In response to the increasingly key role that personal information plays in the internet economy and the wholesale exploitation of that information by some internet segments, the Obama administration is planning to increase the policing of Internet privacy by introducing new laws and creating a new position to oversee the effort, according to a new article in the Wall Street Journal.
Scheduled to be unveiled in the next few weeks, the initiative marks a shift from previous administrations that steered clear of government regulations out of fear of stifling innovation.
At issue – Today, U.S. consumers don’t have a blanket right to privacy
In spite of commonly held beliefs, there is no overarching law or set of laws that protects consumer’s privacy – online or offline – in the U.S.
This means that internet privacy issues are generally relegated to policing by the Federal Trade Commission (FTC) which can only take action if a company’s privacy violations are deemed unfair or deceptive.
Consumer’s right to privacy is legally protected by strong laws in many other countries like those in the European Union – which explains why most privacy cases and penalties against U.S. Internet companies, like the recent privacy crackdowns on Facebook Inc. and Google Inc. were led by Canada, Germany, Spain, and the U.K.
Industry measures fail to adequately protect consumers
While some industry players maintain an outstanding track record of consumer protections, other players have specifically engineered their businesses to collect and exploit consumer information, and the bulk of players fall somewhere in-between these extremes. Given this reality, a key issue in the debate is whether the Internet industry is even capable of establishing an effective self-policing model.
The Interactive Advertising Bureau, which represents the online-ad industry which has reaped the ire of many online consumers over their personal data collection tactics, is already protesting the prospect of new laws. “We believe we are living up to consumer-privacy expectations and are very advanced in privacy protections and innovation,” said Mike Zaneis, senior vice president for the organization. See my blog ( Ad Stalking – When Ads Follow You Online to learn how dissatisfied consumers are with some online ad tactics.)
Internet Privacy has fast become a very hot topic on Capitol Hill
The outrage over the depth and speed of consumer’s personal data exploitation has been heard loud and clear in D.C. and several proposals are being circulated as to how best address the abuse.
Rep. Joe Barton (R., Texas), co-chairman of the Congressional Privacy Caucus and ranking member of the House Energy and Commerce Committee, said he welcomed the administration’s privacy initiative. “Better late than never,” Mr. Barton said. “I am glad more and more folks, in the government and otherwise, are beginning to realize that there is a war against privacy.”
There are currently two proposals in front of congress that relate to this balance information sharing; the Privacy bill draft by Rep. Sterns (R-FL) and outgoing Rep. Boucher (D-VA) designed to “assure a higher level of [online] privacy protection” for online surfers, by establishing an opt-in model for collecting Web surfing information for marketing purposes, and Representative Rush’s (D-IL) Best Practices Act of 2010 proposal with the following key provisions:
- Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information.
- Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers’ options regarding those practices.
- Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices.
- Require companies to obtain “opt-in” consent to disclose information to a third party. In the bill, the term, “third party” would be defined based on consumers’ reasonable expectations rather than corporate structure.
- Establish a “safe harbor” that would exempt companies from the “opt-in” consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by FTC.
- Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend certain information.
- Require companies to have reasonable procedures to secure information and to retain personal information only as long as is necessary to fulfill a legitimate business or law enforcement need.
U.S. Commerce Department Assistant Secretary Lawrence E. Strickling said in comments in October that Internet privacy needs to be strengthened for the industry to sustain users’ trust. “It’s difficult for consumers to act in their own interest if the law doesn’t meet their basic expectations” He cautioned that the departments’ upcoming report on the topic isn’t a final position statement, but rather the beginning of a “dialogue” that would lead to an official administration policy on information privacy.
The Federal Trade Commission has also announced they will be issuing a report on Internet privacy by the end of the year.
Increased privacy protections are by no means guaranteed
The Obama administration and proponents of increased consumer privacy protections in both the House and the Senate will face stiff challenges.
Though Republicans generally support privacy, they are unlikely to want to increase the authority of the FTC. They may also be reluctant to support legislation that big internet companies – and heavy campaign donors – find unpalatable. And when your information is worth its weight in gold in the digital economy, some companies will find any restrictions to using your information unpalatable.
Privacy advocates on the other hand are likely to balk at any proposals that lack the teeth of enforcement, and there may be strong splits between advocacy groups as to the approach and penalties proposed.
The key will be in creating an appropriate framework of regulatory guidelines, industry innovation, and consumer education. This needs to be approached with an understanding that there will be ongoing tension over how to strike the right balance between corporate (and government) data collection and consumer privacy because there isn’t one ‘right balance’ point. Privacy and authentication/transactional security needs will exist on a sliding scale that varies between the situational needs and consumer comfort levels.
What should be unanimously agreed upon are these three core consumer protections:
- Transparency – you need to be able to see what information is being collected about you and have a clear understanding of how it’s being used – particularly if that information is shared or sold to other parties
- Choice – you need to be able to easily find and modify information in your profiles
- Control – you need the ability to effect a one-click opt-out of data collection
We are at a crucial fork in the road. The decisions that will be made in the next few months regarding consumer’s rights to personal privacy and control of personal information are likely to echo through history. And you have a very high stake in the outcome.