Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Prosumer Distrust Factors'

B2C Distrust Factors in the Prosumer Era

Roger Clarke **

Invited Keynote, Proc. CollECTeR Iberoamerica, Madrid, 25-28 June 2008, pp. 1-12

Version of 27 May 2008

© Xamax Consultancy Pty Ltd, 2008

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at

The accompanying slide-set is at


Since the dawn of Business to Consumer Internet Commerce in 1994, distrust has been a major impediment to adoption. The current vogue in eCommerce research is aligned with a traditionalist view among consumer marketing companies. Consumers are treated as being non-rational, with hedonistic motivations dominating rational self-interest. Adoption can therefore be encouraged relatively inexpensively, by inculcating an image of trustworthiness and benevolence.

Such attitudes were tenable during an era in which 'media' meant one-way, broadcast 'mass media'. But that era is coming to an end. In the contemporary digital world, consumer characteristics are moving in the direction of Toffler's notion of the 'prosumer'. So the old consumer marketing philosophies reflected in most eCommerce practice, and in most eCommerce research, are rapidly reaching their use-by date.

This paper outlines the prosumer notion, and draws attention to constructive ways in which prosumer distrust can be avoided. Three broad approaches are discussed, relating to the terms of consumer contracts, ways of addressing consumers' exposure to the insecurity of the devices that they use to conduct transactions, and privacy policies and practices.


1. Introduction

Business-to-Consumer (B2C) Internet Commerce has grown far more slowly from its beginnings in 1994 than even many sceptics had anticipated. Most recently, many forms of Mobile eCommerce (M-Commerce) have shown growth-rates far lower than pundits predicted and marketers hoped. There is no lack of enthusiasm among consumers for the new ways of doing business. But there have been many impediments, some natural, and many more that have been created by marketers.

eCommerce researchers have spent a great deal of time investigating the concept of 'trust'. This was seen as an antidote to many of the impediments. It was expected to either directly overcome them, or to add to the attractiveness of the offering and thereby outweigh the downsides that consumers perceive in doing business electronically.

The 'trust' focus has always had an air of naiveté about it. Typical of the literature is Chen & Dhillon (2003), who proposed that the "dimensions of trust in an Internet vendor" are "competence, integrity and benevolence". "Competence refers to a company's ability to fulfill promises made with the consumers. Integrity suggests that a company acts in a consistent, reliable, and honest manner. Benevolence is the ability of a company to hold consumer interests ahead of its own self-interest and indicates sincere concern for the welfare of the customers".

Observations of the behaviour of consumer marketing companies demonstrate little in the way of benevolence, and many compromises to integrity. This should be unsurprising to the observer, because 'holding consumer interests ahead of a company's own self-interest' is in direct conflict not only with business culture, but with the law. 'Business ethics' (despite its popularity as a unit-descriptor in US business schools) is an oxymoron. Company Directors' obligations are to the company. Their actions are of course constrained by consumer rights laws; but there is no scope for ethical considerations to drive the behaviour of corporations.

The practice of consumer marketing exhibits behaviour that is not only very different from 'benevolence', but arguably its opposite. As expressed in Clarke (2004), "An important corollary of the pursuit of shareholder value and the exercise of market power is that consumers are quarry. The language of marketing and selling attests to that, in such words as campaigns, targets, suspects and customer acquisition. The word 'quarry' is usefully ambiguous: consumer data is 'fair game' [that needs to be 'hunted down'] wherever it may be acquired from; and consumer data is there to be mined, or 'quarried'. The data's purpose is to achieve efficiency in marketing communications - efficiency from the corporation's viewpoint".

Companies do what is necessary to attract consumers into doing business. They avoid unnecessary costs and risks. If an image of trustworthiness can be achieved less expensively than actually delivering on trust factors, then that is the course that organisations naturally take. If most consumers are not smart enough to see through pretence, or not diligent or powerful enough to pursue companies that cheat, then marketers feel that they have got away with their strategem.

On the other hand, the disappointing growth rates of B2C eCommerce referred to earlier show that something is badly amiss. This paper proposes firstly that the problem lies with the aggressive attitudes of consumer marketers, and secondly that an alternative approach will pay much better dividends.

It is not only marketers that need to change. The focus of eCommerce researchers on 'trust' is based on an illusion, and has had the effect of reinforcing consumer marketers' commitment to an ineffective strategy. eCommerce research needs to pay much more attention to the various factors that result in the 'distrust' impediment. This paper further pursues the line of analysis in Clarke (1999, 2002a, 2002b, 2004, 2006d, 2007). The conception of consumers inherent in the 'consumer as quarry' philosophy and the 'trust' approach is seriously dated. Both consumer marketers and eCommerce researchers must move on.

The paper commences by examining several key changes whose import has not yet been absorbed by either consumer marketers or eCommerce researchers. Central among these changes is the emergence of the 'prosumer'. Three key areas are then considered in which B2C marketers are inviting distrust. In each case, some benchmarks are proposed for assessing marketers' performance. The first area is communications between marketers and prosumers, and the second is a specific and currently very topical sub-set of the terms of contract, relating to the insecurity of consumer devices. The third area is privacy policies and practices.

2. From Passive to Proactive Consumers

The reason that the 'consumer as quarry' philosophy is rapidly approaching its 'use-by' date is that passivity among consumers is on the decline, and an increasing proportion of consumers are looking for less image and more substance.

Galbraith (1967) coined the term 'the revised sequence' to describe the way in which business enterprises post-World War II prepared consumers to demand what the manufacturers were about to produce. This was feasible because of the opportunities for influence over consumer behaviour created by mass media and sophisticated advertising techniques.

In the intervening decades, several things have changed. The first is that mass media has been challenged by other modes of communication that are not limited to the one-way, broadcast mode of billboards, print, radio and television. A second factor has been advances in the economics of production technologies that enable the 'mass customisation' of product variants at prices only marginally above that for standard products.

The crucial third factor has been changes in consumer behaviour. The Silent Generation (b. 1919-45, and over 60 in 2008), the Baby Boomers (b. 1946-1964, and in their 50s in 2008), and early Generation X'ers (b. 1965 to about 1978, and in their 30s and 40s in 2008) all grew up in the era of mass media. People born since about 1980, on the other hand, have very different world-views. Even some of the members of the earlier Generations have adapted to the new possibilities.

From around 1990 onwards, 'mass' gave way to 'interactive'. Generation Y has grown up with widely-available, reliable and affordable interactive multimedia communications. The digital tools and the bandwidth turned them into producers of digital content and services rather than merely avid consumers of them. Their mode of activity is participative. They regard appropriation as being a good thing. When they discover that it is a breach of copyright law, they are surprised, although not greatly concerned about it (Clarke 1997a).

Since about 2000, the mainstream media have moved beyond interactivity into contexts in which the services are 'always-on' and highly immersive, and individuals try to be 'always-on' as well. Whatever the post-2000 generation will be called will have even stronger expectations that 'rip, mix, mash' is 'what you do'.

These factors have created the conditions for 'prosumerism'. Toffler coined that term in 1980, to refer to a phenomenon he had presaged 10 years earlier (Toffler 1970 pp. 240-258 and 1980 pp. 275-299, 355-356, 366, 397-399). The concept was revisited in Tapscott & Williams (2006).

A prosumer is a 'proactive producer-consumer'. In pre-industrial societies, the dominant activities were 'production for consumption'. Industrialisation achieved progress in material wellbeing through specialisation of labour, which resulted in 'production for exchange', and the separation of production activities from consumption activities. But, in recent decades, various aspects of post-industrialisation have resulted in a proportion of human activity shifting back to 'production for consumption'.

Some common forms of prosumerism include the 'do it yourself' (DIY) movement and the 'home handyman' phenomenon, and self-service retail stores, and, gradually, self-service checkout. More subtle variants include focus groups, consumer panels, and other means for gaining access to the insights of people who buy (or might buy) a new product or service. In the digital world, examples include direct data capture at ATMs, EFT/POS terminals and more recently Internet Banking, the free software and open source movements, together with self-help, mutual service, contributions to FAQs, and Wikipedia. Nearly three decades after Toffler coined the term, and with computing and networking technologies and hence information readily available to them, consumers are becoming the 'proactive producer-consumers' that he envisaged.

The rise of the prosumer has undermined the 'consumer as quarry' philosophy. There remain market-segments within which it is reasonable to assume that consumers are fools. But those segments are aging, and reducing in size and spend. The likelihood of alienating people who have an increasingly prosumer orientation is on the rise. Some market-segments, including many that, in innovation diffusion terms, are likely to be early-adopters and early-majority, already evidence those characteristics. The risks of alienation resulting in non-adoption are therefore high. Corporations need to assess and then manage these risks. The first of three areas considered in this paper is the basis on which consumers and companies communicate and do business.

3. Marketing - with - Prosumer Communications

Prosumers are repelled by the aggressive, presumptuous and even arrogant stances common among consumer marketers during the mass media era. They expect to have information available to them when they want it, and they expect convenience, fair terms, and no fuss.

The terms of the contracts that merchants impose on consumers are subject to contract law generally, and in many jurisdictions to additional provisions that reflect the imbalance in size and market power. In common law jurisdictions, the patterns are particularly complex. There, law has developed over the centuries on the basis of decisions of the courts, has been overlaid by the provisions of statutes and statutory codes, and has then be further augmented by decisions of the courts that apply, explain and even expand the legislation.

Compliance with the law may be enough to overcome distrust, but it is unlikely. In many jurisdictions, consumer protection law is poorly developed, and even where it is relatively strong, achieving enforcement is a slow and arduous task. Consumer expectations are running ahead of the law - and, in some cases are on divergent paths to it. This is particularly so in the new contexts that have arisen in Internet Commerce and M-Commerce, and especially among the younger and more techni-mature market segments. Companies that market to prosumers would be well-advised to appreciate and reflect not only the law but also broader consumer expectations.

Remarkably, studies of the terms imposed on consumers by web-site operators show ignorance of the law, disregard for it, and active endeavours to reduce and undermine consumers' legal rights. The supra-national nature of Internet commerce provides ample opportunity to do this, for example by imposing a jurisdiction that is geographically distant from the consumer, and by means of 'regulatory arbitrage' (i.e. stipulating a jurisdiction that has weak consumer laws).

A number of sources are available that can be used as a basis for evaluating terms offered by B2C marketers. Two documents of modest assistance are OECD (2000) and UN (2003). A specifically digitally oriented Charter is TACD (2008). Some guidance is also provided by consumer codes in various countries (e.g. in Australia, at Treasury 2006). But these generally fail to reflect the specific challenges of electronic business and supra-jurisdictionality, and are in any case relatively weak instruments that result from compromise between human needs and the demands of powerful corporations and their friends in government agencies.

In 2006, this author conducted research as a basis for the B2C Keynote at ICEC (Clarke 2006c). The available sources of guidelines were inadequate for the purpose, and it was necessary as part of the project to develop a 'Normative Template for Marketer-Consumer Communications'. A revised version is at Appendix A to this paper. The sites examined during that research project failed dismally against that expression of 'reasonable consumer expectations'.

That Template is proposed as a suitable checklist for consumer marketing companies that recognise that the terms of contract that they offer to customers and prospects are a distrust factor, and that wish to adopt a strategy of differentiation in the form of consumer-friendly communications and terms of contract.

Some of the ideas that the Template embodies or implies are obvious enough, such as clarity regarding the price that the purchaser will pay, and security of personal data, particularly payment-related data. Other aspects are perhaps less obvious, but potentially very important, such as:

Prosumers are more demanding than their predecessors brought up in the mass media era. Distrust can be avoided through constructive communications and the provision of terms of contract favourable to the customer. Effective research in this area depends on the blending of insights and methods from marketing, law and information systems.

4. Consumer Device Insecurity

One particular facet of the terms of contract appears likely to loom large in the next few years. The conduct of transactions from desktops and laptops is risky. The physical context, the hardware, the software, the networks and the transaction partners all embody many vulnerabilities, and a wide variety of threats exist. There have been dire pronouncements from various consultancy groups and suppliers to the effect that organised crime is greatly attracted to the 'easy money' and low likelihood of prosecution involved in Internet crime. Although considerable allowance must be made for the self-interest of the organisations making the pronouncements, the fact is that malware has already reached epidemic proportions.

There is a recurring promise that eCommerce will extend to MCommerce, via mobile / handheld / wireless devices. This gives rise to yet more serious risks (Clarke 2008b). The most apparent threat is unauthorised transactions, variously through errors, rogue devices, rogue transactions, and capture of authenticators by malware that has been infiltrated into the consumer device.

In at least some countries, financial institutions have recognised the problem, and sought to escape liability for unauthorised transactions by imposing on consumers the responsibility to assure the security of the devices that they use. This is logically preposterous, because consumer devices are incapable of being made secure in any case, and achieving moderate levels of security requires understanding and expertise far in advance of that possessed by the vast majority of consumers (Clarke & Maurushat 2007).

Banks in Australia floated the proposition, but backed off very quickly when it became public knowledge and its inappropriateness was brought to attention. In New Zealand, the banks actually achieved such a change in the Banking Code (Gray 2007). Following aggressive responses from consumer rights groups and regulators, however, it appears that the New Zealand Banking Code is being amended to remove these impositions.

Approaches are available to consumer marketers that are far more constructive than the ill-judged moves by Australian and New Zealand banks. The first step is to recognise the way in which the risks are created:

The second step is to identify appropriate steps for those industry sectors to take. The following were proposed in Clarke & Maurushat (2007):

Consumer marketing companies that have confidence in their security design can take a further step in order to overcome consumer distrust (and perhaps even encourage trust and loyalty). They can provide a guarantee against losses arising from eCommerce and MCommerce conducted using their facilities. The prosumer who sees companies that decline to offer such guarantees will reasonably suspect that those companies are misrepresenting the security of the service and passing risks on to the customer. The prosumer will avoid such companies, and look for iron-clad statements of confidence in the form of no-risk warranties.

5. Privacy Law, Policies and Practice

Privacy is a slippery concept, which has multiple dimensions, and varying degrees of importance to different individuals and to the same individual at different times and in different contexts (Clarke 1997b, 2006b). Privacy represents a risk from the individual's perspective, but also from that of the consumer marketer, because it represents a source of distrust and an impediment to adoption, and hence is a risk that needs to be managed.

In principle, legal protections for privacy could provide a shield against such distrust. In practice, business enterprises and government agencies have been successful in ensuring that privacy laws provide only nominal protection and are in any case unenforceable or unenforced. This was achieved by means of the 'Fair Information Practices' movement. This found international expression in the intrinsically weak OECD Guidelines (OECD 1980), which is the common factor in most national laws around the world, including the slightly stronger EU Guidelines (EU 1995).

OECD-style laws have been further weakened by developments in technology, by subsequent enactments that authorise a wide range of specific, privacy-invasive activities that may otherwise have been illegal, and by the supra-national aspect of globalised business whereby large corporations can safely ignore most national governments anyway.

The limited protections available under OECD-style data protection laws have recently been undermined yet further by the publication of even weaker sets of guidelines designed to make life easier for business and government at cost to consumer privacy (USDOC 2000, APEC 2005).

The result of these circumstances is that consumers are very poorly protected, and the increasing numbers of prosumers among them are concerned about it. This translates into privacy risk for corporations, in the forms of suspicion and distrust. These result in slow adoption leading to limited return on investment, and even non-adoption and hence abandonment of the project.

Unfortunately, corporations have themselves perpetrated a wide array of blunders which have given the public enormous cause for concern about their behaviour. See the collection of vignettes of corporate privacy disasters in Clarke (2006e). A highly publicised cluster of disasters has been in the area of data security, with particular reference to credit card details. But there are many other, in most cases rather deeper privacy concerns, about data collection, date use and abuse, data retention and destruction, and data access and disclosure.

Consumer marketing companies that recognise the problem and want to do something about it have a number of measures available to them.

Firstly, they can establish and implement a comprehensive privacy strategy (Clarke 1996, 2006d). The purpose of this activity is to adopt a proactive stance, and prepare the ground for specific actions both positive in nature (such as prior consultation with affected parties and effective privacy designs), and defensive (such as credible media releases when 'bad news' stories arise, to hose the issue down).

Secondly, companies can conduct privacy impact assessments (PIAs) in relation to each major project that they undertake, entering into informed consultations with advocates and privacy oversight agencies, and designing business processes so that privacy problems are avoided or at least ameliorated (Clarke 1998, ICO 2007).

A third category of measures is the publication of privacy policy statements (PPS). This is very important in jurisdictions that have no data privacy legislation or seriously inadequate law (in particular the USA and Australia). A PPS is less critical in most European countries, but it may be expected by prosumers, particularly those telecommuting from overseas, and hence companies are well-advised to invest in one.

Few sources of guidance exist as to how to devise a prosumer-friendly PPS, but see Clarke (2005a). Many of the commitments, and the business processes to fulfil them, are mainstream. The flavour of the 'extra steps' that can make a difference is given by the template extracts in Appendix B. In addition to being a tool for designing PPS, the template can be used to evaluate them. Regrettably, assessments of published privacy policy statements have shown that even those of major consumer marketing organisations evidence massive shortfalls (Clarke 2005b, 2006a, 2007).

A fourth category of measures is the application of privacy-enhancing technologies (PETs). The various categories of Pseudo-PETs, Counter-PITs (which are countermeasures against the many 'privacy-invasive technologies' - 'the PITs') , Savage PETs (which support anonymity) and Gentle PETs (which support pseudonymity) are examined in Clarke (2001). The construction of business cases for applying PETs is discussed in Clarke (2008a).

Prosumers will expect and even demand that consumer marketers use these techniques. Companies can persist with their old-fashioned, mass-media mentality and see their turnover, profitability and brand-value suffer; or they can seek early-mover advantage by being proactive and commencing cultural change now.

6. Conclusions

eCommerce researchers have been in thrall of conventional marketing philosophies deriving from the era of mass media. Corporations and eCommerce researchers continue to perceive consumers in the same way they did during the mass media era. The images are of 'couch potatoes', passive acceptors of images streamed at them, to which they can react but not respond.

The message from the analysis undertaken in this paper is that 'The mass media era has gone. Get over it'. eCommerce researchers have a responsibility to lead into new areas, not follow down blind alleys. Attention must now be paid to how prosumers' participation can be encouraged, in an era of media that is not one-way, and not merely interactive, but immersive.

Focus by eCommerce researchers on trust factors needs to be at least complemented by attention to distrust factors, but preferably replaced by it. Naive notions of 'marketing company benevolence', and even of 'integrity' need to be purged from the research tool-kit.

Although corporations law and corporate cultures have no place for altruism, 'doing the right thing' by consumers does have a role to play. When organisations conduct their risk assessments, they will commonly find that distrust is acting as an inhibitor to adoption. Image-building activities may have some effect, but they breed cynicism among increasingly activist prosumers with increasing access to information. Positive things can be done to avoid distrust and inculcate trust among customers, rather than merely tricking them into believing that the company is 'benevolent'. And those measures do not cost a great deal of money.

The effective approach to addressing the risks is to devise and implement substantive measures in order to advantage consumers. One element involves terms of contract that protect their interests and allocate most of the risk to the merchant. Another element is privacy policies and practices that are transparent and consumer-friendly, and that forego much of the data-acquisition and consumer profiling potential that has been such a focus of consumer marketing in recent years.

The ease with which a marketing organisation can adopt these strategies depends on the extent to which its corporate culture embodies 'consumer as quarry' attitudes. On the other hand, cultural change is particularly urgent for those organisations that have old-fashioned consumer marketing 'values'. Hence now is a better time to start the transition than later.

At present, many consumer marketing organisations are behind the times, and need to undergo substantial transformation. The more advanced and more flexible companies therefore have a window of opportunity during which they can differentiate themselves from their competitors through prosumer-friendly strategies and measures. That advantage is, of course, competable; but the extra revenue achieved during the window can never be recovered by second-movers, and winning back the market-share and brand-enhancement gains will cost them time, money and momentum.

Appendix A: A Normative Template for Marketer-Prosumer Communications

(Enhanced version of the original in Clarke 2006c)


Terms of Contract






Appendix B: Extracts from the Privacy Policy Statement Template (Clarke 2005a)

Data Security

ThisCompany undertakes to store Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

ThisCompany undertakes to store Your Data only in jurisdictions where data protections are at least equivalent to those required under the OECD Guidelines.

ThisCompany undertakes to transmit Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

ThisCompany undertakes to implement appropriate measures to ensure security of Your Data against inappropriate behaviour by ThisCompany's staff-members and contractors. These include:

Data Retention and Destruction

Subject to the qualifications immediately below, ThisCompany undertakes:

This undertaking is qualified as follows:


APEC (2005) 'APEC Privacy Framework' Asia-Pacific Economic Cooperation, 2005, at APEC (2005) 'APEC Privacy Framework' Asia-Pacific Economic Cooperation, 2005, at

Chen S.C. & Dhillon G.S. (2003) 'Interpreting Dimensions of Consumer Trust in E-Commerce' Information Technology & Management 4, 2-3 (April 2003) 303-318

Clarke R. (1996) 'Privacy, Dataveillance, Organisational Strategy' (the original version was a Keynote Address for the I.S. Audit & Control Association Conf. (EDPAC'96), Perth, 28 May 1996). At

Clarke R. (1997a) 'Electronic Publishing: A Specialised Form of Electronic Commerce' Proc. 10th International Electronic Commerce Conference, Bled, Slovenia, June 1997, at

Clarke R. (1998) 'Privacy Impact Assessment Guidelines' Xamax Consultancy Pty Ltd, February 1998, at

Clarke R. (1997b) 'Introduction and Definitions' (August 1997), at

Clarke R. (1999) 'The Willingness of Net-Consumers to Pay: A Lack-of-Progress Report' Proc. 12th International Bled Electronic Commerce Conference, Bled, Slovenia, June 7 - 9, 1999, at

Clarke R. (2001) 'Introducing PITs and PETs: Technologies Affecting Privacy' Privacy Law & Policy Reporter 7, 9 (March 2001), at

Clarke R. (2002a) 'Trust in the Context of e-Business' Internet Law Bulletin 4, 5 (February 2002) 56-59, at

Clarke R. (2002) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002, at

Clarke R. (2004) 'Privacy: More Wobble-Board Than Balance-Beam' National Office of the Information Economy, Canberra, September 2004, at

Clarke R. (2005a) 'Privacy Statement Template' and 'About the Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at

Clarke R. (2005b) 'Evaluation of Google's Privacy Statement against the Privacy Statement Template' Xamax Consultancy Pty Ltd, December 2005, at

Clarke R. (2006a) 'A Pilot Study of the Effectiveness of Privacy Policy Statements' Proc. 19th Bled eCommerce Conf., Slovenia, 5-7 June 2006, at

Clarke R. (2006b) 'What's 'Privacy'?' Xamax Consultancy Pty Ltd, prepared for a Workshop at the Australian Law Reform Commission, 28 July 2006, at

Clarke R. (2006c) 'A Major Impediment to B2C Success is ... the Concept 'B2C'' Invited Keynote, Proc. ICEC'06, Fredericton NB, Canada, 14-16 August 2006, at

Clarke R. (2006d) 'Make Privacy a Strategic Factor - The Why and the How' Cutter IT Journal 19, 11 (October 2006), at

Clarke R. (2006e) 'Vignettes of Corporate Privacy Disasters' Xamax Consultancy Pty Ltd, 2 October 2006, at

Clarke R. (2007) 'eCollaboration - Some Looming Impediments' Notes for the closing Plenary Panel Session at the 20th Bled eCommerce Conference, Xamax Consultancy Pty Ltd, June 2007, at

Clarke R. (2008a) 'Business Cases for Privacy-Enhancing Technologies' Chapter 7 in Subramanian R. (Ed.) 'Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions' IDEA Group, 2008, pp. 135-155, at

Clarke R. (2008b) 'A Risk Assessment Framework for Mobile Payments' Forthcoming, Proc. 21st Bled eCommerce Conf., June 2008, at

Clarke R. & Maurushat A. (2007) 'The Feasibility of Consumer Device Security' Submission to the Australian Securities and Investments Commission (ASIC) in relation to its Review of the Electronic Funds Transfer Code of Conduct, April 2007. Revised version forthcoming in Journal of Law and Information Science, at

EU (1995) 'Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data' Directive 95/46/EC, 1995 O.J. (L 281) 31-50, at

Galbraith J.K. (1967) 'The New Industrial State' Houghton-Mifflin, 1967

Gray P. (2007) 'Online fraud targeted' The Sydney Morning Herald, 3 July 2007, at

ICO (2007) 'Privacy Impact Assessment Handbook' Information Commissioner's Office, Wilmslow, I.K., December 2007, at

OECD (1980) 'Guidelines on the Protection of Privacy and Transborder Flows of Personal Data', Organisation for Economic Cooperation and Development, Paris, 1980, at,3343,en_2649_201185_1815186_1_1_1_1,00.html

OECD (2000) 'Guidelines for Consumer Protection in the Context of Electronic Commerce' Organisation for Economic Cooperation & Development, Paris, March 2000, at

TACD (2008) 'Charter for Consumer Rights in the Digital World' Trans-Atlantic Consumer Dialogue, April 2008, at

Tapscott D. & Williams A.D. (2006) 'Wikinomics: How Mass Collaboration Changes Everything' Portfolio, 2006

Toffler A. (1970) 'Future Shock' Pan, 1970

Toffler A. (1980) 'The Third Wave' Pan, 1980

Treasury (2006) 'The Australian Guidelines for Electronic Commerce ' Department of the Treasury, Canberra, March 2006, at

UN (2003) 'Guidelines for Consumer Protection' United Nations, New York, 2003, at

USDOC (2000) 'Safe Harbor' U.S. Department of Commerce, 2000, at

Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 1 April 2008 - Last Amended: 27 May 2008 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy