Little wonder that privacy has emerged as one of the thorniest issues for policymakers, said Peter Swire, the former privacy counselor to Clinton. The issues are complex, and they pit passionate public opinion against equally powerful business interests. "The strongest impetus for action and the strongest resistance to action have come together on the Internet privacy debate," he said.
Federal efforts to regulate privacy took off within the FTC in 1995, recalled a former staff member, David Medine, when "we realized the Internet collects a lot of information about people cheaply, efficiently and sometimes in unprecedented ways -- like what you looked at as opposed to what you bought, which in a store would never be collected." After working on with industry to develop self-regulation efforts, the FTC asked Congress last year to expand its legal authority to regulate privacy efforts when self-regulation fails.
That call for congressional action has gone unheeded. But several laws have already been passed in recent years in the areas of highest concern to voters. Financial institutions must now send out notices describing their privacy policies under the terms of the Gramm-Leach-Bliley Act of 1999, and new health care privacy regulations are coming into effect because of the Health Insurance Portability and Accountability Act of 1996. Privacy of children has been shored up because of restrictions on data collection under the Children's Online Privacy Protection Act of 1998.
These laws, however, leave some elements of privacy protected and others utterly exposed. Privacy advocates see the job of filling in the holes as their challenge; business sees it as a threat.
At least 50 privacy-related bills are awaiting consideration this year, many of them new versions of bills introduced in the last session of Congress. No matter how varied the legislation, proposals generally come down to a few crucial requirements and distinctions. Most require that consumers get notice of the ways that companies collect data and the use that the companies will put that information to, and they require that companies give consumers the ability to say no to such collection.
Laws will emerge
Marc Rotenberg, the executive director of the Electronic Privacy Information Center in Washington, said that one way or another, new privacy laws will emerge. "I don't think that Armey and the Republicans and the army of lobbyists that surround our president can make this issue go away," he said. Rotenberg suggested that the crisis-to-crisis collage of laws should be reshaped into "a legal framework that sets out how these technologies are used."
The FTC's Thompson, sensing the troubles to come, issued a warning earlier this year to executives at a high-technology conference in New York City: without the legal protection that comes with regulatory structure, he said, horror stories will accumulate and damage will be done and "your stock valuation will continue to sink into the sunset." The companies, he said, will have to prove to consumers that giving up privacy is a trade -- something companies can prove will repay them in convenience and services, without the nasty surprises of seeing the information leak out into the broader world.
RSS