Comprehensive legislation to protect consumers’ privacy is closer to becoming a reality in the U.S. Congress than it’s been in several years, officials with the Center for Democracy and Technology said Tuesday.
Interest in passing a comprehensive privacy bill seems to be higher in Congress than it has been in at least six years, said Leslie Harris, CDT’s president and CEO. Although a bill has yet to be introduced, several lawmakers have expressed interest in legislation that would be the first major privacy update since 1974.
Representative Rick Boucher, a Virginia Democrat and chairman of the communications subcommittee of the House Energy and Commerce Committee, has talked about drafting privacy legislation, and Congress enacted health privacy provisions in a huge economic stimulus bill passed earlier this year, Harris noted. At the same time, members of Congress have been drawn into a debate about the privacy implications of behavioral advertising, with ads delivered based on tracking of consumers’ Web surfing habits.
“We have an opening here for the first time to get a bill on privacy,” Harris said at a media briefing. “I think that [the stimulus bill] bodes well for the possibility that the privacy logjam is being broken.”
CDT has pushed for comprehensive privacy legislation for about a decade, and in recent years, several technology companies, including Microsoft, Google, Intel and eBay, have joined the cause. But while privacy bills have been introduced in Congress in recent years, they’ve failed to move forward.
Some online companies have called on Congress to let private industry come up with self-regulatory principles to govern online privacy.
In mid-June, Anne Toth, Yahoo’s vice president of policy and head of privacy, told a House committee that self-regulation is working in the online advertising industry.
“Market forces drive companies like Yahoo to bring privacy innovations to our customers quickly,” Toth said in a written statement. “As one company leads, many others follow or leapfrog by innovating in other ways. Self regulation then raises the bar to bring the rest of industry along with commitments in the areas of notice, choice, security, and enforcement.”
The Network Advertising Initiative, a cooperative of online marketing and analytics companies, has had online principles in place since 2000 and updated its privacy principles in December, Charles Curran, NAI’s executive director, told lawmakers in mid-June.
In February, the U.S. Federal Trade Commission released a report calling for stronger self-regulatory efforts for online advertisers. “Industry needs to do a better job of meaningful, rigorous self-regulation or it will certainly invite legislation by Congress and a more regulatory approach by our commission,” FTC Chairman Jon Leibowitz said then.
While some online advertising groups are just recently revising their own codes of conduct, self-regulatory approaches have generally been weak, said Ari Schwartz, CDT’s vice president and chief operating officer. Advocates of self-regulation have suggested it would move faster than legislation, but self-regulation has been slow to develop, he said.
“There has not been the kind of action that we’ve expected as the technology has changed, as the industry has changed,” Schwartz said.
CDT would like to see a privacy bill that makes collection of consumer data transparent, that allows consumers to have strong controls over the use of their private information, that allows consumers to see what data is being collected and that includes penalties for the breach of personal data. CDT, a digital rights and privacy advocacy group, also wants Congress to give the FTC and state attorneys general the power to bring enforcement actions against companies that violate privacy laws, and it wants to give private citizens the power to file lawsuits against companies that have abused their private data.
Several groups have opposed CDT’s call for privacy lawsuits to be allowed.