By Jennifer L. Saunders
The time has come for national privacy legislation.
That’s according to testimony prepared by National Telecommunications and Information Administration Administrator Lawrence Strickling for today’s Senate Commerce Committee hearing focused on online privacy that indicates the Obama Administration’s intent to pursue a privacy bill of rights for U.S. Internet users based on the Department of Commerce’s December report on Internet privacy.
As quoted in Tech Daily Dose, Strickling’s testimony notes, "Having carefully reviewed all stakeholder comments to the ‘green paper,’ the department has concluded that the U.S. consumer data privacy framework will benefit from legislation to establish a clearer set of rules for the road for businesses and consumers, while preserving the innovation and free flow of information that are hallmarks of the Internet.”
Strickling’s comments come in the wake of multiple reports of privacy bills coming forward in both the U.S. Senate and House of Representatives.
In advance of today’s hearing, Senate Commerce Committee Chairman John D. (Jay) Rockefeller IV announced it would effectively start the 112th Congress’ deliberations on the issue of consumer privacy.
Speaking before the committee, Strickling discussed the need to improve the protection of consumer data privacy in the rapidly evolving Internet economy, noting that trust is imperative for the stability and continued growth of the Internet.
The hope, he said, is to establish multi-stakeholder approaches based on fair information practice principles (FIPPs) with flexibility to address privacy issues as they arise, enforceable codes of conduct and strengthened enforcement powers for the FTC.
“The administration now recommends that congress enact legislation to provide a firm legal foundation” for enforceable codes of conduct that would be designed to be flexible and create greater interoperability with other countries’ privacy laws, he said, adding that consumer privacy “remains a top priority.”
FTC Chairman Jon D. Leibowitz voiced support for the idea of a privacy bill of rights, noting that the reaction to the FTC’s report on consumer privacy and call for a do-not-track mechanism for Internet users has resulted in a record 446 comments during the report’s review period.
Protecting data will only improve trust on the Internet, he said, telling the committee, “Stakeholders have responded very, very positively to our call for do not track.”
Explaining that he remains “agnostic” as to whether such a mechanism should come from the private sector or be a legislative requirement, Leibowitz said do not track cannot be an “empty slogan;” it needs to be universal, easy-to-use and access, provide persistent opt-out protection for users and be enforceable.
Following on the recent release of privacy reports by the FTC and the Department of Commerce, the hearing featured a range of input on the collection and use of consumers’ personal information for commercial purposes.
“Modern technology has connected people with the world and led to new innovations, new products and new experiences,” Rockefeller said prior to the hearing, noting that with “these new opportunities come new risks. I want to know if the privacy protections we have in place are enough, or whether congress needs to step in and do more.”
Following the opening of the hearing, Sen. John Kerry (D-MA) spoke of his plan to introduce legislation calling for a “commercial privacy bill of rights” not to discourage innovation on the Internet but to encourage information sharing under a “common code of conduct” that respects individuals’ rights at time when technology “allows private entities to observe…Americans on a scale that is unimaginable.”
And, he warned, “Once a person’s information is collected, there are no legal limits on the further distribution of that information,” stressing that baseline privacy protections “are a matter of common sense.”
Recognizing the importance of privacy, Sen. Claire McCaskill (D-MO), who described the Internet economy as one where “behavioral monitoring equals money,” cautioned, “I just want to be sure that we don’t kill the goose that laid the golden egg here under the very laudable notion of privacy.”
Leibowitz and Strickling noted, however, that there has been industry support for baseline legislation.
That support, Leibowitz said, indicates that online companies recognize that with limits on tracking and improved privacy protection, “the sky won’t fall down on Internet commerce,” as with more trust, consumers are likely to do more business online.
Strickling added that there appears to be support among industry leaders for baseline privacy legislation, where a federal “privacy bill of rights” based on FIPPs would then allow organizations and industry to create the codes of conduct rather than having government draw the specific lines of just how privacy on the Internet would be protected.
With FIPPs-based legislation and FTC enforcement, Strickling said such a plan would allow what McCaskill referred to as the “good guys” to have some flexibility in terms of actual implementation to meet those requirements and enable enforcement for the “bad guys” who ignore the regulations.
During the second witness panel, industry and advocacy leaders weighed in on consumer privacy legislation.
Intuit’s Barbara Lawler, CIPP, spoke to the importance of customer trust and the value of principles-based privacy legislation that enables flexibility to offer data-driven solutions within sector-specific privacy laws.
Such legislation “is more likely to be understood by the public it seeks to protect” and win the international support that is essential in the global economy, she explained, adding that “codes of conduct, based on context…would build on top of a privacy baseline.”
Ashkan Soltani, a technology researcher and consultant who was the primary consultant in The Wall Street Journal’s “What They Know” series, described the current state of online tracking across the Internet. “Today’s consumer choice mechanisms fail to provide consumers with meaningful control,” he said.
Online tracking is pervasive, difficult to understand and hard to stop. “There’s a clear need for better privacy controls to limit unwanted tracking, and industry has not delivered.”
He called for technology and policy working in tandem.
Chris Calabrese of the American Civil Liberties Union added strong support for privacy legislation, stating that on the Internet, “data collection is neither benign nor anonymous.”
Erich D. Andersen of Microsoft Corporation endorsed the call for baseline privacy legislation.
The current sectoral approach “is confusing to consumers and costly for businesses.”
He said the company is committed to working with legislators in the effort to protect consumer privacy while supporting Internet innovations.
John Montgomery of GroupM Interaction described the self-regulatory process, recommending giving self-regulation an opportunity to work given that protecting consumer privacy is “not only the right thing to do, it is good for business.”
Kerry concluded the hearing by stating he is working with Sen. John McCain (R-AZ) on privacy legislation and hopes to have their bill in a form to be introduced very soon.