Lawmakers Urge Legislating Privacy Protections

Welcome Guest. | Log In| Register | Membership Benefits

September 14, 2000 (12:05 PM EDT)

Lawmakers Urge Legislating Privacy Protections

By Mary Mosquera,

WASHINGTON, D.C. -- Congress should pass minimum privacy standards soon or else pent-up concern about the misuse of personal data over the Internet will lead to heavy regulation, two lawmakers active in high-tech issues said Wednesday.

"It's time for Congress to extend privacy protections to the collection of information by websites, if not this session then early on in the next Congress," Rep. Rick Boucher (D-Va.) told the Global Privacy Summit meeting in Washington, D.C.

If Congress, in its waning weeks before adjournment, does not pass minimal privacy legislation, it will likely do so in the first 100 days of the next administration, said Rep. Bob Goodlatte (R-Va.)

Public concern over the use of personal information is growing. Establishing minimal privacy guarantees will give consumers confidence to transact business online.

The Federal Trade Commission has traditionally refrained from regulating privacy over the Internet. For the past three years it has instead prodded the industry to regulate itself by observing and enforcing fair information practices. But in May, it changed its stance and recommended legislation, saying commercial Internet sites have moved too slowly.

Although the major commercial sites self-regulate and comply with seal programs, there are a host of sites that are not bound by any voluntarily assumed obligations to protect privacy, Boucher said.

"Unless we move quickly to pass this set of minimum privacy guarantees, I am concerned something more unworkable could be adopted," he said.

A slew of privacy bills languish in Congress, including Boucher's Internet Growth and Development Act, H.R. 1685. Boucher and Goodlatte said they are working with Democrats to craft a bill that will enjoy widespread support.

Boucher wants sites to post a privacy policy that commits the company to identify the personal data it collects; to tell browsers how it is used, including whether it is transferred to third parties; and to give users the opportunity to opt-out of having information collected. Any federal privacy legislation would preempt state laws, Boucher said.

To put teeth into the legislation, Congress should give the FTC the authority to assure the minimum privacy guarantees, he said.

"There is a growing consensus among Internet companies supporting this approach," Boucher said.

E-commerce sites could add enhanced provisions beyond the law and market it as an asset to consumers.

"Enhanced privacy policies will grow as sites see it as asset," Boucher said.

Consumers already have some privacy protections on the Internet, Goodlatte said. The European Union Data Privacy Initiative is matched in the United States with what is called safe harbor principles, which protects U.S. companies from European data restrictions if they adhere voluntarily to the fair information practices included in the EU government regulation.

The United States already has laws regulating the use of children's personal information and financial and medical data.

Financial privacy provisions accompanying last year's financial modernization package applies to banks; securities firms; thrifts; insurance companies; and any other business dealing with financial information, such as mortgage companies and check-cashing services. It could even include e-commerce companies that handle financial information, such as travel agencies, Goodlatte said.