Tech titans lobby for national consumer privacy laws
Politicians in turn pledge to create uniform rules for all businesses, but some outside groups question the blanket approach.
eBay CEO Meg Whitman and Hewlett-Packard Chief Privacy Officer Scott Taylor pitched those suggestions to mostly receptive politicians at a hearing convened Tuesday afternoon by a U.S. House of Representatives subcommittee on consumer protection.
Video: Privacy issues light up Washington
Politicians as well as key contributors to eBay, HP and PayPal speak out for federal legislation on consumer protection and privacy laws on the Internet.
Whitman said there's a "pressing need" for Congress to "unify today's crazy quilt of laws--some federal, some state, some applying to all businesses, some focused on particular business sectors."
"No one is served--not consumers, not governments and certainly not corporations--by a lack of consumer confidence in the security and privacy of personal information," added Taylor.
Both companies are part of the Consumer Privacy Legislative Forum, a coalition formed earlier this year, which issued a statement Tuesday calling for "comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework." Other technology companies signing off on the one-page statement (click here for PDF) were Google, Microsoft, Intel, Oracle, Sun Microsystems and Symantec.
Such a policy should be built on concepts like notice to individuals whose information has been compromised, "reasonable" access to their personal records, data security and strong enforcement, coalition members said.
What they're hesitant to support, however, is legislation that would give individual consumers the right to sue companies that violate privacy laws. "I think we'd like to have one enforcement agency, that would be the FTC (Federal Trade Commission), that would be held accountable," Whitman said. "I'd like to simplify our lives, our users' lives."
Some politicians, however, suggested they would disagree with that logic. "I'm not for unlimited private right of action but...if somebody abuses my privacy, I can see wanting to take a private right of action that redresses that specific crime and gives me some financial reimbursement," said Texas Republican Joe Barton, chairman of the House Energy and Commerce Committee.
Overall, the technology companies appeared to enjoy broad support for their call for action from Democrats and Republicans alike.
Barton, for his part, pledged to write and introduce such legislation and bring it to a vote by the end of this year's congressional term. Failure to do so "will threaten online commerce, the Internet and commerce in general," he said, pointing to what he called "growing anxiety" among consumers about the possibility of identity theft and insecurity over how their personal information is used and stored.
Illinois Democrat Jan Schakowsky, co-chair of the consumer protection subcommittee, said she agreed that Congress needs to pursue a broader approach. "We regulate by headline or problem of the day, be it spam, spyware or pretexting for phone records," she said.
The principles being suggested are "good in the abstract," but until concrete details on any new legislation emerge, "there's as much potential for harm as for good," Sherwin Siy, staff counsel for the Electronic Privacy Information Center, said in an e-mail interview with CNET News.com.
Siy said he was particularly concerned about a core tenet of the companies' proposal--that federal law pre-empt all relevant state laws. In his view, Congress has not yet succeeded in crafting bills that measure up to protections advanced by some existing state laws, "so a pre-emptive federal law would have to be an excellent one if it were to protect consumers."
Politicians at Tuesday's hearing also indicated some skepticism about that idea. "Would there be any room for states to go beyond the federal legislation should we miss something?" asked Schakowsky. Representatives from the coalition reiterated that they wanted the certainty that a single law could supply.
A separate caution against new legislation came form Thomas Lenard, a vice president at the Progress and Freedom Foundation, a free-market think tank. He argued that the market already provides adequate incentives--that is, the specter of a damaged reputation or lost profits--for companies to protect consumer privacy.
"Regulation inevitably will have unpredictable and unintended consequences," he told the House panel, "especially when imposed in a medium like the Internet, which is changing so rapidly."