SHOP SAFE Act, if Passed, Presents Major Privacy Risk, says EFF

Oct 27, 2021 | Privacy & Security

America’s leading non-profit privacy advocate, the Electronic Frontier Foundation (EFF) has slammed the SHOP SAFE Act before Congress as good in theory but fairly ridiculous in practice, especially for privacy.

The EFF calls out as a significant privacy risk the proposed requirement to have ecommerce platforms verify the identity, address and contact information of any third party seller who uses their services. It argues that requiring a seller of any good online, including used goods (think mom and dad running a garage sale) to send their driver’s license or other government ID to the platform before making a listing unnecessarily exposes their personal information to the platform. And given the broad nature of the Bill, the selling platform in this case could be anything from eBay, Amazon, Facebook and Craigslist to Gmail and other email providers if the seller decides to make the sale via email (e.g. if they sell a used bike to a colleague using email). 

“Imagine if you had to provide a copy of your driver’s license to Craigslist just to advertise your garage sale or sell a used bike. As over the top as that seems, it’s even worse when you think about how this would apply to services like Gmail or Facebook. Should you really have to provide ID to open an email account, just in case you sell something using it? Requirements like this threaten not only competition but user privacy, too,” the EFF writes.

The bipartisan Stopping Harmful Offers on Platforms by Screening Against Fakes in E-Commerce (SHOP SAFE) Act was introduced to Congress in March 2020 to protect consumers from the online sale of harmful counterfeit products. If the Bill passes, online marketplaces could be held liable for injury and damages suffered from these products. The way around being held liable is if the third party seller can be served a lawsuit in the United States or the platform meets 10 requirements before the counterfeit item is sold. The first of the 10 requirements is that the platform has “verified the identity, place of business, and contact information of third-party seller against governmental and other reliable sources.” Another requirement is that the platform has “conspicuously displayed the seller’s place of business, contact information, and identity along with manufacture location and shipping origin of the goods.” You can see the privacy risks to the mom and dad just wanting to offload some old books and clothes.

The Bill aims to offer ecommerce platforms incentives for more thoroughly checking third party sellers and hold those platforms liable for allowing dangerous counterfeits (e.g. a toy that breaks down and becomes as health hazard) to be sold. But while the EFF says protecting the consumer from dodgy products is a noble goal, it’s a case of hurting the consumer with a law that’s meant to help them. 

Some commentators say the SHOP SAFE Act has little chance of passing into law unless the increase in cybercrime and counterfeit products seen during the pandemic prompts lawmakers to tighten the screws. 

From our perspective, this Bill is yet another challenge in the ongoing battle to protect consumer privacy, but we can offer some protection through MySudo. Sure, there would be no way around having to submit a verifiable name and address via government ID, but using a MySudo phone number and email address instead of their personal details when they contact the ecommerce platform at least limits the amount of personal information they expose. Check out MySudo consumer app and Sudo Platform for delivering the same types of capability to customers. 

Find out more about SHOP SAFE Act here and here.

Photo By Kite_rin

You May Also Like…