SAN FRANCISCO (03/09/2000) - The debate over government regulation of online privacy is rapidly evolving from a question of whether to a question of when.
A rash of privacy bills have been introduced in the past year, as poll-driven politicians jump on the consumer-protection bandwagon. In February a bipartisan group of federal lawmakers formed a privacy caucus to push for new legislation.
And the Federal Trade Commission's consumer fraud chief, Jodie Bernstein, has her eye on a number of e-commerce companies, notably Amazon.com and eToys.
The likelihood is growing that industry will have to accept some degree of government oversight. The FTC has in the past sided with business, favoring self-regulation over legislation. But the commission's stance might shift. FTC Chairman Robert Pitofsky told a Senate committee last month that he was "increasingly coming around to the view that there's no single answer."
The commission recently convened its Advisory Committee on Online Access and Security to study the handling of private electronic data. The committee, which is stacked with industry executives, meets four times before reporting to the FTC in May. But it remains to be seen whether the group will produce a coherent report. At its first meeting, on Feb. 4, the FTC told the committee that it did not have to strive for consensus. The members then proceeded to spend hours quibbling over bylaws. Everyone agrees that the public is worried about surrendering personal data online.
But opinions differ over how to assuage the public's concerns. Businesses skated through the early years of Internet commerce by successfully arguing for self-regulation of consumer privacy. They trumpeted the voluntary posting of privacy policies and rallied around friendly watchdogs like TRUSTe and the Council of Better Business Bureaus' BBBOnLine. Last November several top Net advertising firms seized the floor at a joint FTC-Commerce Department forum on online profiling and performed a carefully scripted rollout of a new PR campaign.
The initiative, the ad firms said, would inform consumers of their right to opt out of efforts to collect and use their personal data. In February, DoubleClick, a leading Internet ad firm, launched an initiative of its own, hoping to head off the storm of criticism provoked by its use of personal data.
That's the way to drive privacy online, self-regulation advocates argue - give consumers information and let market forces weed out the companies that misuse personal data.
"We've been really successful at motivating the industry to take action," says Harris Miller, president of the Information Technology Association of America, an industry trade group. "It's unrealistic to think the way to protect people is to pass a law." On the other side of the argument are privacy watchdog groups such as Junkbusters, the Electronic Privacy Information Center and the Electronic Frontier Foundation. "The industry is basically asking you to believe in self-restraint, which, for them, means leaving money on the table," says Jason Catlett, president of Junkbusters. "Try saying 'telemarketer' and 'self-restraint' in the same sentence without smiling."
The best way to protect the public from abuse, advocates like Catlett contend, is through government oversight. Require Web sites to warn visitors if they're being watched. And don't force consumers to parse privacy policies and opt out of data collection - make sites ask consumers explicitly whether they want to opt in. Here's where promoters of self-regulation usually point out that marketing and consumer profiling have been around much longer than the Internet. But it's one thing to fill out a warranty card for a new TV and end up with a catalog in your mailbox.
It's something else to travel the Web and find yourself hemmed into the content and advertisements that some marketing firm thinks you want to see. There's a chance that events on Capitol Hill or elsewhere will render moot the FTC committee's work. The bipartisan privacy caucus has been joined by a special Senate Democratic privacy task force, which is also pushing for legislation.
Sen. Robert Torricelli (D-N.J.) has introduced novel legislation requiring explicit consumer consent before sites can lob software "cookies" onto Web browsers to tag and track consumers online. Sensing which way the wind is blowing, some industry representatives have been talking compromise. The conciliatory faction, a distinct minority thus far, is motivated by a couple of factors.
One is the raft of strict privacy bills introduced in various state legislatures, which might stir the e-commerce industry to lobby Congress to consider milder bills of its own. Another factor: the sweeping financial services legislation enacted last year, which gives states latitude to enact tough financial privacy laws and which the FTC might use to justify a tougher regulatory stance on e-commerce. It's too early to tell whether Congress will pass meaningful privacy legislation this year. Traditionally, Congress accomplishes little in election-year sessions. But Congress has a way of lurching forward on issues with little notice, and privacy efforts could get a bipartisan boost soon, especially if security breaches keep making headlines.