U.S. Web users are increasingly asking for tougher online privacy protections, even as they give more and more of their personal data to websites, and Internet-based companies are asking for certainty about privacy rules from U.S. regulators even as they also ask for flexibility to create new products, a U.S. official said Monday.
There are several challenges and paradoxes to deal with as U.S. lawmakers and agencies examine ways to strengthen online privacy laws, said Daniel Weitzner, associate administrator in the Office of Policy Analysis and Development at the U.S. National Telecommunications and Information Administration (NTIA).
The U.S. has "robust" privacy rules for some industries, but there's a growing call for baseline privacy rules, Weitzner said during an online privacy forum sponsored by the Information Technology and Innovation Foundation and the Technology Policy Institute (TPI), two Washington, D.C., think tanks. The NTIA and its parent agency, the U.S. Department of Commerce, began considering the policy options for online privacy about a year ago, but they haven't issued a formal position on whether additional rules are needed.
There's little agreement over what new privacy rules should look like, however, Weitzner said. There are examples of older privacy laws that have worked, including the Fair Credit Reporting Act, which encourages consumers to share their data but protects them from misuse, he said.
Other speakers questioned the need for tougher rules. There have been few studies about the potential impact that new privacy rules would have on the online advertising market, particularly behavioral advertising, said Thomas Lenard, president of TPI, a think tank favoring free market approaches.
Behavioral advertising, which targets Web users based on their surfing history, can bring in more money for online news and other sites than untargeted ads, Lenard said.
"We really need a lot more information before we're going to be able to come to an informed judgment," he said. "Right now, we're operating pretty much in an empirical vacuum."
Many people worried about online privacy also misunderstand how it is collected and used, Lenard added. In many cases, humans never see the personal data collected by websites or advertising networks, he said. "To [the] extent that information is known, it's known by computers and not individuals," he said.
Representatives of Facebook and Time Warner Cable suggested that reputable companies are working hard to protect their customers' privacy. The government should allow online companies to innovate with privacy services without second-guessing every move, said Tim Sparapani, Facebook's director of public policy.
Online privacy tools are still in their infancy, he said. "It should not be the case, when companies try to innovate and build a new privacy tool that's never been dreamt up, that the first thing the government does is jump on you and say, 'You didn't get it exactly right,'" Sparapani said.
In addition, consumers are demanding mobile Web access, and Web content is moving toward more personalization, with websites pushing forward information targeted at the specific reader, he added. Governments can't create rigid privacy rules in that environment, he said.
"Companies, which are trying to get flexibility to meet these demands, may not be able to impose one [privacy] system that is universally acceptable to all of their users," Sparapani said. "I think that means that we're going to have to teach consumers to take advantage of the innovation that's occurring in privacy tool-building."
Others at the forum called for new privacy regulations. The government should allow companies to create innovative privacy tools, but there will be abuses by some companies that cause the need for "enforceable rules of the road," said Michael Calabrese, a senior fellow at the New America Foundation.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.