CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Internet

Net industry reacts to FTC threat

In response to the FTC's report regarding online privacy, high-tech trade groups send President Clinton a letter asking for self-regulation.

In a last-ditch effort to counter the Federal Trade Commission's scathing report due tomorrow about the state of online privacy, high-tech trade groups representing more than 11,000 companies sent President Clinton a letter today asking for a final shot at self-regulation.

As reported by CNET NEWS.COM yesterday, the FTC will deliver a report to Congress tomorrow that slams the online industry for failing to protect consumers' privacy in gathering and using personally identifiable information.

Even more significantly, sources said, the agency will set a precedent by calling for regulations to ensure that Net sites don't collect and sell the personal information of minors without parental permission. Until now, the FTC has backed industry self-regulation.

The commission's three-year examination of electronic data collection practices, coupled with the Clinton administration's call for a plan by this July, sparked an aggressive move today by the computer and online industries to declare that self-regulation--not new laws--is the best path in protecting consumers.

Led by 12 trade groups, the firms submitted a nine-point privacy protection plan, which includes the creation of consumer recourse mechanisms, and promised to be in compliance by July 1, 1999.

"Our member companies are as committed to ensuring the same level of privacy for our customers online as in the traditional marketplace," the letter to the president states.

"We believe that privacy principles must be accompanied by alternative avenues for consumer recourse in the event that a company violates the guidelines they adopt," the letter continues. "Finally, it is our hope and expectation that our efforts will serve as a model for all organizations both in the United States and globally."

But today's plan may be too late. Regulators are ready to act.

In the wake of highly publicized privacy breaches by online giants such as America Online, the security of personally identifiable data has become a compelling international issue.

Privacy advocates say companies have exploited personal information in the "traditional marketplace," too.

"People are quite upset about personal information being collected about them from shopping cards or credit card companies and then sold to subscribers," said Dave Banisar, an attorney at the Electronic Privacy Information Center (EPIC). "There is a huge need in all sectors to protect privacy."

Consumers have expressed fears about sending credit card numbers, their names, Social Security numbers, medical files, and other demographic data over computer networks. Many also are worried about identity theft and other scams, as well as erroneous information appearing in their digital profiles.

For the most part, governments are pushing for better privacy protections to improve consumer confidence in electronic commerce, which is directly tied to its success.

The elements of the self-regulatory guidelines proposed today are as follows:

  • Choice: Let consumers opt out of data collection and inform them when their information will be shared with third parties.

  • Access and accuracy: Give people access to their digital profiles so corrections can be made when necessary.

  • Accountability and recourse: Set a clear mechanism that lets individuals seek recourse for violations of a stated privacy policy.

  • Notice: A policy for the collection, use, and disclosure of any personal data collected from people must be prominently posted.

  • Disclosure: Don't disclose data to third parties unless they have adopted practices to protect privacy.

  • Collection: Only harness and use personal data that is "appropriate and needed."

  • Security: Shield consumers' data from unauthorized parties.

  • Enforcement: Support strong enforcement of consumer protection laws.

    In addition, the plan calls for increased education of consumers and businesses about online privacy protection, as well as encouragement of widespread adoption.

    A "segmented" approach tailored to specific sectors such as health care, banking, retail, and consumer databases would be more effective "than a single policy that attempts to cover all situations," the plan states.

    "We have always said that if Internet commerce is to be profitable, users have to be comfortable with it," Ed Black, president of the Computer & Communications Industry Association, said in a statement. "That message is now getting through to a broad segment of our industry."

    A separate coalition made up of IBM, Hewlett Packard, Disney, and AT&T also has had a plan in the works since May, which suggests setting up the Better Business Bureau as a clearinghouse for consumers' privacy complaints and as the agency to resolve disputes between consumers and online sites.

    America Online and Microsoft also pledged not to collect private information from preteens without parental permission.

    Still, the FTC will report tomorrow that after examining 1,400 Web sites in March, it found that few had privacy policies or disclosed how personal information would be used.

    The FTC already has drawn guidelines for the collection of data from children. In a letter released last July, agency staff said sites must obtain parental permission before distributing private data about a child and that, before gathering the information, sites should clearly disclose to parents how it could be used.

    Violation of the guidelines could be deemed an unfair and deceptive practice, prompting the FTC to investigate, the agency staff letter stated. The letter didn't recommend enforcement at the time, but that could change this week.

    Although the White House prefers that the private sector regulate itself on privacy, White House senior adviser on Internet issues Ira Magaziner said in April that companies were falling short with the deadline looming for the July 1 report on the issue to Clinton.

    Moreover, consumer advocates have long argued that the Internet is becoming a place where personal information has to be bartered to receive goods and services. In many cases, privacy proponents say Web sites collect too much information--including names, email addresses, and profile information--which is used to better market products but is not protected and often is sold.

    Groups such as the Center for Media Education and EPIC argue that any voluntary programs must be backed up with the strong force of law to allow consumers a sure path for recourse.

    As a response to the booming information age, in which services and private data are exchanged at a rapid pace, EPIC and the Center for Democracy and Technology (CDT) also have called for the formation of a new federal privacy agency to oversee corporate and government data collection practices.

    "We'd like to see the FTC set up a greater legal framework around the collection and use of data," said Ari Schwartz, policy analyst for the CDT.

    The CDT welcomes any industry effort to guard privacy, but Schwartz added that "greater FTC and government involvement will still be needed even if self-regulation does move forward."

    The 12 associations behind the plan include the American Electronics Association; the Business Software Alliance, the Computer & Communications Industry Association, the Computer Systems Policy Project, the Consumer Electronics Manufacturers Association, the Electronic Industries Alliance, the Information Technology Association of America, the Information Technology Industry Council, the Multimedia Telecommunications Association, the Semiconductor Industry Association, the Software Publishers Association, and the Telecommunications Industry Association.