Internet Studies


Ethical constraints


Ethical issues or the morality of approaches to using the Internet for business are a key consideration for managers. Not only will most managers want to act at a similar ethical level to their peers, but new legislation to ensure acceptable ethical standards are maintained has been introduced by governments. If managers are not aware of these laws they may be personally liable and could face substantial fines, or even prison sentences. Furthermore, if a company that has a poor grasp of the ethics of e-commerce will likely damage its brand and lose online customers.

Ethical e-commerce issues mainly concern the privacy of the personal information of customers. Effective e-commerce requires a delicate balance to be struck between the benefits the individual customer will gain to their online experience through providing personal information and the amount and type of information that they are prepared for companies to hold about them. For business-to-business marketing the benefits to both parties of sharing information may be more readily apparent since this typically involves stronger relationships between buyers and sellers. For business-to-consumer marketing the synergy is less clear and the privacy issue is more of a barrier to the development of the Internet.

Ethical issues concerned with personal information ownership can be usefully summarized into 4 areas:

•           Privacy – what information is held about the individual?

•           Accuracy – is it correct?

•           Property – who owns it and how can ownership be transferred?

•           Accessibility – who is allowed to access this information, and under which conditions?

Technically privacy can be defined to refer to the moral right of individuals to avoid intrusion into their personal affairs by third parties. Privacy of personal data such as our identities, likes and dislikes is a major concern to consumers. Yet, for marketers to better understand their customers’ needs and market services that meets these needs, this type of information is vital. How should marketers respond to this dilemma? First and foremost, marketing activities should be consistent with privacy law. The revised 1998 Data Protection Act in the UK that includes local enactment of European legislation is typical of that has been evolved in many countries to help protect personal information. Under the new act, companies must:


1 Inform the user, before asking for information:

•           Who the company is

•           What personal data is collected, processed and stored

•           Purpose of collection

2 Ask for consent for collecting sensitive personal data and good practice to ask before collecting any type of data.

3 Provide a statement of privacy policy. ‘A privacy statement helps individuals to decide whether or not to visit a site and, when they do visit, whether or not to provide any personal information to the data controller.’

4 Always let individuals know when use of 'Cookies' or other covert software are used to collect information about them.

5 Never collect or retain personal data unless it is strictly necessary for the organisations purposes. For example, a persons name and full address should not be required to provide an on-line quotation. If extra information is required for marketing purposes this should be made clear and the provision of such information should be optional.

6 Amend incorrect data when informed and tell others. Enable correction on-site.

7 Only use data for marketing (by the company, or third parties) when a user has been informed this is the case and has agreed to this (This is opt-in, this is described below).

8. Provide the option for customers to stop receiving information (this is opt-out).

9 Use technology to protect the customer information on your site.


This summary of the implications of the act is based on information at the UK Data protection web site (



There are three main aspects of managing personal customer data that are of concern to managers. We will deal with them in turn:

1. Collecting and holding personal information.

2. Disclosing personal information to third-parties.

3. Sending unsolicited e-mails to consumers.


1. Collecting and holding personal information.

One of the difficulties of using the Internet for one marketing, is that it is not easy to identify the end-user in order to target them with specific promotional information. To do this, it is necessary to invade the users’ privacy by planting cookies or electronic tags on the end-user’s computer. Alternatively customers can be made to log-in to an extranet with a user name and password which is a less subversive method of personalisation. It is also necessary to ask customers about their personal details such as name, address, job and services required in order to match the cookie or log-in with the preferences of the person.  By doing this it is possible to identify a user’s preferences and behaviour since each time they visit a site, the cookie on the PC will be read to confirm the identity of the user.


Cookies are small text files stored on an end-user’s computer to enable web sites to identify them.


2. Disclosing personal information to third-parties.

Customers may be quite prepared to give personal information to a company who they have formed a relationship with. They will likely be less than happy if this company then sells this information on to another company and they are subsequently bombarded with promotional material either online or offline. The other risk in this category is that of hackers accessing information held about a customer on servers within a company. For example, the infamous hacker Kevin Mitnick was known for accessing over 20,000 credit card numbers on a company server.


Marketers seek to reassure customers abut information disclosure to avoid losing their business. Visit your local Amazon (, and you will see that a lot of space is devoted to reassuring customers about security and how customer data will not be shared with third parties under any circumstances.


3. Sending e-mail to customers.



Unsolicited commercial e-mail (usually bulk mailed and untargeted)


Unwanted e-mails are SPAM. Spam used to refer 'spiced ham' eaten by American soldiers during the war, but a modern version is ‘Sending Persistent Annoying e-Mail’. The negative perception of e-mail derives from the many unsolicited e-mails we all receive from unscrupulous ‘get rich quick merchants’. The spammers rely on sending out millions of e-mails in the hope that even if there is only a 0.01% response they may make some money, if not get rich.


SPAM does not mean that e-mail cannot be used as a marketing tool. It can be very effective, but only if the recipient has agreed to receive your communications and they are not perceived as SPAM.


As explained below, opt-in is the key to successful e-mail marketing. Before starting an e-mail dialogue with customers, according to European law, companies must ask customers to provide their email address and then give them the option of ‘opting into’ further communications. Ideally they should proactively opt-in to by checking a box. E-mail lists can also be purchased where customers have opted in to receive e-mail.



A customer pro-actively agrees to receive further information



A customer declines the offer to receive further information


The concept of opt-in is that communications are only sent to the customer if they have agreed to receive information, for example, by filling in an online form and ticking a box to say they are happy to receive further communications. The principle of opt-out is that the customer will not be contacted in future if they have asked not to be. For example, if a customer is on an e-mail list, they will no longer be sent it, if they ask to be opt-out or removed from the list.

 A final way of reassuring customers about the safety of their personal information is the use of privacy policies.

 Privacy policies typically contain three areas of ethics which are:

•           Privacy - is information confidential, secure and used only for expressed purposes.

•           Ownership - is information collection authorized and will the ownership be transferred to third parties.

•           Access - is access to personal details restricted and can the consumer access and update their details.