How about Estonian law with your morning cuppa’

DailyTimes screengrab

It’s like the Hotel California, you can subscribe any time you like but you can never leave.

It’s not often you start the morning with an international legal dispute, and that before one’s morning coffee. This morning, from the kitchen, I was treated with the dulcet tones of my wife arguing with the London Times about cancellation of her online subscription. It turns out they only accept cancellations from the US via passenger pigeon on odd Tuesdays which have a full moon, and then only when written in the blood of a recently slain unicorn. Ok, not really, but as we haven’t actually figured out how one successfully cancels a subscription, that may in fact be the cancellation policy. Pro tip – don’t subscribe to the London Times.

Anyway, the interesting thing about that kerfuffle is the degree to which the average consumer worldwide is entering into contracts with companies in other countries, ostensibly under the laws of those countries. As consumers, however, those individuals remain protected under the consumer protection and other laws of their respective countries (or, in the case of the US, an odd patchwork of federal, state, and local laws). As a result, even as simple transaction as a newspaper subscription or Facebook registration can give rise to significant legal cases with an international impact.

Many of those cases involve privacy and the EU-US privacy shield. Europe isn’t alone in its concern for the privacy of citizens, however, with a new decision extending the protections of Canadian Privacy to data disseminated outside of Canada (hat tip to Daniel Solove). While the US doesn’t really care as much (or perhaps at all) about privacy, there are laws like the Speech Act which attempt to protect US residents (in this case writers) from the effects of foreign laws which are against US public policy (in this instance, the right to free speech).

There are a host of other issues which arise from these contracts, however. Do companies like the Daily Times understand and follow US legal requirements like the Fair Debt Collection Practices Act or, in the case of selling (and upselling), the Telephone Consumer Protection Act? Even if they do, how does one collect a relatively small debt in a foreign country in an efficient and cost-effective way? In the other direction, Europe has extended its controversial “right to forget” worldwide, creating a compliance nightmare for Google and other big US tech companies, and an unresolved conflict for others without as much skin in the game in Europe.

The Internet makes international business possible from your kitchen table. What that means for public policy and protection for the consumer remains largely unresolved.

A cold wind on privacy

AMadison screenshot

Not just your moment; yours, Verizon’s, Amazon’s …

Standing outside in the chill of what passes for “spring” these days, with a cold breeze numbing the end of my uncovered ears (it’s SPRING for God’s sake), I listened to my fellow soccer parents discussing the merits of the Senate’s recent vote to rescind the FCC’s as-yet unimplemented rules on privacy for ISPs. Overall, I think most of the parents were pretty ok with the loss of some privacy in exchange for the perceived benefits of data sharing. Most of that had to do with the cool things technology can do when provided with access to data, like make sure your latté is ready before you actually arrive at Starbucks in the morning.

Listening, I was trying to think of why I’m not on board with that logic (other than the fact that I’m not a huge latté fan). Aside from the many concerning ways in which ISPs can and have used data, the bigger problem would seem to be that there’s no real guarantee that the data will remain with the ISP or their marketing partners.

First of all, big companies of all stripes are pretty terrible at keeping data secure. That means that, in addition to that cool relocation feature which allows you to pre-order a late on the drive to that early-morning soccer tournament, you may be letting hackers from the Ukraine into details about your life which may (or may not) allow them to hack into your bank accounts or determine the content of that highly sensitive e-mail you received.

Secondly, as lawyers well know, data of all types is discoverable in litigation, so those “innocent” late night visits to Ashley Madison may not be as private as you think they are. While much of that data is already available and discoverable from your e-mail provider or home computer, giving ISPs an incentive to keep and distribute that data certainly won’t improve matters any. Increasing the amount of data available also means more data available to the government, and while it’s nice to believe that only matters if you’ve done something wrong, that’s not always true. In Europe, the public and the courts have been fighting against mandatory data retention rules, even as the US arguably incentivizes the private collection of data.

For or against, there’s not much you can do to protect yourself against data collection – most Americans have limited choice in ISPs, and some have no choice at all. Short of running everything through a VPN, or simply not using the internet, it looks as though consumers have to get used to the idea that their traffic will be collected and shared by ISPs, the government, and pretty much everyone else who has access to it.