Calls by the U.S. Department of Commerce for self-regulation in the online ad industry as well as a proposed "safe harbor" from FTC enforcement actions drew criticism from privacy advocates.
A new U.S. Dept. of Commerce report (PDF) on online privacy drew a mixed reaction from watchdogs Dec. 16, some of who called it a thinly veiled gift to the online advertising industry.
While some privacy advocates commended the report's recognition of privacy issues, the report has also been criticized for falling short in certain ways – namely in its emphasis on self-regulation by the online advertising industry and its proposal of creating a safe harbor against enforcement actions by the Federal Trade Commission (FTC) as an incentive for businesses to adopt better privacy practices.
“Online advertising is one of America’s new growth industries…they are having a terrible time in Europe because Europe has a serious privacy regime, and they want to make Asia-Pacific…the real prize here,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “The Commerce report holds the key for U.S. companies to the Asia-Pacific market, which dwarfs anything in terms of Internet advertising revenues that the U.S. and U.K. provide.”
The report calls for the United States to work with foreign governments to “develop a framework for mutual recognition of other countries’ commercial data privacy frameworks.” Commerce Secretary Gary Locke said in a statement that while the primary goal of the department is to update the domestic approach to privacy on the Web, he is optimistic it can "take steps to bridge the different privacy approaches among countries, which can help us increase the export of U.S. services and strengthen the American economy.”
Though the report repeatedly mentions establishing voluntary enforceable codes, Locke noted in his statement that self-regulation without stronger enforcement is not enough.
"Consumers must trust the Internet in order for businesses to succeed online," he said.
Susan Grant, director of consumer protection at the Consumer Federation of America, agreed with Locke's sentiment, noting self-regulation has been tried and proven inadequate.
“We need a privacy law that sets the rules of the road, including prohibiting some data practices that just aren’t acceptable, and giving consumers real control over their personal information and that provides for strong enforcement by the states, the Federal Trade Commission and consumers themselves,” she said.
The idea of passing legislation creating a safe harbor for companies that adhere to what the report calls "appropriate voluntary, enforceable codes of conduct that have been developed through open, multi-stakeholder processes” was also a source of consternation among some privacy advocates.
Pamela Dixon, executive director of the World Privacy Forum, said focusing on safe harbors that protect business has failed in the past, and would be a mistake.
"One of the things that was a significant concern to us about the report is the approach of the Department of Commerce to basically say:…'look, no matter what law is passed in regards to privacy, we’ll create a safe harbor and if companies follows this approach, this self-regulatory approach, then they’ll be fine as long as they don’t break the safe harbor rules'.”
The report follows a separate paper from the FTC earlier this month. Among other things, the FTC called for the creation of a 'Do Not Track' mechanism to limit online behavioral tracking, as well as for greater transparency in the privacy policies of online businesses. At the time, FTC Chairman Jon Leibowitz said the commission was not calling for more privacy legislation, but was making recommendations for best practices.
Similarly, Locke referred to the report as a "road map" for considering a new framework that benefits consumers and businesses. However John Simpson, consumer advocate at Consumer Watchdog, said the report starts off on the wrong foot with its very title – 'Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.'
“They talk about commercial data privacy," Simpson said. "What we should be talking about is consumers' data and their right to privacy, not a business commodity. This is all about easing things for businesses. It’s in some sense I think an early Christmas gift to the data collection industry from the Obama administration.”