US threat to legislate e-privacy gets serious

A recent call by a US federal regulator to legislate Internet privacy protection has re-opened a controversial issue that had been dormant for a year.

Customer privacy concerns have been on the front burner and growing hotter for at least two years as Internet participation took off. But legislation has only been a threat, brought up at annual hearings reviewing regulators’ surveys of how Internet sites handle privacy.

The US Federal Trade Commission (FTC) had used the threat of legislation as a cattle prod at spring hearings each of the last two years to get more commercial Internet sites involved in self-regulation.

Recently, FTC chairman Robert Pitofsky said the industry had not moved fast enough to incorporate fair information practices of notice, choice, access and security into its business model.

“While the commission applauds the efforts by the private sector to address the issue of on-line privacy, the survey results show that such efforts have not been enough,” Pitofsky said. “The number of Websites meeting basic standards of privacy protection is far too low, endangering consumer confidence in this fast-growing, pro-consumer marketplace.”

Self-regulation and legislation will be needed to protect consumers’ privacy online, and so will technology and consumer education, Pitofsky said.

Privacy Concerns

Privacy concerns have been escalating, holding back some consumers from doing business online and dampening the e-commerce potential.

Broad legislation is not necessary, and the number of sites posting some type of privacy policy is much higher than the FTC claims, an industry group told lawmakers considering legislation.

“What we do not need are sweeping regulations governing the collection and use of data, the conditions and methods under which that data use can be consented to, the dimensions of access that must be provided to data, and the level and design of Web security,” said Christine Varney, an attorney at Hogan and Hartson in Washington, D.C., and an advisor to the Online Privacy Alliance.

Different types of data require different levels of privacy, Varney said. And US Congress have already acted on, or the FTC has sufficient authority to enforce existing law in the misuse of personal, financial and medical data, information about children, identify theft and credit card fraud, she said.

“Privacy and the Internet are ill-served by a crazy quilt of standards,” said Jerry Berman, executive director of the Centre for Democracy and Technology, a privacy group in Washington, D.C. that supports some regulation.

“It is impossible to develop a consistent standard for privacy without legislation,” Berman said.

Legislation is unwarranted and premature, according to the Association for Competitive Technology.

“There are developing technologies that are providing consumers with tools to protect their privacy,” said Jonathon Zuck, ACT’s president.

Zuck cited smart browsers, e-mail remailers, anonymizers and online wallets that encrypt credit card numbers and other personal information as a direct response to consumer demands for more protections.

He said legislation may have unintended consequences, such as pushing prices higher and creating fewer choices.