Officials at some top U.S. companies today defended their data privacy policies before Congress and urged lawmakers to show restraint in imposing regulatory burdens on those practices.
"Administrative processes, such as those required by recent European legislation, impose unimaginable burdens for companies like ours with little or no substantive benefit to the consumers," said Zeke Swift, global privacy director at Cincinnati-based Procter & Gamble Co., at a hearing before the House Subcommittee on Commerce, Trade and Consumer Protection.
Swift was referring to the safe harbor agreement between the U.S. and the European Union. Companies such as P&G that sign up for safe harbor voluntarily promise to provide protections to data exported from Europe that are equivalent to those spelled out by European laws. That means providing access to the data and "opt-in," or affirmative consent, for certain kinds of information, among other rights.
But complying with the safe harbor agreement involves more than signing a list. For P&G, it has resulted in a contracting process with all the company's entities to ensure the rules are followed. This administrative task "doesn't help consumers at all; what makes a difference is that we have those practices and that people do observe them," said Swift.
This was the subcommittee's sixth hearing on data privacy issues. The hearings have been held as part of an effort to educate lawmakers who are now swimming in a sea of pending privacy bills in both houses.
The privacy legislation is being sparked by fears that online commerce is making it easy for companies to peep on users' personal habits and compile sophisticated customer dossiers. But those fears aside, it's becoming increasingly clear that any data privacy legislation will likely apply to all data, regardless of whether it's collected off-line or online.
Lawmakers are also being urged to ensure that any privacy rules are applied evenly to all businesses. To do otherwise raises fairness issues if only online merchants have to comply with the regulations, said Paul Misener, vice president of global public policy at Amazon.com Inc. in Seattle.
But even if privacy legislation was applied only to Internet companies, it may be impossible for many companies to distinguish between personal data collected online or off-line, said Harriet Pearson, IBM's chief privacy officer. "It's the same database or set of databases," she said.
Company officials also argued against any specific "opt-in" or "opt-out" requirements. It's more important to make sure that consumers understand the choices available to them, company officials argued.
"The important concept here is choice and prominence and presenting it in a conspicuous and understandable way," said Jacqueline Hourigan, the director of corporate data policies at General Motors Corp.
The privacy debate in Congress is centered in the Senate Commerce Committee, but even the chairman of the House Energy and Commerce Committee, Billy Tauzin (R-La.), raised warnings about privacy regulation, arguing against building privacy legislation based on fears.
"It's easy to imagine how data may be misused," he said, but an important part of the process is "understanding what the real problems are, not the imagined ones."