The Federal Trade Commission today told Congress how it plans on better protecting Net surfers' privacy: by mainly relying on industry self-regulation.
In a letter to Senate and House Commerce Committee members, the FTC did not recommend that Congress take immediate action to regulate how personal information is collected in cyberspace, even if the data comes from children.
Instead, the FTC said industry self-regulation should be given a chance and pointed to examples that it said are working. The commission did reiterate its threat to crack down on one segment: senders of fraudulent bulk email.
The FTC said it will continue monitoring self-regulatory efforts in all sectors of online data collection and report to Congress again next June.
A few weeks ago, the FTC released some guidelines for compiling kids' vitals. The agency said Web sites must now obtain parental permission before distributing private data about a child to a third party. Prior to gathering information from minors, sites must also clearly disclose to parents how the data will be used. Violation of these guidelines could be deemed as an unfair and deceptive practice, but the commission staff letter didn't recommend agency enforcement at this time.
During the four-day online privacy workshop in June, the FTC heard about the current data collection practices from Net companies, law enforcement officials, parent groups, and privacy advocates. The top complaints surrounded companies' failure to clearly disclose how the personal details would be used; other complaints focused on sites not obtaining parental permission to solicit details from kids and the selling of data to third parties without authorization.
Concerns over identity theft or fraud led the FTC to probe free "look-up" Web sites or subscription-based online services. These databases let companies or individuals gain access to detailed information such as a person's address, phone number, birth date, employment history, or the names of people in his or her household.
The FTC applauded voluntary guidelines for "look-up" services. For example, after the workshops, Lexis-Nexis created an internal policy to let people see its records and correct errors if necessary.
"We are encouraged that the industry has stepped forward to address the serious privacy concerns raised by these databases," the FTC letter states.
The commission also will continue to study how to prevent the misuse of personal data and how to guarantee consumers' rights to check their records and make sure the data is used for the purpose for which it was collected. The FTC will submit a full report and recommendation about online databases to Congress by the end of the year.
As far as improving disclosure and collection policies on commercial Web sites, the FTC pointed to voluntary practices it says are good examples.
As part its policy, McGraw-Hill tells surfers how any personal information will be used, asks permission to redistribute the data to third parties, and takes security measures to protect the integrity of the data.