Best Buy's Anniversary Sale Samsung Could One-Up Apple Peloton Alternatives GMMK Pro Keyboard Review Natural Sleep Aids $59 Off Apple TV Equifax Error: Check Your Status Biggest Rent Increases
Want CNET to notify you of price drops and the latest stories?
No, thank you

Data privacy activists decry FTC recommendation

Advocates slam the Federal Trade Commission's refusal to call for a data protection law even though a new report confirms that many Web sites harness sensitive information without adequate disclosure.

Privacy advocates are up in arms over the Federal Trade Commission's refusal to call for a baseline data protection law even though a report released by the agency today confirms that Web sites are harnessing droves of sensitive information from consumers without adequate disclosure.

The FTC has threatened to call for a new law to establish "fair information practices" for the digital age, such as getting consumers' permission before sharing their data with third parties. But in approving its latest privacy report to Congress today, the four-member commission said no new laws are needed at this time.

"The implementation of fair information practices is not widespread among commercial Web sites," the report stated, but it added that "legislation to address online privacy is not appropriate at this time."

The FTC presented its report calling for a "hands-off" regulatory approach to Net data collection practices during a House Commerce Telecommunications Subcommittee hearing on Net privacy today, gaining cheers from industry but sparking criticism from consumer advocacy groups.

From e-commerce sites to personalized portals and Web-based stock trading, online services are aggregating scores of uniquely identifiable information from Net surfers. Although the White House has announced a slew of efforts to better shield Americans' privacy, the administration continues to support voluntary industry guidelines when it comes to online data collection.

The FTC's report incensed consumer advocates, who want consumers to be able to control their data and have strong recourse if their data is used for unintended purposes. Most would like to see the United States adopt standards similar to those of the European Union.

However, it is doubtful such standards will be adopted, as Clinton administration officials have been negotiating with the European Union for more than a year to exempt U.S. companies from the data directive that calls for EU companies and entities to cut off all data transfers to territories that don't adequately protect privacy.

"For years European countries have guaranteed their citizens access to the information companies have about them," David Banisar, deputy director of Privacy International, stated in a letter to Congress today that was signed by prominent consumer groups. "The Clinton administration has been trying to lower this standard to only the information provided directly by consumers, or even just a summary of the kind of information generally kept."

The industry-funded Georgetown Internet Privacy Policy Survey released last month found that of 90 percent of 364 ".com" Web sites surveyed that collected personally identifiable information, 65.7 percent had privacy policies, but only 9.5 percent of the sites had an "adequate" privacy policy.

The commission voted 3-1 to approve the recommendations with Commissioner Sheila Anthony dissenting in part.

"I believe that the time may be right for federal legislation to establish at least baseline minimum standards," she said in a statement. "I note that bipartisan bills are pending in both the House and the Senate and could provide a good starting point for crafting balanced protective legislation. I am concerned that the absence of effective privacy protections will undermine consumer confidence and hinder the advancement of electronic commerce and trade."

Commissioner Orson Swindle said the report reached the correct conclusion--that no additional laws are needed--but understated the "substantial progress attributable to industry self-regulation."

The report cited a number of industry efforts to protect consumer privacy, including Truste, sponsored by the CommerceNet Consortium and the Electronic Frontier Foundation; BBBOnline, sponsored by the Council of Better Business Bureaus; and CPA WebTrust, sponsored by the American Institute of Certified Public Accountants.

The programs are designed to make certain that Web sites notify surfers of the information they gather and in some cases have outside firms verify that the information is used only as promised.

The report noted that some firms, such as Disney, have said they will not advertise on sites that fail to carry out fair information practices.

"The present challenge is to educate those companies which still do not understand the importance of consumer privacy and to create incentives for further progress toward effective widespread implementation," the report said.

Reuters contributed to this report.