Faced with losing most of Europe as a market and alienating potential customers at home, the United States is finally accepting that privacy is a serious business, policy and legal issue.

A growing litany of worrying stories about the ease with which personal information can be harvested from the Internet - often secretly and from children - has riled US consumers. Although they tend to favour few restrictions on how their companies operate, Americans are now putting pressure on their lawmakers to address festering concerns over the gathering and use of their personal data.

"I think it's safe to say that privacy is going to be the big issue" for politicians this year, says Mr Scott Schnell, vice-president of marketing and corporate development for RSA Security, a US company that specialises in protecting online information.

According to Mr Schnell, this year's US Congress is being called "the privacy Congress" because 18 bills dealing with the subject are under consideration. Many more are expected as the year progresses - enough of them to surpass last year's 200 proposed bills (although the majority of those failed to make it to voting stage).

The momentum towards change seems primarily to be coming from two places. On one hand, the European Union insists US companies must comply with the basic provisions of

the EU's Data Protection Directive, which places strict controls on how personal data can be gathered, retained, used and sold to others. "The EU is on a roll in this respect," says Mr Schnell. The US has no such restrictions but wants access to the vast European market, which is larger than that in the US.

An intermediary set of privacy principles, called Safe Harbour, was negotiated between the US and the EU. But the deadline for companies to formally agree to them is July, and to date only 40 US companies have signed up to them with the US Federal Trade Commission - none of them dotcoms, says Mr Schnell - leaving a very large question mark over EU/US trade.

The second motivation for privacy laws is pure economics. Some 90 per cent of US firms say they intend to move some transactions online, and many hope to sell goods and services directly to consumers. But consumers have not rushed to make purchases online and ecommerce remains a tiny proportion of total US sales - only 2-3 per cent to date.

By 2005, 54 per cent of Europeans and 44 per cent of Americans are expected to have Net-enabled mobiles, and 61 per cent of Europeans and 64 per cent of Americans will access the Net on a PC.

Yet only 7 per cent of Europeans and 11 per cent of Americans are expected to buy online by then.

"The issue is privacy," according to Mr Schnell, who was giving a keynote address at RSA's annual Data Security Conference in San Francisco this week.

He notes that 41 per cent of people leave a website rather than reveal their identity and 60 per cent abandon their online shopping carts. Such decisions have direct financial consequences for companies - analyst firm Jupiter believes $4 billion (€4.5 billion) in potential sales will be lost to online retailers this year due to privacy fears alone, rising to $35 billion by 2004.

Consumers have reasons to be fearful, Mr Schnell acknowledges. Several US government studies shocked Internet users in the past two years by revealing that 93 per cent of a cross-section of consumer websites collect personally identifiable data. When it was demonstrated that 88 per cent of children's sites in one study solicited information from kids - with only 26 per cent telling children to get parental permission before sending their details - a new child protection law was enacted.

US firms have strongly opposed privacy legislation, arguing that they can self-regulate on privacy issues, and a major industry drive has pushed many of them to post formal privacy policies. These are supposed to clarify to Web users what information is being gathered on them and how it might be used. But most are written in a confusing legalese and consumers rarely bother to look at them. In addition, consumers can no longer trust that the policies under which they provided information will not be changed. Both Amazon and eBay have told site users that they might hand over personal data to another company if part or all of their businesses were to be sold.

"The information you gave up in the old days might be retroactively used now, contrary to your original wishes," says Mr Schnell. Such a situation would not arise in the EU because an individual's consent must be obtained before personal data may be passed to a third party.

Privacy has become such a hot issue that the media has published a privacy story every week of this year, he adds. No wonder, then, that legislators feel compelled to react. With so much at stake, most observers expect the US to enact a number of privacy protection laws this year.

But Mr Schnell argues that good privacy policy could be a boon rather than a bust to online commerce. "Done right, privacy is a catalyst for profit," he says. For example, new encryption technologies allow information to be gathered and sent to a middleman company that separates personal data from an identifiable individual. The data is supplied to merchants who wish to target individuals with particular interests and needs.

The merchant can then send advertising or offers to the individual, again going through the middleman company, which forwards the advertising to the individual. Merchants would never own the personal details of their customers and even the middleman company would not know the identities of individuals, as data would be handled entirely by encryption software.

Such anonymous exchanges would also work well in auctions where both parties wished their identities to remain cloaked, Mr Schnell said.

While the US seems ready to force companies to protect consumer privacy, the ultimate motivator may simply be the prospect of capturing millions of prospective online customers. "If you want to get to the mainstream, you've got to build privacy in," according to Mr Schnell.