Momentum grows for federal online privacy laws

There's a growing bipartisan consensus on Capitol Hill that online privacy legislation should be job one when Congress returns in January.

3 min read
A bipartisan coalition of House members Wednesday joined Senate colleagues in vowing to pass online privacy protections early next year.

The latest call to action occurred at a House Commerce Telecommunications Subcommittee hearing, where members of both parties promised to have legislation ironed out for introduction when the new Congress begins in January.

Despite rapid adoption of privacy policies by most commercial Web sites, recent studies have convinced both Congress and the administration that self-regulation will leave untethered too many rogue sites that could prey on unsuspecting consumers. Subcommittee Chairman Rep. Billy Tauzin, R-La., cited a recently conducted General Accounting Office (GAO) report that suggested some federal government Web sites also were engaging in suspect behavior.

"The big issue of the new millennium will be privacy," said Rep. John Shimkus, R-Ill., noting that the concern for Internet privacy protection is so great on Capitol Hill "it brings the far left and the far right together as teammates."

A working group of Congress members from both houses and both parties is being formed to reach consensus on new privacy laws, said subcommittee member Rep. Rick Boucher, D-Va. He is the co-chairman of the House Internet Caucus; his fellow co-chairman, Bob Goodlatte, R-Va., testified at the hearing and also will be part of the working group.

Senate Commerce Committee Chairman John McCain, R-Ariz., who earlier this month made a similar vow backed by a bipartisan group of senators, was scheduled to testify Wednesday but was tied up with other business as Congress seeks to adjourn this week.

Tauzin, who could be the chairman of the full House Commerce Committee next year based on the retirement of Chairman Tom Bliley, R-Va., said he'd participate in the working group.

Boucher outlined a set of "baseline" requirements to which all Web sites might have to adhere under the working group's compromise legislation. Each site would have to post a privacy policy outlining what was collected and how it was used. A site visitor would have the right to opt out of providing that information or limiting its use. The law would pre-empt state laws to ensure smooth interstate commerce, and the Federal Trade Commission (FTC) would be charged with visiting sites regularly to check on compliance.

FTC Chairman Robert Pitofsky cited a recent study by his agency that showed only 41 percent of sites randomly visited provided visitors notice and the choice to opt out. He said he and most of his fellow FTC commissioners have concluded that "backstop legislation was still required to fully ensure that consumers' privacy is protected online."

"Only legislation can compel" recalcitrant Web operators "to comply with fair information practice principles," he testified.

Some members wanted to make clear that they weren't trying to drive Web operators out of business.

"Substantial progress has been made in the area of self-regulation," Goodlatte said. "The vast majority (of commercial Web sites) have privacy policies posted." He cautioned that any legislation had to "permit beneficial use of information" by site operators, such as Amazon.com recommending biographies to a visitor who has bought them in the past.

In a written statement, Bliley said that as he departs Congress he still favors industry self-regulation and urged his colleagues, "First do no harm."

White House under fire
Tauzin grilled an administration witness for what he said were numerous privacy offenses occurring on government Web sites.

The GAO study he cited examined 65 federal Web sites and found 14 percent placed cookies, software that tracks a consumer's Web surfing, on the computers of those who visited the site. He said government sites also violated the Child Online Privacy Protection Act (COPPA) by soliciting information from children without advising parental permission. The White House and Environmental Protection Agency were among those he cited.

"There's something wrong when federal agencies can't obey the law applied to the private sector," he said.

"COPPA doesn't apply to the federal government," said Sally Katzen, deputy director for management at the White House Office of Management and Budget.

"Isn't that wonderful," Tauzin replied.

As for cookies, Katzen was unable to explain why the federal government would need to track consumer online activity, so Tauzin asked her to find out and report back to him.

"The bottom line is, we shouldn't" be placing cookies, Katzen agreed, but she said agency heads still have the authority to place them if it is deemed necessary.