The Course of Internet Privacy Legislation Is Tough to Follow

For a tumultuous trip, you could head for your nearest roller coaster this summer.

For a tumultuous trip, you could head for your nearest roller coaster this summer. Or, you could follow the twisted course of Internet privacy legislation, which has had plenty of bumps and turns over the past few months. And the legislative track shows no signs of leveling anytime soon. Heres a quick summation of the action:

Flash back to the early weeks of 2001, when privacy legislation appeared to have momentum. Industry groups began to cite the need for law in addition to self-regulation. In January, AeA (American Electronics Association; urged Congress to quickly pass Internet privacy legislation, noting that 3,000 member companies would support a law. The Computing Technology Industry Association, meanwhile, published a set of principles for a national online-privacy policy.

The industry even seemed to gravitate toward a particular legislative package: Sen. John McCains (R-Ariz.) Consumer Internet Privacy Enhancement Act and its House complement (H.R. 237).

But by spring, the privacy movement began to slow. As it happened, industry groups such as the Information Technology Association of America werent quite ready to embrace legislation over self-regulation. Congress lost some of its ardor, as well, taking a more deliberative approach to privacy law.

The latest online-privacy bump stems from Sen. James Jeffords (Ind.-Vt.) decision to leave the Republican Party. The resulting shift in Senate leadership has landed new players in committee assignments and created a new legislative agenda.

The key change from the privacy perspective: Sen. Fritz Hollings (D-S.C.) now chairs the Senates Commerce, Science and Transportation Committee, replacing McCain. Hollings plans to introduce—as early as this month—a privacy bill similar to one he floated last year (S.2606). In a key departure from other bills, Hollings legislation will contain an "opt-in" provision, according to a committee spokeswoman. McCains bill and others support "opt-out."

Opt-in requires Web sites to ask for consumers "affirmative consent" for the use and disclosure of personal information. In opt-out, businesses assume consumers consent unless they indicate otherwise—by un-checking a box that lets a Web site disclose data, for example. Consumer advocates favor opt-in, contending that opt-out places the burden of privacy protection on the consumer.

Some of those tracking the political undulations have paused to catch their breath.

"Right now were currently reevaluating our position, the current makeup of the Senate, and the prospects for legislation this session," says Tom Santaniello, public policy manager at CompTIA.

Industry has a few options: Go on the defensive and attempt to block any form of privacy legislation, work with moderate legislators on a compromise between the Hollings and McCain bills, or stay on the sidelines until the situation stabilizes.

Warren Egnal, who advises high-tech clients on privacy as senior VP of Porter Novelli Convergence Group, suggests another tack: Treat privacy policy as "an opportunity rather than a burden." Egnal says companies that exceed customer expectations in addressing privacy concerns will enhance their brand image in the process. "Take the offensive rather than the defensive," he says.

And hold on to your hats.