The days of Net industry self-regulation could be numbered, as the deadline for a European directive ensuring individuals' privacy online approaches.
During the two-day conference, slated to start May 13, new media companies will report on the status of self-regulatory efforts to protect online consumers' private information such as names, addresses, and phone numbers, which is collected by various Net sites.
The Federal Trade Commission has held similar workshops over the past two years exploring the proliferation of electronic databases and Net services that harness users' personally identifiable information--from Social Security numbers to income figures.
During the FTC's probes, privacy advocates pointed to numerous abuses by data collectors such as online services that sold information to third parties without permission; databases that contained wrong and damaging details about people; and the existence of Web sites that procured data from children without their parents' knowledge.
The FTC never recommended to Congress that new laws be passed to address online privacy concerns, however--an attitude that is appreciated by the industry.
But now the White House is under the gun to comply with a European Union privacy directive that goes into effect in October. EU members are expected to prohibit the transfer of personal data to countries that don't comply with its strict privacy rules, which include disclosing how the data will be used and giving people access to their data so they can make changes or object to it being used at all.
The directive applies to everything from hospitals that transmit medical records over private networks to all Web sites--most of which are based in the United States. Clinton officials are working on a compromise to ensure that domestic e-commerce and Net sites are not cut off from the European Union in the fall.
For the online industry, the privacy issue will serve as a litmus test. If self-regulation doesn't work on privacy, it will be hard to make a case against other Net regulation efforts.
"We have been provided a small window of opportunity. If we don't self-govern ourselves on the privacy issue, we were essentially told that regulation will be forthcoming," said Brian O'Shaughnessy, directory of public policy for the Interactive Services Association. The ISA represents about 300 Net and online service providers.
The Clinton administration has been preaching an industry self-regulatory approach for the Net and electronic commerce. The May conference will address where voluntary guidelines are working, and where they are not. Safeguarding children's data will be a top priority. But to ensure robust participation in e-commerce, the administration will be searching for ways to boost consumers' confidence in the security of personal and payment information they ship over the Net.
But well-known Net companies that belong to trade groups don't represent every site on the Net. Privacy groups argue that a federal law is the only thing that will guarantee that consumers' personal information will not be abused by marketing companies or scam artists.
The ISA, which is helping to set up the conference, acknowledged the challenge. "We're trying to reach out to groups that are not a part of ISA," O'Shaughnessy added. "If we can get 80 percent of the ISP marketplace to agree to certain guidelines, that would be a really important tool for the administration to use when they go back to the Europeans."
Electronic data collectors already have been racing to show the government that they are on top of the issue. In December, for example, 14 leading collectors of personal consumer data promised to limit the dissemination of some information, such as Social Security numbers.
However, there are still numerous services on the Net that hand out Social Security numbers and past employment data for a fee. And some online credit report services have suffered technical glitches, in which paying consumers received other individuals' reports by accident.