much to address the privacy concerns in the case, but there is a larger lesson to be learned from the debacle. Simply put, government’s legitimate function is to enforce contracts, not dictate their terms, as many privacy advocates would suggest.

That distinction is crucial to the Toysmart.com controversy. Before the online toy retailer declared bankruptcy in June, its posted privacy policy promised customers that their “personal information . . . such as name, address, billing information and shipping practices, is never shared with a third party.” But with anxious creditors and a list estimated to be worth millions of dollars, the privacy promise almost fell by the wayside. After seeing the list advertised in the Wall Street Journal, privacy advocates and tens of attorneys general voiced concern and, as a result, the Federal Trade Commission sued Toysmart.com on July 10 to prevent the sale.

Less than a month later, over the objections of 38 state attorneys general, the FTC and Toysmart.com agreed to proceed with sale attempts under certain restrictions. Provisions included that the list be sold to a buyer that will be respectful of the original privacy pledge and that a buyer must purchase the web site itself. Under these terms, Toysmart.com did receive two offers. One was from Toysmart.com majority-owner Walt Disney Co., which offered to purchase the list for $50,000 and destroy it. But Toysmart.com rejected the offer and decided to hold out for more money.

And indeed, they might be seeing more offers after last week’s ruling to dismiss the terms of the FTC and Toysmart.com agreement. Judge Kenner ruled that the terms are premature until a potential buyer comes forward with an offer and specifies how he intends to use and protect the personal information. Only after this happens, will the privacy concerns of the FTC and state attorney generals be entertained.

But the judge may be inadvertently undercutting the market’s ability to credibly offer privacy assurances to the public. If customers gave their personal information on the condition that it not be shared with a third party, then it is important that their information is indeed kept out of the hands of third parties, not that the FTC and attorney generals get to decide who “qualifies.” The proper role of government is to make sure that contracts between consumers and the businesses are upheld.

In this case, that means Toysmart.com, whatever their financial situation may be, should not be allowed to violate the terms of their agreements with customers. In preventing them from doing so, government officials would have acted appropriately and in the interest of consumers. The business world may have lost one e-mail list, but consumer’s legitimate agreements would have been honored. Future privacy policies can simply adjust to allow for bankruptcy sales.

Unfortunately, the FTC doesn’t seem to be satisfied with just enforcing the terms of agreements consumers forge. With their recent regulatory recommendations to Congress and a deal cut with online advertisers to limit certain types of information collection practices, it is clear that the FTC wants to set the terms for information exchange between companies and consumers.

If allowed to do so, consumers will have less control over deciding what information they are willing to share in exchange for benefits such as free content online, more relevant advertising and lowered costs of doing business. All these perks are made possible by information collection online. And all of them will be threatened if the government, instead of the consumer, starts deciding the “who,” “how” and “under what circumstances” online information sharing is permissible.

While the immediate result of the Toysmart.com debacle might be nothing more than companies modifying their privacy agreements to allow for sales in case of liquidation, the more general lesson to be gleaned is that companies that violate contracts should have their feet held to the fire by government, but government should not treat consumers like children.