The Subcommittee on Commerce, Manufacturing, and Trade and the Subcommittee on Communications and Technology held a joint hearing on Thursday, July 14, 2011 on “Internet Privacy: The Views of the FTC, the FCC, and NTIA.”
In her opening statement, Subcommittee Chairman Mary Bono Mack (R-CA) noted that:
“… as consumers, we willingly dole out this personally identifiable information online – literally bit by bit. This information is then compiled and collated by computers to produce personal profiles used in online behavioral marketing and advertising. This data mining helps to pay the freight for all of the information that we get for free on the Internet. … First and foremost, greater transparency is needed to empower consumers. While it’s still unclear to me whether government regulations are really needed, providing consumers with more transparency is the first step in better protecting Americans.”
In his opening statement, Representative Henry Waxman (D-CA) noted that self-regulation may not be the best way to protect consumer’s online privacy. He cited a recent report by Stanford researcher Jonathan Mayer “Tracking the Trackers” which found that eight members of the self-regulatory group Network Advertising Initiative (NAI) had left cookies in place even after having promised users who chose to opt out to stop tracking them.
What could be the role of the Federal Communications Commission?
Chairman Greg Walden (R-Ore) noted that:
“[t]oday’s regime is neither competitively nor technologically neutral. [While] Section 222 of the Communications Act gives the Federal Communications Commission broad authority to implement privacy protections for consumers of wireline and wireless telephone services…[and]specifically calls out location-based services for regulation, [it]…applies that regulation only to carriers and not providers of devices, operating systems, or applications. Other parts of the Communications Act give the Commission authority over cable operators and satellite television providers under a “prior consent” framework. In stark contrast, there are few if any communications privacy regulations governing web-based companies, even those that can access a user’s search queries, emails, voice and video online conversations, web browser, and even operating systems…. Why should a wireless provider that transmits data to and from a smartphone be subject to federal oversight, but not an operating system provider that has access to the exact same data?”
Chairman Julius Genachowski of the Federal Communications Commission (FCC) testified that one of the FCC’s National Broadband Plan findings was that “[p]rivacy concerns are a barrier to broadband adoption.” He added that “[i]t is clear we need to strike a balance – ensuring that personal information and consumer choice is protected, and at the same time ensuring a climate that encourages new investment and new innovations that will create jobs and improve our quality of life.”
The FCC has, “[t]hrough … rulemakings and enforcement … addressed difficult issues such as when opt-in and opt-out notifications are appropriate, minimum notice standards, data sharing rules, reasonable data security measures, and notification to law enforcement and consumers in the event of data breaches.
What could be the role of the Federal Trade Commission?
Commissioner Edith Ramirez of the Federal Trade Commission (FCC) stated in her prepared testimony that “the Commission continues to encourage Congress to enact data security legislation that would (1) impose data security standards on companies, and (2) require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach,” referring to a prepared statement of the FCC of its testimony on data security before the Subcommittee on commerce, manufacturing, and trade, June 15, 2011.
Also, the FTC “enforces the FTC Act and several other laws that require companies to maintain reasonable safeguards for the consumer data they maintain” and “enforces the FCRA, which… prescribes that companies only sell sensitive consumer report information for “permissible purposes,” and not for general marketing purposes.” The FTC is also “active in ensuring that companies engaged in social networking adhere to any promises to keep consumers’ information private,” citing a March 2011 consent order resolving allegations that Twitter deceived its customers by failing to honor their choices after offering the opportunity to designate certain “tweets” as private.
The FTC “has sought to protect consumers from deceptive practices in the behavioral advertising area”, for instance, when it settled with Chitika Ad Network over a deceptive opt-out mechanism. The FTC also “sought to ensure that data brokers respect consumers’ choices,” for instance when it announced a final order against data broker US Search, that maintained an online service, allowing users to search for information about others.
What could be the role of the National Telecommunication and Information Administration?
The NTIA “has recommended legislation with three main characteristics. First, it should establish baseline consumer data privacy protections that would apply in commercial contexts. … Second, we have recommended that legislation provides appropriate incentives for stakeholders in the private sector to develop and adopt enforceable codes of conduct through a multi-stakeholder process…. Third, the Administration supports legislation that strengthens the FTC’s consumer data privacy enforcement authority.”
More, including the hearing webcast, here.