The federal government has taken notice of some recent high-profile data breaches, and continues to examine ways to enhance online consumer privacy.

Sen. John D. Rockefeller, chairman of the U.S. Senate Committee on Commerce, Science and Transportation, introduced the "Do Not Track Online Act of 2011" last week. The "do not track" legislation would allow individuals to indicate their preference to not have online activities tracked and, with some exceptions, prohibit online providers from collecting personal information from individuals who make that preference.

"I believe consumers have a right to decide whether their information can be collected and used online," Rockefeller said in a statement announcing the bill. "This bill offers a simple, straightforward way for people to stop companies from tracking their movements online."

Jamie Court, president of Consumer Watchdog, praised Rockefeller's bill. He noted that three of the four major browsers — Mozilla's Firefox, Microsoft's Internet Explorer and Apple's Safari — have or will soon have mechanisms to send a "do not track" message. However, the lack of legal requirements forcing websites to honor "do not track" requests could lead to resistance, Court said.

"We cannot be stalked as we shop in brick-and-mortar stores, yet whatever we do online is tracked, usually without our knowledge and consent," Court said. "The data may help target advertising but can also be used to make assumptions about people in connection with employment, housing, insurance and financial services; for purposes of lawsuits against individuals; and for government surveillance.

Rockefeller's legislation comes on the heels of "The Commercial Privacy Bill of Rights," introduced by senators John Kerry (D-Mass.) and John McCain (R-Ariz.) last month. That legislation would require "collectors of information" to implement security measures to protect the information, as well as provide notice to customers on the collection practices and its purpose. California state Sen. Alan Lowenthal (D-Long Beach) has also sponsored do-not-track legislation that would require businesses that use, collect or store online data to offer California consumers a method to "opt out" of that data collection.

These bills received some criticism from business groups, including the Direct Marketing Association (DMA). The DMA expressed concern that the Kerry-McCain legislation would impose untold regulatory compliance costs on businesses. A letter to Lowenthal from numerous organizations, including Google and Facebook, criticized his bill as well. The letter stated the bill "would create an unnecessary, unenforceable and unconstitutional regulatory burden on Internet commerce."

Consumer privacy in the information age was also the main topic at the first hearing held May 10 by the Judiciary Subcommittee on Privacy, Technology and the Law. The hearing examined whether federal laws protecting consumer privacy — particularly regarding mobile devices — are keeping pace with technological advances.

Google and Apple’s consumer privacy efforts under scrutiny

Among the witnesses who addressed the subcommittee during the hearing were representatives from Google Inc. and Apple Inc.  The subcommittee's chairman, Sen. Al Franken (D-Minn.), said concerns were raised when reports showed operating systems from Apple and Google track unwitting users' locations.

I believe consumers have a right to decide whether their information can be collected and used online.

Sen. John D. Rockefeller

 

Last month, Franken sent a letter to Apple CEO Steve Jobs asking him to address privacy concerns about the company's iOS 4 operating system. According to researchers, the OS stores detailed information about users' locations on their iPhones, iPads and any computers to which the devices are synched.

During the subcommittee hearing, representatives from both Google and Apple explained and defended their approaches to mobile privacy.

Guy L. Tribble, vice president of software technology at Apple, said his company doesn’t share personally identifiable information with third parties for marketing purposes without Apple customers’ "explicit consent.” He added that the company requires "all third-party application developers to agree to specific restrictions to protect our customers."

Alan Davidson, director of public policy for the Americas at Google, said during his testimony that the company has made its mobile location services "opt-in" only. He added that the company is "particularly sensitive" to location information.

Franken noted that while mobile technology provides "incredible benefits," recent developments and reports suggest that the information on mobile devices isn’t being protected in the way it should be.

"The same information that allows responders to locate us when we're in trouble is not necessarily the information all of us want to share all of the time, with the entire world," Franken said during opening statements of the hearing, titled “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy."

Let us know what you think about the story; email Ben Cole, Associate Editor.