Voluntary Safe Harbor Program, FTC Enforcement Included in Kerry-McCain Privacy Measure
Sens. John Kerry, D-Mass., and John McCain, R-Ariz., introduced privacy legislation aimed at giving citizens control of the data that’s collected by companies online. The Commercial Privacy Bill of Rights Act would put citizens back in control of how their personal information is collected and used, Communications Subcommittee Chairman Kerry said Tuesday at a press conference. The bill allows companies to design their own safe harbor terms and does not propose a Do Not Track mechanism. Many consumers enjoy receiving targeted ads online and visiting sites that are free because they're ad-supported, “but consumers must have control of how their data is used and is transferred to an unknown third party,” McCain said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The measure keeps private data safe “by laying down fair information practices for anyone collecting it,” Kerry said. It also ensures that businesses collecting personal information “secure that information, tell people why their data is being collected and allow those people to say whether or not they want that information used in that way,” he said.
The bill aims to strike a balance between improving consumer privacy and allowing businesses to provide targeted ads for customers, they said. The legislation respects that there must be some flexibility in how it’s implemented, Kerry said. The bill gives companies the option to participate in a voluntary safe harbor program, allowing companies to design their own privacy procedures. They can implement protections “in any way that they want just as long as it will still achieve the privacy protections on a par with the standard that it sets out,” he said. The provision will serve as a certification, where companies’ safe harbor plans will have to be approved by the FTC, Kerry said. Companies that don’t take part in the program will have to operate strictly by the requirements of the legislation, he added.
"Striking this balance is the hard part of our negotiations and our efforts to bring forth this legislation,” McCain said. A Do Not Track requirement wasn’t necessary and didn’t fit in with efforts to find that balance, Kerry said.
The Center for Digital Democracy, Consumer Watchdog and other groups are concerned that the proposal falls short of protecting privacy. At the end of the day, the bill won’t protect consumer privacy in today’s marketplace, said CDD President Jeff Chester. “It is full of loopholes, definitional problems, and it’s missing important hallmarks, including Do Not Track,” he said during a teleconference. It also has an exemption for Facebook, he added. “Any serious privacy legislation needs to give the authority to the FTC to mandate Do Not Track,” said John Simpson of Consumer Watchdog. The groups, including Consumer Action, also raised concerns that, if enacted, the Kerry-McCain bill could prohibit states from enacting stronger privacy legislation.
Some privacy advocates worry that the bill threatens the FTC Act Section 5 authority, which supported the recent Google Buzz settlement. Kerry and McCain said the FTC’s handling of that case was close to the recommendations of their proposal. “I think it’s supportive of what we're saying and supportive of the principles that we're encompassing in our legislation,” Kerry said.
Before acting, policymakers should consider “the potential economic consequences of certain requirements,” like data minimization, the Information Technology and Innovation Foundation said in a statement. Misguided privacy legislation could “erode the $300 billion in annual economic activity generated by the Internet,” said Daniel Castro, ITIF analyst.
Other groups like NCTA and CCIA applauded the measure. “We anticipate this legislation will provide a baseline for privacy rules and will also support the privacy measures many tech companies are already implementing on their own,” said CCIA President Ed Black. “While we are still reviewing the bill introduced today, we are pleased that it incorporates key principles the Commerce Department recommended in its privacy report and look forward to working with Congress as legislation moves forward,” Commerce Department Secretary Gary Locke said in a statement. Consumers Union and the Consumer Federation of America said in a joint statement the bill is “an important step forward” and a “foundation that we can build on to give consumers the privacy protections they need.”