Senate panel spars over Internet privacy
By Patrick Thibodeau
WASHINGTON (IDG) -- A bipartisan group of U.S. senators in the Commerce, Science and Transportation Committee Wednesday renewed calls for laws to protect consumer privacy on the Internet, although they sharply disagreed on whether businesses should be required to seek consent, or "opt-in," from users before collecting and sharing personal information.
Committee Chairman Ernest Hollings (D-S.C.), who has championed legislation favoring the opt-in approach, which is widely opposed by industry as too restrictive, said he would try "to get a consensus bill" out of three separate online privacy bills the committee is expected to consider.
Hollings' approach is opposite to that of former Chairman John McCain (R-Ariz.). McCain backs an "opt-out" approach, which would allow personal information to be used unless otherwise indicated. Nonetheless, McCain acknowledged that action was needed.
Networked technology "makes it much easier for business to track and to trade information about consumers' transactions, whereabouts and preferences," he said. "For all the benefits that customers derive from customized services, surveys continue to show that Americans are concerned and should be concerned about their online privacy."
"I remain convinced that a federal law is needed," said McCain, who recently lost his post as committee chairman when the Democrats gained the Senate majority. McCain and Sen. John Kerry (D-Mass.) co-sponsored privacy legislation last year and plan to introduce a revised bill in this session.
Other key areas of disagreement that must be overcome before any online privacy legislation is adopted include the following:
The ability to sue, or "private right of action." For instance, Hollings supports giving consumers the ability to sue businesses that violate privacy rules as a means of ensuring that businesses comply with the law. Opponents have said such a right will spark frivolous class-action lawsuits.
Online vs. off-line rules: If Congress requires online merchants to seek opt-in or "opt-out" choices from users, should it also impose the same rules on transactions that don't occur online? Paul Misener, vice president in charge of public policy at Seattle-based Amazon.com Inc., called for "parity" with off-line businesses. "It makes little sense to treat information collected online differently from the same -- and often far more sensitive -- information collected through other media, such as off-line credit card transactions [and] mail-in warranty registration cards," he said.
Federal preemption of state laws: Unless Congress specifically acts to preempt state law, the states are free to adopt tougher privacy rules. The prospect of complying to different state standards, a risk that financial services now face under the Gramm-Leach-Bliley financial modernization law of 1999, which didn't preempt state law, is something that many businesses said they fear (see story).
Sen. Ron Wyden (D-Ore.), who co-sponsored a privacy bill with Sen. Conrad Burns (R-Mont.), said federal preemption is the key issue in privacy legislation, adding that if businesses want it, they're going to have to be willing to back a federal law.
Do businesses "want one standard to govern the privacy rules in this country or do they want 50?" asked Wyden. "If they want some measure of preemption, they have got to support a bill with some meaningful privacy protection."
Committee members also expressed strong reservations about the ability of companies to track consumers. "I don't like it," said Sen. John Rockefeller (D-W.Va.). "And it holds out to me the possibility of being watched. ... I consider this mildly dangerous."
An opt-in standard could increase business costs, warned Fred Cate, a law professor at Indiana University School of Law in Bloomington. Yet it's unlikely to increase privacy protection, he added, because consumers asked to opt in prior to receiving a service are likely to do so to avoid the annoyance of being asked again.
But Marc Rotenberg, who heads the Electronic Privacy Information Center, a Washington-based organization that supports stricter privacy rules for the Web, called for opt-in provisions and said few privacy policies make any meaningful attempt to limit the use or disclosure of information.
|Back to the top|