The advent of global on-line shopping has been heralded in glowing terms for the consumer - more choice, keener prices and you don't have to leave your living room to shop. But behind such adulation, there lies a darker side to this new panacea, and without appropriate controls is a hidden intangible cost that many see as outweighing the trumpeted benefits of consumer e-commerce, that being the threat to personal data privacy due to the unprecedented potential for data collection and manipulation that are facilitated by the new medium. This paper will look behind the gloss of e-commerce, to analyse the seriousness of this threat. We will specifically consider whether this new electronic environment is such, that existing data privacy protection provisions are inadequate in meeting the challenge posed by the architecture of on-line sites and the computing power they possess. A main feature of our discussion will be a consideration of the problems created in this global environment, where jurisdictions have differing levels of privacy protection, this being specifically pertinent to the European Union and the United States, who have been involved in protracted negotiations on transborder data privacy protection due to the stronger privacy protection afforded by the EU Data Protection Directive,1 than that provided for by the United States.