Tuesday’s Senate Commerce Committee hearing on general privacy issues (archived webcast available here) was striking for the witnesses who testified – FTC Chairman Jon Leibowitz, FCC Chairman Julius Genachowski, and representatives from Apple, Google, Facebook, AT&T, and others. While industry witnesses didn’t labor on the potential perils of privacy regulation in their oral comments, their written testimony urged policymakers to consider the ramifications of stifling innovation before legislating. During the first panel of Leibowitz and Genachowski, the majority of questions went to the FTC Chairman who said to expect before the end of the year the release of the Commission’s recommendations on how to improve privacy protections following their privacy roundtable series. In prepared remarks Leibowitz admonished industry to speed up self-regulation or potentially face privacy legislation next year and noted that the FTC is again considering the implementation of an online “do not track” registry similar to the nation’s “do not call” registry.
During the second panel of industry leaders, privacy advocates and academics the company witnesses got some tough questions about their privacy practices. The question and answer session with this panel highlighted that there is a steep learning curve on technology issues for many Senators. Those who attended the hearing on Tuesday, Chairman John D. Rockefeller (D-WV), David Pryor (D-AR), John Kerry (D-MA), Byron Dorgan (D-ND), George LeMieux (R-FL), Mike Johanns (R-NE), John Thune (R-SD), Any Klobuchar (D-MN), Mark Begich (D-AK) and Claire McCaskill (D-MO), were enthusiastic about tackling the issues at hand. Their remarks across the board, however, point to the committee’s predilection to believe that consumers are threatened by current online collection and use of data. Chairman Rockefeller asked whether consumers can demand the same degree of anonymity on the Internet that they have in a shopping mall. Several noted that records about purchases are maintained by online retailers such as Amazon and eBay. Senator McCaskill called online targeted advertising “creepy” although she did note that we need to be careful “not to kill the golden goose.”
Beyond the alarmist rhetoric a few common themes emerged. Senators don’t like fine print disclosures. The idea of simplified notice, perhaps contained in a standardized box and provided when the consumer would most expect it, such as at the point of a transaction, was particularly attractive to both witnesses and Senators. Chairman Leibowitz said the focus should be providing choices to consumers that really matter. He also said that he believed opt in generally protects consumers better than opt out and that the collection and use of sensitive information must be opt in.
While it was agreed that education of consumers is always important and needs to be improved, there was some agreement that these efforts will only go so far. Professor Joe Turow from the University of Pennsylvania especially emphasized that increased levels of learning cannot solve all problems, saying that there is some point when the intricacies of the privacy protections are too complicated. Dr. Alma Whitten from Google, Inc. provided explanations of some of their current practices, such as the use of the Google dashboard so a user can access all their settings, applications, and other Google programs from one place. Mr. Bret Taylor from Facebook and Ms. Dorothy Atwood from AT&T also explained the minimal clicks to their current policies on the homepages of their website or devices.
It’s clear that these industry steps won’t be enough for some policymakers. Commerce Communications Subcommittee Chairman Kerry released a statement saying that he plans to craft a privacy bill with the hope of enacting legislation early next year.
Over in the House, Wednesday’s privacy hearing (archived webcast available here) in the Judiciary subcommittee on Crime, Terrorism and Homeland Security was less eventful but the legislative action was more heated.
At the hearing on Online Privacy, Social Networking and Crime Victimization, representatives from Facebook and Symantec testified along with the FBI and Secret Service and Marc Rotenberg of EPIC. The focus was on finding ways to lessen the threat of online crime for Internet users. During that hearing subcommittee members Representatives Zoe Lofgren and Bob Goodlatte demonstrated their understanding of the intricacies of online privacy. There were no calls for legislation from Judiciary members.
Their colleagues in the House Energy and Commerce Committee are hard at work on privacy bills however. Representative Rick Boucher (D-VA), who chairs the House Energy and Commerce Communications subcommittee, is reported to be revising his draft privacy bill based on the seventy sets of comments that he and his cosponsor, Representative Cliff Stearns (R-FL), received in June. Boucher said last week that he didn’t expect Congress would act on the issue this year but hoped it would be ready for action in the next Congress. Meanwhile, Commerce, Trade and Consumer Protection Chairman Bobby Rush (D-IL) is working to solicit input from industry and privacy advocates on HR 5777, “the Best Practices Act,” which I wrote about last week. People are advised to convey their comments and concerns about the HR 5777 quickly because Chairman Rush has said that he plans to move the bill through his subcommittee in September and the bill could pass the House before the end of the year.
We all better rest up in August.