Abstract: In this article I will briefly define privacy and “fair information practices.” I will then discuss the self-regulatory regime currently in place in the United States to protect these principles as it relates to the collection and dissemination of online consumer data. Specifically, I will show that there are some problems with this system. In particular, I will point out that privacy practices are not universal and that companies may not be pushed to implement fair information practices by market forces due to strong financial incentives to do otherwise. Finally, I will suggest that legislation such as that used in the European Union could be a viable alternative to self-regulation in the United States. I like shopping online. As a college student in rural New Hampshire, the abundance of online retailers is a dream come true, allowing me to purchase the latest fashion and other items right from my dorm room. But what price should I pay for such a luxury? I compromise my consumer privacy and open myself up to a world of customer profiling, targeted advertising and analysis of my online behavior. Currently, there are no comprehensive legal restrictions on the collection and use of customer-provided data, clickstream data, and other forms of personal information collected about adult consumers on the Internet.1 Instead, we rely on a system of industry self-regulation, built on a market, to protect consumer privacy. There are several problems with this system. First, it is not universally implemented; sites are not required to disclose their privacy practices. Second, since online companies will benefit financially from the use of personal data, especially in targeted marketing campaigns, and since most consumers are not sufficiently informed to protect themselves, companies may not be effectively driven by the market to protect consumer privacy, as has been done. originally thought. Instead, legislation similar to that passed in 1998 by the European Union may be needed to ensure Americans' online privacy. Defining fair information practices First, it is necessary to define fair information and privacy practices regarding online commerce. As early as 1973, the U.S. Department of Health, Education, and Welfare developed a Code for Fair Information Practices (U.S. Department of Health, 1973). It is based on five general principles (United States Department of Health 1973):* There shall be no personal data storage systems whose existence is secret.