(Clockwise: Sen. Rockefeller, Rep. Rush, FTC Chm. Leibowitz, Rep. Boucher, Sen. Pryor, Sen Kerry)
HOUSE, SENATE & FTC PROMISE ACTION ON PRIVACY
FTC Revives Controversial Do-Not-Track Registry Proposal
In the last ten days both the House and Senate have held hearings on privacy and the FTC gave hints of where it intended to go on this issue. Tuesday, the Senate Commerce Committee Chairman John Rockefeller (D-WV) held his own hearing on the matter with Internet Subcommittee Chairman John Kerry (D-MA) indicating that he would work with Consumer Protection Subcommittee Chairman Mark Pryor (D-AK) on a Senate privacy bill which they hoped to pass early next year. Kerry stressed, “As a matter of technology, firms should challenge themselves to design products and engineer services with high default standards for protecting privacy in mind. And as a matter of law, we need new baseline standards for privacy protection that ensure people’s identity is treated with the respect it deserves.”
At the same time, the Federal Trade Commission is finalizing its report on its three privacy roundtables and Chairman Jon Leibowitz gave a preview of the direction the FTC might take at the Senate hearing. In his prepared remarks, Leibowitz stressed the need to (i) improve privacy policies hinting at possible standardization of terms or formats (as is done in the Gramm-Leach-Bliley disclosures); (ii) increase transparency and consumer control with respect to data held by data brokers; and(iii) have express consumer consent prior to implementing any material retroactive changes to privacy practices. In questioning, Leibowitz indicated that he supported an opt-in requirement for behavioral targeting and that the FTC was leaning towards adopting an opt-out registry to provide consumers a universal opt-out from behavioral targeting. The registry was first raised by consumer groups at the 2007FTC Town Hall on Behavioral Targeting and was widely criticized thereafter.
Last week, House Consumer Affairs Subcommittee Chairman Bobby Rush (D-IL) introduced his own privacy bill H.R. 5777 the “Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards (“BEST PRACTICES”) Act” and held a hearing on the proposal.
The Rush bill would require that certain disclosures be made at the time of collecting consumer information (online and offline);establishes security standards and an opt-in requirement for sharing information with third parties which may be enforced by the FTC or State Attorneys General (with up to $5MM in civil penalties) or by consumers. Companies that participate in an FTC approved self-regulatory program are exempted from the opt-in requirement for data sharing and private right of action. (See earlier post “Rush Hour on Capitol Hill“) At the hearing, Democrats and Republicans expressed concerns about the private right of action and civil penalties in the bill, while Republicans oppose giving too much power to the FTC (after Congress had stripped language strengthening the FTC from the recent consumer financial protection legislation. Congress goes on its summer recess on August 9th and it is unlikely any of the bills will pass before Congress adjourns before the election.
More info: Rush Bill Section by Section Analysis; FTC Considers Do-Not-Track List, Online Media Daily; No Rush to Privacy Judgement, Says Rush:Concerns expressed that Best Practices Act is overbroad; Broadcasting & Cable; Senate eyes online privacy rules, Politico.
Cyber Report 
Pingback: The Coming Privacy Storm for Tech Giants | Cyber Report