Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the U.S. and the U.K.

Abstract

We present data on privacy practices in e-commerce under the European Union’s (EU’s) formal regulatory regime prevailing in the United Kingdom (U.K.), and compare it to the data from a previous study of United States (U.S.) practices that evolved in the absence of government laws or enforcement. The codification by the EU law, and the enforcement by the U.K. government, improves neither the disclosure nor the practice of e-commerce privacy relative to the U.S. Regulation in the U.K. also appears to stifle development of a market for web assurance services. Both U.S. and U.K. consumers continue to be vulnerable to a small number of e-commerce websites who spam their customers, ignoring the latter’s expressed or implied preferences. These results raise important questions about finding a balance between enforced standards and conventions in the domain of financial reporting. In the second half of the twentieth century, financial reporting has been characterized by a preference for legislated standards, and a lack of faith in its evolution as a body of social conventions. Evidence on whether this faith in standards over conventions is justified remains to be marshaled.