A Federal Trade Commission (FTC) advisory committee, formed to study online access and security issues, has completed its work and written a report that fails to offer a recommendation on the most contentious problem it faced: How much access should consumers be given to information that businesses collect about them via the Internet?
Instead, the Advisory Committee on Online Access and Security, a 42-member group made up of business representatives, privacy experts and industry groups, outlined a series of options, ranging from giving consumers total access to the information gathered about them to more limited access. The FTC appointed the committee in January.
"It was going to be difficult to come to any consensus," said committee member Richard Bates, vice president for government relations at the Walt Disney Co., citing the diversity on the panel. But Bates said he believes the committee's report will play a useful role in the privacy debate - a view that was echoed by some other committee members in interviews.
"What we were able to do was define the issues and different choices that need to be reviewed," Bates said.
The report is due to be released on Monday, but the FTC yesterday posted a final draft on its Web site. Committee members said the report that's now online is essentially complete.
The committee was comprised of people with strong and seemingly irreconcilable views on online privacy - split between those who favor industry self-regulation and those who believe some government regulation is needed. The report that they produced doesn't take sides on that issue.
But Rick Lane, director of congressional and public affairs for the U.S.
Chamber of Commerce and a committee member, claimed the report will help industry self-regulation advocates. "I think what this report shows overall is that the issues we are struggling with are very complex and moving very quickly," Lane said. "And from our perspective, we see that as a perfect reason why there should not be legislation."
Earlier this week, in advance of the report being issued, the CEOs of e-commerce companies such as America Online Inc. and Amazon.com Inc. sent a letter to more than 400 of their colleagues urging them to take online privacy more seriously and to do a better job of self-regulating.
Andrew Shen, a policy analyst at the Washington-based Electronic Privacy Information Center and a committee member who favors regulation, said the main problem in reaching consensus is that for some online companies, collecting information about consumers is their main business.
"A lot of Web sites just don't want to provide consumers with full access - it's just a product of how information-intensive a lot of these Internet companies are," Shen said.
Regardless of which side people take in the debate, Deirdre Mulligan, staff counsel at the Center for Democracy and Technology and another committee member, said the report sets out the issues in a way that should be helpful to both sides. "There is nothing that stalls a policy discussion more than the daunting task of actually trying to get all the facts on the table," she said.
The report provides its most extensive analysis on the access issue, which the FTC considers one of four information principles along with "security," "choice" and "notice." The FTC has been conducting a survey to see how well commercial Web sites are complying with those principles, and the results are due out later this month.
On the access issue, the commission weighed four major options.
One would require e-commerce companies to give consumers total access to all the information on their Web sites. No personal information would remain off-limits, and the initial access would be free. However, businesses could charge for repetitive requests or even deny requests for access if they are "unduly repetitive."
Proponents said the total access plan offered uniformity and predictability for both sides. But business representatives said the approach would lead to substantial cost increases, including new design requirements for existing systems and additional storage, personnel and legal expenses.
At the opposite end of the spectrum was an "access for correction option" that would only allow access to data for the purpose of correcting it.
The report summarizes the argument for that option this way: "There is no compelling reason to provide access to uncorrectable data, unless the real goal is to raise the cost of maintaining personal data so high that Web sites just give up and stop gathering the information."
But the report, as it does for all its options it considers, also points out the opposite view. The corrections-only option "reduces the principle of access to a single purpose - correction of errors," the report says. "Sometimes data may not be correctable but may be used in inappropriate or unfair ways with significant impact on the individual."
On the issue of online security, the advisory committee agreed that data should be secure but that any standards should be flexible and determined on a case-by-case basis.