On March 16, 2011, the U.S. Senate Committee on Commerce, Science, and Transportation held a full committee hearing on the state of online consumer privacy. The hearing was the first in a series of hearings the Committee will hold on consumer privacy in the 112th Congress. The hearing focused on online commercial practices that involve collecting, maintaining, using and disseminating large amounts of consumer information, some of it potentially very sensitive and private in nature.
FTC Chairman Leibowitz was the first to testify, describing the FTC’s recent efforts to protect consumer privacy through law enforcement, education, and policy initiatives. Leibowitz then set forth some highlights from the Staff Report on consumer privacy and concluded with a discussion of issues related to the “Do Not Track” proposal. Leibowitz enumerated five critical principles that should be included in any Do Not Track system:
- Any Do Not Track system should be implemented universally, so that consumers do not have to repeatedly opt out of tracking on different sites;
- The choice mechanism should be easy to find and easy to use;
- Any choices offered should be persistent and should not be deleted if, for example, consumers clear their cookies or update their browsers;
- A Do Not Track system should not only allow consumers to opt out of advertising, it should allow them to opt out of tracking altogether; and
- A Do Not Track system should be effective and enforceable without technical loopholes.
Chairman Leibowitz testified he is “sort of agnostic whether the private sector does Do Not Track or Congress requires it.” To read the FTC’s prepared statement on the state on online consumer privacy, click HERE.
Lawrence E. Strickling, Assistant Secretary for Communications and Information of the Department of Commerce, testified that “the Department has concluded that the U.S. consumer data privacy framework will benefit from legislation to establish a clearer set of rules for the road for businesses and consumers, while preserving the innovation and free flow of information that are hallmarks of the Internet.” Both the Department of Commerce and the FTC have been encouraging self-regulation, while suggesting congressional action might be needed as a backstop.
Mr. Strickling, however, urged Congress to enact new legislation setting forth baseline consumer data privacy protections—that is, a "consumer privacy bill of rights" consisting of comprehensive Fair Information Practice Principles (FIPPs). FIPPs should be a collection of agreed-upon principles for the handling of consumer information that would provide clear privacy protections for personal data in commercial contexts that are not covered by existing Federal privacy laws or otherwise require additional protection. Additionally, the new legislation should provide the FTC with the authority to enforce any baseline protections. Lastly, the new legislation should create a framework that provides incentives for the development of codes of conduct as well as continued innovation around privacy protections, which could include providing the FTC with the authority to offer a safe harbor for companies that implement codes of conduct that are consistent with the baseline protections. To read Mr. Strickling’s testimony, click HERE.
The second panel consisted of non-government witnesses, including both consumer advocates and corporate representatives. Erich D. Andersen, Vice President and Deputy General Counsel of Microsoft, testified that “privacy is no longer about being ‘let alone.’ Privacy is about knowing what data is being collected and what is happening to it, having choices about how it is collected and used, and being confident that it is secure.” John Montgomery, Chief Operating Officer of GroupM Interaction, stated that his company “want[s] to build consumer trust in the online experience” and that “consumers should be able to choose whether and how their data is collected or used for online behavioral advertising.” Ashkan Soltani, a researcher and consultant, noted that today’s technical defenses to online tracking are not able to stop leading tracking technologies. “To be effective,” Mr. Soltani testified, “privacy protections for consumers online will likely require both a technical and policy component, working in tandem.” Barbara Lawler, the Chief Privacy Officer of Intuit, focused on the need for balance between consumer participation, the control of information, and continuing data driven innovation, stating that the key to ensuring the proper balance is “earning the customers’ trust.” Lastly, Chris Calabrese, Legislative Counsel for the American Civil Liberties Union, testified that if the collection of data is allowed to continue unchecked, capitalism will build “a complete surveillance state online.” “Without government intervention,” he testified, “we may soon find the internet has been transformed from a library and playground to a fishbowl, and that we have unwittingly ceded core values of privacy and autonomy.”
To view the hearing on the U.S. Senate Committee on Commerce, Science, and Transportation website, click HERE.