It has been widely reported that the Obama administration will soon announce a proposal designed to strengthen consumer privacy on the Internet. The plan, calling for new laws and a new “watchdog” position to oversee the effort, is expected to be part of an upcoming Commerce Department report.
The concern about online privacy is well founded. Few consumers realize the extent to which their information is collected, bundled and sold to Internet marketers. Most websites employ tracking technologies that gather consumers’ search and spending habits to create detailed dossiers that are then sold to Internet marketers. And there is no comprehensive U.S. law that protects consumer privacy online.
But we question whether a new law is needed. As the nation’s consumer protection agency, the Federal Trade Commission has been successfully prosecuting companies accused of violating consumer privacy both on and off the Internet for many years. The FTC’s mandate against deceptive and unfair practices is broad enough to encompass any conceivable privacy violation.
Moreover, the Obama proposal faces opposition from both privacy advocates, who claim that the plan doesn’t go far enough, and from the Republican-controlled House of Representatives, which is unlikely to support legislation that could strengthen the FTC.
In addition, some privacy advocates have expressed concern that the Obama plan is based on industry self-regulation and is therefore “toothless.” While we agree that leaving the industry to regulate itself is not sufficient, there are viable ways to combine self-regulation and government enforcement. In fact, the wildly popular Do Not Call law is a good example of such a model. The FTC is expected to call on the industry to develop an Internet version, a “do-not-track” tool that people could use to remove themselves from online surveillance by marketers and others. The recommendation will be included in an upcoming FTC report on Internet privacy, expected to be released in December.
The FTC already has a number of tools to protect consumer privacy online. These include holding companies to their privacy promises about how they collect, use and secure consumers’ personal information; enforcing rules concerning financial privacy notices and the administrative, technical and physical safeguarding of personal information; and ensuring consumer privacy under the Fair Credit Reporting Act and the Children’s Online Privacy Protection Act. At this point, a new law and a new set of bureaucrats don’t seem necessary.