Via a Twitter post this morning, privacy lawyer Stephen Kline (@steph3n) brings to my attention this new California bill that “would require the privacy policy [of a commercial Web site or online service] to be no more than 100 words, be written in clear and concise language, be written at no greater than an 8th grade reading level, and to include a statement indicating whether the personally identifiable information may be sold or shared with others, and if so, how and with whom the information may be shared.”

I’ve always been interested in efforts — both on the online safety and digital privacy fronts — to push for “simplified” disclosure policies and empowerment tools. Generally speaking, increased notice and simplified transparency in these and others contexts is a good norm that companies should be following. However, as I point out in a forthcoming law review article in the Harvard Journal of Law & Public Policy, we need to ask ourselves whether the highly litigious nature of America’s legal culture will allow for truly “simplified” privacy policies. As I note in the article, by its very nature, “simplification” likely entails less specificity about the legal duties and obligations of either party. Consequently, some companies will rightly fear that a move toward more simplified privacy policies could open them up to greater legal liability. If policymakers persist in the effort to force the simplification of privacy policies, therefore, they may need to extend some sort of safe harbor provision to site operators for a clearly worded privacy policy that is later subject to litigation because of its lack of specificity. If not, site operators will find themselves in a “damned if you do, damned if you don’t” position: Satisfying regulators’ desire for simplicity will open them up to attacks by those eager to exploit the lack of specificity inherent in a simplified privacy policy.

Another issue to consider comes down to simple bureaucratic sloth: Mandatory “simplification” efforts means a team of bureaucrats somewhere in this world — in this case in Sacramento, California, I guess — will have to become code cops. Websites and apps will suddenly become subject to a new regulatory regime and all that it entails. So, even if those enterprising trial lawyers don’t get online innovators first, the bureaucrats could make their lives miserable with reams of red tape over time (especially because it would be silly to think that this sort of meddling with end with “simplification” mandates.) That could mean a lot less “permissionless innovation” and many more “Mother May, I?” permissioned proceedings instead.

Further, do we really want such Internet mandates to spring from the state-level? As I noted in my recent essay on “The Perils of Parochial Privacy Policies,” such state-based Internet meddling — even when well-intentioned — could quickly become a confusing morass of over-lapping, contradictory rules. Fifty different state Internet Bureaus aren’t likely to help the digital economy or serve the long-term interests of consumers. It could also open the door to potential Net-meddling on other fronts (online free speech, copyright, cybersecurity, online authentication, etc.) If “simplified” policies can be mandated at the state level for privacy, why not everything else? So, some degree of preemption may be in order here. If the movement of digitized bits across the Net isn’t “interstate commerce,” then I don’t know what is.

Just as an aside, it’s worth pointing out that simply because consumers do not necessarily read or understand every word of a company’s privacy policy does not mean that “market failure” exists. In my forthcoming Harvard Journal piece I discuss how disclosure policies or labeling systems work in other contexts and note that it is highly unlikely that consumers read or fully understand every proviso contained in the stacks of paper placed in front of them when they sign home mortgages, life insurance policies, or car loans and warranties. Such documents are full of incomprehensible provisions and stipulations, even though regulations govern many of these contracts. In these cases, I could argue that consumers face far more “risk” than they face by not fully comprehending online privacy policies. But life goes on. Consumers will never be perfectly informed in these or other contexts because they are busy with other things. In a similar way, a certain amount of “rational ignorance” about privacy policies should be expected.

Let me close by reiterating that increased notice and transparency in privacy and data collection/use policies is generally a good operational norm. But not every smart norm makes a smart law, and in this case there are some thorny unintended consequences that must be considered when policymakers propose “simplifying” privacy policies via state-based regulatory mandates.

[On a related note, my colleague Jerry Brito brought to my attention this interesting 2011 NPR piece on “Why Are Credit Card Agreements So Long?]

There’s a movement afoot in Congress to advance legislation that would eviscerate the Commerce Clause of the Constitution, empower a state-based tax cartel, and potentially decimate the Internet economy in the process.  Business Week has the details:

In the next week, legislators are expected to introduce bills in the House and Senate promising to do away with the “physical presence” requirement. If a bill passes — and that’s a big “if” — it would require all online retailers, except for the tiniest companies, to collect sales taxes in the 23 states that are part of the Streamlined Sales Tax Project. The states would compensate the retailers for the trouble, while promising not to sue them for tax collection mistakes that are made.

The Streamlined Sales Tax Project, or “SSTP”, sounds good in theory but would be disastrous in practice.   Michael Graham of the Boston Herald penned an editorial about the SSTP today and he does a nice job pointing out why, when it comes to “tax simplification,” the devil is always in the details and those details are typically anything but “simple” (or taxpayer-friendly for that matter).

The real danger of the SSTP, however, is what it means for the Constitution and tax competition among the states.  In this 2003 paper I penned with Veronique de Rugy for the Cato Institute, we showed why the SSTP would not only fail to simplify the sales tax code, but would actually cede dangerous taxing powers to state and local governments over the interstate marketplace.  In the process, Veronique and I argued, a multi-state sales tax cartel would be spawned:

Bringing greater uniformity to the current system may have some positive benefits, such as more straightforward tax administration, but it would come at the expense of tax competition between the states and localities. Moreover, when supporters of the [SSTP] argue for greater uniformity in the sales tax system, they may just be making a covert effort to sustain higher tax rates and expand the current system to incorporate remote vendors on interstate goods and services. But at what cost? The states are essentially proposing to abandon true federalism and jurisdictional tax competition in exchange for the power to potentially recoup a small amount of tax revenue from interstate sales through a uniform system of third-party tax collection. Sadly, it appears that state and local officials would prefer to create a cozy tax cartel instead of relying on a “laboratories of democracy” model of competition between the states. Many analysts have labeled the SSTP proposal “collusive federalism” or “cartel federalism,” because it runs counter to America’s true federalist structure of government and has very little to do with protecting states’ rights. In fact, if a state wants to simplify its sales tax base, it can do so and does not need to reach an agreement with other states.  Federalism is about state independence, not state collusion.

That’s why Congress should never cede taxing authority over interstate commerce to state or local governments. Of course, the Founders taught us this years ago when the tossed out the Articles of Confederation in favor of our current Constitution. They realized federalism was a two-sided coin, and while the states should be left with broad discretion to craft their own tax policies, that authority must end at the state border.  It must so that a free-trade pact among the states can work and interstate commerce can flow freely.  The SSTP would sabotage that.

That doesn’t mean that there is no way for states to constitutionally tax online sales.  As Michael Graham notes, there is an easier solution that would be pro-constitutional and pro-tax competition: An “origin-based” taxing rule:

The fair and obvious solution is to treat every Internet purchase like an ice cream cone on Hampton Beach. The Ben and Jerry’s guy there doesn’t ask where you’re from. For every dollar of ice cream he sells, he collects the same sales tax, period. Why not have Internet retailers do the same? If a business in New Hampshire sells a product, online or at the drive-thru, it always collects the local sales tax. It’s fair — after all, that business and its workers use services the taxes support. And it’s easy — every business already knows how much to collect.

Here’s how Aaron Lukas and I described an origin-based taxing system in a 2001 Cato article:

Most people don’t realize it, but nothing is stopping states from “leveling the playing field” on sales taxes. Each state has the legal authority to tax all transactions that originate within its borders (i.e., an “origin-based” tax). But no state chooses to tax sales that in-state businesses make to out-of-state buyers. In other words, states purposefully exempt their exports from sales taxes. So why don’t states treat all merchants the same by having them collect the local sales tax regardless of where the buyer lives? When you walk into Wal-Mart, checkout clerks don’t ask you where you live; they collect the taxes due where the store is located. We could treat Internet sellers that way. But states fear that a few low- and no-tax rogue states might lure businesses away. Politicians call that a “race to the bottom.”  But it’s really just healthy tax competition.

An origin-based taxing methodology would also have the important added benefit of protecting buyer / taxpayer privacy.  There’s no need for extensive data-collection and reporting requirements that would have to accompany a destination-based taxing rule, as required under the SSTP.

Federal lawmakers should reject the SSTP proposal as an anti-competitive, unconsitutitonal nightmare for our Republic.  If states want to “simplify” their sales tax codes, then by all means, go for it.  But there is no need for Congress to grant them power to extend those taxes outside their borders or, worse yet, do it in unison with other tax officials as part of an interstate tax cartel.   Tax competition must trump tax collusion.