Dueling Democratic Privacy Bills Differ on ‘Do-Not-Track’
House Democrats may be headed for a split on Internet privacy issues. Two lawmakers offered bills that differ over tracking mechanisms. Rep. Bobby Rush, D-Ill., who was chairman of the former House Consumer Protection Subcommittee, reintroduced his bill setting up an opt-in system for data disclosure to third parties and safe harbors for companies participating in a self-regulatory opt-out system. Rep. Jackie Speier, D-Calif., introduced two privacy bills Friday to protect consumers from tracking and put them in control of their financial information.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Rush’s office said the bill offers a “do-not-track like” mechanism through the safe harbor program to be run by the FTC. But at a news conference Speier warned against bills that provide “nothing more than a fig leaf” for privacy and deny “real protections” to consumers.
Rush’s Best Practices Act (HR-611) requires companies to disclose their data collection and use practices in notices that consumers can easily understand and are screened by the FTC. Companies would need opt-in consent to disclose consumer data to third parties, but could skirt that requirement and qualify for safe harbors under a “choice program,” a self-regulatory opt-out program run by a group approved and monitored by the FTC. It provides an exception for data used for an “operational purpose,” but excludes from that definition data use for marketing, advertising or any purpose that consumers “reasonably under the circumstances would not expect” their information to be put to. HR-611 would require companies to give consumers “reasonable access” to some information about themselves and the opportunity to correct it, and would limit retention to the time that data are needed for a legitimate business or law enforcement purpose.
Rush said he heard from an “unusually large and perhaps unprecedented” number of consumer and privacy groups, businesses and advertisers before reintroducing his bill. HR-611 tries to walk a tightrope between “both sides of the supply and demand equation,” said a statement from Rush’s office Friday positioning the bill as both protective of privacy and attuned to business needs. “I do not oppose Do-Not-Track,” he said. To qualify for the FTC safe harbor provision, companies would have to set up a “do-not-track like” mechanism, Rush said. “Companies will have the incentive under my bill to agree to do these things,” as well as to “experiment with new business models” and test the market for privacy protection tools, he said.
Do-not-track legislation by Speier would direct the FTC to develop standards for and enforce a mechanism allowing consumers to opt out of the collection, use or sale of information about their online activities. State attorneys general could enforce the rules under the bill by bringing civil action in U.S. district courts. A separate bill based on legislation that Speier got passed in California would prevent financial institutions from sharing customers’ personal information without offering an opportunity to opt out, and would prevent unaffiliated third parties from sharing without asking consumers to opt in. The bills were endorsed by several public interest groups, including Consumers Union, the Consumer Federation of America and U.S. PIRG.
Speier said at the news conference she has not yet discussed privacy with the offices of other House members who have bills, including Rush and Rep. Cliff Stearns, R-Fla. But the talks will come, she said. Speier cautioned that, though she hasn’t seen the other bills, not all privacy legislation is serious. “I am a veteran of many wars on privacy, and there are oftentimes measures introduced in an effort to sideline the real protection for consumers, and really provide nothing more than a fig leaf,” she said. Moving Speier’s bills through Congress will be “a process, and it’s one that’s going to require us to be vigilant that the consumers’ interests are actually promoted here,” she said. The first step was to introduce the bills and “draw attention to the measures,” Speier said.
Speier said she doesn’t have faith in industry efforts alone to protect consumers’ privacy. “Oftentimes, the emperor has no clothes.” Browser-specific do-not-track mechanisms aren’t good enough, because the choice to opt out needs to be “uniform” across the Internet, “simple” and “upfront,” she said. Advertiser participation is voluntary in Mozilla’s tool, for example, she said. “We want to have something that is first and foremost enforceable."
"The industry realizes that they were caught somewhat with their pants down, and the result is that they're scurrying now to put the best face forward,” Speier said. She’s “happy to work with them,” but “we're not going to accept a non-consumer-focused opt out.” Privacy legislation in California didn’t hurt companies’ businesses, Speier said. And many consumers will choose not to opt out of tracking, she said.
Do-not-track legislation could kill advertising, said Berin Szoka, president of TechFreedom. “Just as consumers need to be empowered to make effective privacy choices, so too must publishers of ad-supported websites be able to make explicit today’s implicit quid pro quo: Users who opt-out of tracking might have to see more ads, pay for content and so on.” Industry is already working to address the problem, he said. “It is the Internet’s existing standards-setting bodies, not Congress or the FTC, that have the expertise to resolve such differences and make a ‘Do Not Track’ mechanism work for both consumers and publishers, as well as advertisers and ad networks.”