LOS ANGELES--Time is running out for privacy self-regulation on the Internet if private-sector efforts don't show results soon, a key privacy advocate warned at Internet World.
"We are in a final two-minute drill, because this is becoming such a big issue," said Lori Fena, founder of the Electronic Frontier Foundation and cofounder of a leading private-sector privacy initiative. "It is also ripe for legislation. All of a sudden, if somebody raises their hand and says there should be a law, it will be like someone lit a match."
But America Online's general counsel, speaking at the same event, said he is more optimistic about whether self-regulation on privacy will work, and he thinks Washington policy-makers will give the private sector more time if it is needed.
"We do have to have some answers [in how self-regulation would work], but we don't necessarily have to have implementation," said George Vradenburg, an AOL senior vice president.
AOL is working with a task force in Washington that includes privacy advocacy group Center for Democracy and Technology and the Interactive Services Association (ISA), a trade group for the online industry.
"If [self-regulation] doesn't shape up, there's going to be a lot of people looking into the industry," Vradenburg said, indicating that public attention may push the industry to act faster and in ways it hasn't so far.
Vradenburg and Fena's comments, made at a sparsely attended "privacy summit" at the trade show, come as several government agencies approach a July 1 deadline for reporting to the White House on the progress of industry efforts for self-regulation on a variety of Internet issues, a central theme of Clinton's Framework on Global Electronic Commerce.
In addition, the FTC is planning new privacy workshops, similar to ones held last June, which most likely will be held in April and June.
Later this year, pressure from Europe also will mount. In October, the European Union puts in place rules requiring privacy guarantees. If the Europeans aren't convinced that online privacy protections in the United States are strong enough, European companies won't be able to sell or buy certain kinds of personal data from U.S. firms.
That would affect AOL, Vradenburg noted, which operates Europe's largest online service but sends individuals' data back to the United States for processing.
But Jason Catlett, chief executive of Junkbusters--a Web site that offers software so Web users can remove "cookies" commonly used to track individuals--thinks legislation is necessary. He said more than 80 online privacy bills are pending in Congress.
Protecting children's privacy on the Net is considered the most likely area for legislation or government regulations, but other areas include medical records, financial data, and online access and cross-referencing of databases of personal information about individuals.
Susan Scott, executive of TRUSTe, which is promoting a logo to indicate Web sites have posted privacy policies that can be audited, said that about 80 Web sites have signed up for the program so far. But she said TRUSTe's board is actively approaching chief executives of the top 100 Web sites about signing up for the program.
She also said that the Internet Content Coalition, a trade group for Web content sites, is close to endorsing TRUSTe. She said she has commitments from Warner Brothers, Sony, the New York Times, ZD Net, and CNET: The Computer Network (publisher of NEWS.COM) to post privacy policies and join TRUSTe.
Similar discussions are also under way with ISA, and Scott thinks those may give an impetus to her group's efforts.
In recent public settings, Fena said, Clinton e-commerce adviser Ira Magaziner has signaled self-regulation advocates that the window of opportunity for private-sector initiatives instead of federal ones is closing rapidly.
"[Self-regulation efforts to date] are certainly not enough to sway the decision," Fena said.