Pondering Privacy

Industry and privacy groups spar over online security and data access.

Barely out of the gate, members of the 107th Congress are racing to address the question of online privacy, and, already, a half-dozen bills have been introduced.

Meanwhile, privacy and consumer groups have joined to inject provisions on security, access rights and liability, and the industry is establishing its own platform to ward off burdensome federal mandates.

Recognizing that they cannot stop the growing momentum for federal privacy action, industry representatives said they are pressing for a nationwide policy that minimizes costs to fledgling online commerce. Common ground has been established on the need for some kind of notice and consumer choice regulations—for example, the ability to opt in or out of information disclosure—but questions remain: How much notice, and how much access?

AeA, previously called the American Electronics Association, stands behind notifying Internet users about a Web sites information practices at the time data is collected and letting users know the type of information collected, how it will be used and whether it will be transferred to unrelated third parties. The industry advocate also supports giving consumers a chance to opt out of disclosing personal identifiable information for purposes unrelated to the original aim of gathering it.

"Consumers ought to have some knowledge of what information is collected," said John Palafoutas, senior vice president for domestic policy at AeA, in Washington. "The question is, what does it mean to have access? How much money is a company supposed to spend to provide it?"

Access to all information on file and the ability to correct it and limit its use are pillars of the privacy advocates agenda. The Electronic Privacy Information Center and a panoply of consumer interest groups wrote to President George W. Bush, members of Congress, state executives and regulators pressing for early action on the matter.

"We need to view our personal information as our property," said Chris Hoofnagle, an attorney with EPIC, in Washington. "One of the principal reasons is to ensure information is accurate. Inaccurate information can be very damaging."

Similarly, consumer advocates and industry representatives will spar over the recourse available to Internet users whose privacy rights are violated. Today, the Federal Trade Commission oversees online privacy, which AeA officials consider adequate.

"Right now there is a huge enforcement apparatus available at the FTC," Palafoutas said, adding that AeA opposes the creation of rights of legal action. "Quite frankly, everybody and their mother suing a Web site is going to crush the Internet."

But EPIC and its allies on the issue said the FTC does not have adequate resources to protect Internet users, and it is more efficient for individuals to protect their own rights.

AeA and EPIC will likely continue to plead their cases in the coming months on Capitol Hill, where lawmakers said they will strive to protect both the privacy rights of their constituents and the commercial interests of the still-developing Internet business arena.