New online privacy measures proposed by the U.S. Department of Commerce Thursday fall short of the action that's needed to protect Internet users, several privacy advocates said.
The Commerce Department paper calls for an online privacy bill of rights and codes of conduct for Internet companies, with enforcement by the U.S. Federal Trade Commission. But several privacy groups questioned whether the codes of conduct would be effective because of the paper's suggestion that affected companies help write them.
The policy recommendations in the report are an "early Christmas gift to the data collection industry," said John Simpson, consumer advocate with Consumer Watchdog.
Internet-based groups have been creating their own codes of conduct for years, and Web-based tracking and data collection continue to grow, said Susan Grant, director of consumer protection at the Consumer Federation of America. "The solution is not more self-regulation," she said. "That seems to be the main thrust of the Commerce Department report."
The report seems to give more attention to concerns of Web-based companies than to consumers, with little change in online data collection likely, other privacy advocates said. The report is "designed to marginalize consumers," said Jeffrey Chester, executive director of the Center for Digital Democracy.
The Commerce Department proposal would give companies that comply with the codes of conduct safe harbor from some enforcement actions, added Pam Dixon, executive director of the World Privacy Forum. But the Commerce Department has failed to enforce safe harbor requirements in privacy agreements with the European Union, Dixon said.
Safe harbor provisions would likely enforce existing data collection and tracking practices that privacy groups have protested, Chester added.
Some of the privacy advocates suggested the report's recommendation for a privacy bill of rights may be helpful. The report may also help push Congress to act on privacy legislation next year, the Future of Privacy Forum said.
"The report is a sophisticated effort to advance consumer privacy without thwarting innovation," the group said in a statement. "Although it sets a framework that will influence legislation, it creates an alternate path for a mode of government initiated self-regulation, with advocates at the table and the FTC providing enforcement. If businesses respond by seriously engaging in efforts to advance fair information practices, the U.S. has the chance to take back the international privacy leadership role it once had."
Other people praised the Commerce Department effort.
"For the past decade, the executive branch has lacked a visible leader on Internet privacy," Swire, now a law professor at Ohio State University, said in an e-mail. "The many changes in the Internet and commercial practices in the past decade mean it is high time to have this sort of leadership position."
The paper should put companies on notice that online privacy is important to the Obama administration, added Lisa Sotto, head of the privacy and information management practice at the Hunton & Williams law firm in New York.
"There has been a real hunger for rules of the road when it comes to domestic privacy issues, and this would put a road map in place," she said. "CEOs ought to sit up and take notice that privacy is a topic they can no longer relegate to the dusty basement."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.