FTC: Self-regulation won't cut it
Edging away from Net industry self-regulation, the FTC's chairman says new laws may be needed for protecting personal data online.
"While some industry players may form and join self-regulatory programs, many may not," Pitofsky said in testimony before the House Commerce Committee's subcommittee on telecommunications.
"This would result in a lack of the uniform privacy protections that the commission believes are necessary to allow electronic commerce to flourish," he continued.
Robert Pitofsky |
Just today, the Online Privacy Alliance--a group of 50-plus companies that includes America Online and Microsoft--unveiled its enforcement plan to protect consumer privacy on the Internet. The plan already has been called "weak" by privacy advocates.
Under respective commands by Congress and the White House, the FTC and Commerce Department have been knee-deep in debates over online privacy concerns. The agencies are charged with assessing data collection practices on the Net and determining whether industry self-regulation is working. The goal is to ensure that consumers are given proper notice and choice regarding the data they forfeit to Web sites, often in exchange for goods and services.
More coverage on CNET Radio |
Last month, the FTC said voluntary efforts weren't adequately protecting personal information on the Net. It then asked Congress for new laws to prohibit collecting sensitive data from preteens without parental permission.
"We believe that this model would bolster ongoing self-regulatory initiatives, encourage others to undertake such initiatives, and provide statutory standards that would govern businesses that do not participate in self-regulatory programs," Pitofsky's said in testimony today.
The FTC's model legislation lays out online privacy protections and would provide a safe harbor for industries that establish government-approved policies and enforcement measures.
Under the proposal, commercial Web sites that collect personal, identifying information from consumers would have to comply with four fair information practices:
"The recommended standards pertaining to children would empower parents to make choices about when and how their children's information is collected and used on the Web," the proposal continues. "They would require commercial Web sites that collect personal identifying information from children 12 and under to provide actual notice to the parent and obtain parental consent."
The legislative model would provide a safe harbor from any enforcement actions under the statute if companies complied with these guidelines. Violation of the statue would give regulators (most likely the FTC) authority to bring action against sites.
"The commission recommends that the implementing agency be given the authority to review and certify industry guidelines as meeting the statute's standards after public notice and comment," the proposal states.