X

Put up or shut up on privacy

The chance to avoid federal legislation on privacy guarantees is rapidly disappearing, as advocates of self-regulation come under pressure to deliver what they promised last year.

3 min read
The chance to avoid federal legislation on privacy guarantees is rapidly disappearing, as advocates of self-regulation come under pressure to deliver what they promised last year.

The most visible sign surfaced less than two weeks ago. Speaking at a privacy conference on February 18, former Federal Trade Commission official Christine Varney said she thinks self-regulation won't be enough.

"We have this view in the Clinton administration we're not going to regulate electronic commerce. I'm not sure it's going to work," she said.

Her comments were such a notable reversal that some let-the-private-sector-act advocates thought she was misquoted. Varney last year more or less personally staved off Congressional calls for government regulation of privacy on the Net by holding FTC privacy workshops. The hearings and workshops gave the Internet industry the pulpit from which to boost self-regulation by offering its own privacy initiatives.

Varney's repositioning follows only weeks after America Online's incredibly stupid act of disclosing to Navy investigators that a sailor was gay. That leak violated AOL's own privacy policy, not to mention perhaps federal privacy laws.

Name two friends who think that was appropriate. This time AOL's penchant for PR blunders gives proregulation forces a rallying cry.

The good news is that the Clinton Administration has issued a blueprint, in the form of a "discussion draft," of what private sector regulation must do. The guidelines on privacy self-regulation are clear but difficult.

The time to act is short, and so far the Internet industry's self-regulation efforts have been pitiful. But don't take my word for it. Listen to Susan Scott, executive director of TRUSTe, a privacy project that was the industry's best answer to the challenge to make self-regulation work.

"We are creeping closer to federal legislation because the industry thus far has failed to really come up to speed and start posting privacy statements and following fair information practice guidelines," Scott said.

TRUSTe, cosponsored by the Electronic Frontier Foundation and the trade group CommerceNet, has a logo certification program that says, basically, "This site has a privacy policy. Click here to read."

So far 73 Web sites, out of tens of thousands of commercial sites, have signed up. Pitiful.

That's not a strong enough showing to stave off the would-be regulators. There's even some question as to whether a program to tell visitors the site has a privacy policy will be enough to forestall regulation.

The industry's response to self-regulation in the last nine months has been TRUSTe, P3P (a World Wide Web Consortium standard for implementing privacy protections), and guidelines from the Direct Marketing Association, basically the catalog and junk-mail industry.

"When you boil them down to the basics, they essentially give the user a choice of fine print," said Marc Rotenberg, a privacy advocate with Electronic Privacy Information Center who thinks laws are appropriate.

In case you think Internet users don't care about privacy, look at these figures from the Eighth GVU World Wide Web: Seventy-two percent of Internet users think there should be new laws to protect privacy on the Internet.