Privacy & Cybersecurity Law Blog

On December 2, 2010, discussions about privacy continued at a hearing on “Do Not Track Legislation: Is Now the Right Time?” held by the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Commerce, Trade and Consumer Protection.  The hearing focused on a variety of consumer privacy issues, including the implications and challenges of a Do Not Track mechanism, the consumer’s desire for more control over the collection and use of their data and tracking practices, and the need to preserve an advertising supported Internet that promotes economic growth through online business.

David Vladeck, Director of the FTC’s Division of Consumer Protection, and Danny Weitzner, Associate Administrator for the Office of Policy Analysis and Development in the Department of Commerce’s National Telecommunications and Information Administration, testified before the Subcommittee.  Their remarks were followed by a panel of privacy and consumer advocates and business representatives.

In his testimony, Vladeck reviewed the findings of the FTC report and discussed the viability of a Do Not Call mechanism to grant consumers broad and granular control over tracking.  He emphasized that a Do Not Track mechanism could take several forms and left open the possibility of an industry-administrated program that would need to be enforced by the appropriate law enforcement agency.  According to Vladeck, a Do Not Track mechanism is feasible and enforceable and reflects what consumers want.  Meanwhile, he indicated that the pace of industry self-regulation has been too slow and industry efforts insufficient.

Danny Weitzner’s testimony explored broader themes.  Weitzner emphasized the economic, social and political changes brought about by the Internet, and the privacy concerns that accompany them.  He outlined the principles guiding the Internet Policy Task Force’s review of commercial data privacy:

• Preserving consumer trust is essential to the sustainability and continued growth of the digital economy.
• Commercial data privacy implicates a broad array of interests, and the government needs a policy development process that incorporates input from relevant stakeholders.
• Commercial data privacy mechanisms must respond to the evolution of networked technologies.

Weitzner addressed the Commerce Department’s review of four key public policy and operational challenges facing the Internet: (1) enhancing commercial data privacy; (2) ensuring cybersecurity in the commercial context; (3) protecting copyrights; and (4) ensuring the global free-flow of information.  He referred to the work on privacy as the Internet Policy Task Force’s “first order of business,” and highlighted the Internet Policy Task Force’s extensive outreach efforts and the clear need to strengthen the U.S. framework for commercial data privacy.

Weitzner indicated that the Department of Commerce will publish a “Green Paper” that proposes a series of policy recommendations and related questions.  The paper sets forth Commerce’s findings and proposals, which include the following:

• First, Internet stakeholders believe consumers should be provided a privacy baseline for the handling of their consumer information that offers transparent disclosure of information practices and is based on widely-accepted Fair Information Practice Principles (“FIPPs”).
• Second, government will not have all the answers to privacy.  A multi-stakeholder strategy involving industry, consumer groups and civil society is needed to put FIPPs into practice in the U.S.
• Third, the centerpiece of Internet privacy protection may involve upgrading the role of “voluntary, but enforceable codes of conduct, developed through open, inclusive processes,” by which companies implement FIPPs.
• Finally, the U.S. must commit to working collaboratively in multilateral organizations toward global interoperability through global privacy standards and principles.

Regarding the Do Not Track mechanism, Weitzner indicated that the Department of Commerce generally supports this kind of “consumer empowerment” that “maximizes individual choice and individual control of access to information.”  A Do Not Track mechanism would require two components: (1) a technical measure that enables the user to choose whether or not to be tracked or profiled, and (2) an understanding between Internet users and web tracking services regarding the types of behavior those services would avoid.  Weitzner suggests that even with the enactment of Do Not Track legislation, significant challenges will face the online industry, consumer advocates, regulators and policy makers.

According to Weitzner, the Green Paper would be released soon – “in weeks rather than months.”