If Tuesday night’s failure to give fast-track approval to an extension of certain surveillance powers under the Patriot Act is any indication, Congress is in the mood to protect individual privacy. As such, a series of anticipated online privacy protection bills are likely to garner bipartisan support in the weeks and months ahead.
Proposals will come from both sides of the aisle. According to Hillicon Valley, Rep. Jackie Speier (D-Calif.) will shortly introduce an online privacy bill directing FTC to implement a “do not track” regime applicable to online advertisers (this although public comments to the FTC report supporting such a measure, Protecting Consumer Privacy in an Era of Rapid Change, are still coming in). Rep. Speier’s bill is said not to include any safe harbor provision. In contrast, the privacy bill forthcoming from Rep. Bobby Rush (D-Ill.) will not include a “do not track” mandate, but is anticipated to be very similar to the bill he proposed in 2010 that provided a safe harbor to marketers participating in a FTC-approved, self-regulatory “Choice Program.” Any approved “Choice Program” would, true to its name, be required to provide users with a robust set of options concerning the collection and use of their information.
On the Republican side, Rep. Cliff Stearns (R-Fla.) plans to introduce a new version of the 2010 draft Boucher-Stearns bill which would have required websites to inform users of how they collect and use personally identifiable information and then allow users to opt out of having such information collected. Collection of certain sensitive information and the sharing of personally identifiable information with third parties would require users to opt in.
Other politicians reported to have an interest in addressing internet privacy this year include Rep. Joe Barton (R-Texas), and Senators Jay Rockefeller (D-W. Va.) and John Kerry (D-Mass.).
So with the ink barely dry on public comments to the Commerce Department’s Dynamic Policy Framework, and with public comments to the FTC Report still incoming, it appears legislators may be ready to run with the presumption inherent in both reports that the existing notice and choice mechanism for protecting Internet user privacy is outdated and ineffective.
All this activity is focused on achieving increased transparency, simplification of consumer choice, and ensuring users are able to give true informed consent to the collection and use of their information. However, a rush to regulate without providing sufficient flexibility for different business models could stunt innovation and hurt the user experience. In this dynamic marketplace, where large businesses and emerging companies alike are beginning to innovate consumer privacy solutions and may soon compete on that basis, passage of rigid laws and reactionary regulations may be counter-productive.