Inside Google

WASHINGTON, D.C. — A coalition of consumer groups and privacy advocates welcomed the bipartisan effort by Senators John Kerry and John McCain to craft online privacy legislation today, but said their bill needs to be significantly strengthened if it is to effectively protect consumer privacy rights in today’s digital marketplace.

In a letter to the Senators, Consumer Watchdog, the Center for Digital Democracy, Consumer Action, Privacy Rights Clearinghouse and Privacy Times said they could not support the bill at this time. The letter began:

“We are writing to commend you for offering a bill that addresses the vital issue of consumer privacy online. Protecting consumers’ privacy rights should transcend politics and we thank you for exercising leadership and seeking to deal with this challenge in a bipartisan way. But we must also express our concern that your Commercial Privacy Bill of Rights Act needs to be significantly strengthened if it is to effectively protect consumer privacy rights in today’s digital marketplace. Consumers need strong baseline safeguards to protect them from the sophisticated data profiling and targeting practices that are now rampant online and with mobile devices. We cannot support the bill at this time.”

Here are highlights of the groups’ concerns:

— Meaningful privacy legislation must direct the Federal Trade Commission to require and enforce a “Do Not Track Me” mechanism.

— The bill relies too heavily on the “notice and choice” model and could simply enshrine current practices, allowing the continued compilation of vast digital dossiers that can negatively affect consumers in transactions involving their finances, health and families. — -The bill gives special interest treatment to Facebook, and other social media marketers, that permit them to gather data on their users without sufficient safeguards.

— Consumers must have the right to hold companies accountable for violating their privacy through a private right of action.

— The bill would prohibit states from enacting stronger protections.

— The bill usurps the FTC’s traditional lead role in protecting privacy and turns much of its responsibility over to the Commerce Department. The Commerce Department – as it should – primarily seeks to promote the interests of business. It is not, nor should it be expected to be, the primary protector of consumers’ interests. Commerce, therefore, must not have the lead role in online privacy.
———————
The full text of the letter follows:

April 12, 2011

Sen. John F. Kerry
Russell Building 218
1st & C Streets, NE
Washington, DC 20510

Sen. John McCain
Russell Building 241
1st & C Streets, NE
Washington, DC 20510

Dear Senators Kerry and McCain,

We are writing to commend you for offering a bill that addresses the vital issue of consumer privacy online. Protecting consumers’ privacy rights should transcend politics and we thank you for exercising leadership and seeking to deal with this challenge in a bipartisan way. But we must also express our concern that your Commercial Privacy Bill of Rights Act needs to be significantly strengthened if it is to effectively protect consumer privacy rights in today’s digital marketplace. Consumers need strong baseline safeguards to protect them from the sophisticated data profiling and targeting practices that are now rampant online and with mobile devices. We cannot support the bill at this time.

As you know, online tracking of consumers as they use the Internet has become pervasive and invasive. Consumers have no control over how their information is used, and they are the subject of far-reaching and growing data collection and targeting practices. Today, a consumer confronts a massive but little-known online and offline data collection apparatus. Expansive storehouses of data about U.S. consumers and citizens provide anyone who seeks it with critical information about individuals, including their health, financial, racial and family status. Social networks harvest information on a single user and their networks of friends and relationships. Mobile phones and location targeting now extend forms of commercial surveillance into our homes and neighborhoods. Ensuring U.S. consumers have meaningful choice how data about them is collected and used, and enabling them to effectively protect their information, should be at the core of any privacy bill.

We strongly believe that any privacy bill should direct the Federal Trade Commission to require and enforce a “Do Not Track Me” mechanism. Consumers should have the right to use the Internet and mobile devices with confidence that their privacy choices are respected, and with anonymity if they choose.

The bill also relies too heavily on the “notice and choice” model. This approach has meant the development of incomprehensible privacy policies that appear to be written by lawyers paid by the word to obfuscate rather than elucidate.

As you know, a consumer today is subject to real-time “on the fly” targeting, where many discrete details about their lives are assembled and sold to the highest bidder via ad exchange auctions, even when they are using their mobile phone or watching a video online. Webpages and other online content are designed to foster data collection through the use of non-transparent techniques that “optimize” a user’s online interaction. Vast stores of behavioral targeting data are made available in an instant to all parties on the Internet, and the lines between first and third parties are increasingly blurred.

We fear this bill could simply enshrine these practices, allowing the continued compilation of vast digital dossiers that can negatively affect consumers in transactions involving their finances, health and families. While explanations of consumer tracking must be more transparent and easily understandable, it is time to move beyond simple “notice and choice,” which has been the cornerstone of failed efforts at self-regulation championed by industry.

We oppose the bill’s special interest treatment of Facebook, and other social media marketers, that permit them to gather data on their users without sufficient safeguards.

A consumer must have the right, enforceable by the FTC, to control their own data, including the ability to decide what data companies may collect and whether data may be used for digital targeting. The bill should direct the FTC to conduct a rule-making that will limit data collection and ensure transparency, consumer choice and control. We also urge the bill create safeguards to ensure a consumer has control over information related to their race or ethnicity.

A private right of action is also essential to ensure that privacy protections are enforced—a crucial safeguard absent from the bill. State preemption should provide a floor, not a ceiling, and allow states to enact stronger consumer protections. State legislation has repeatedly been a model for improved protections on the federal level at a later time.

Title VII of the act, which appears to usurp the FTC’s traditional lead role in protecting privacy and turn much of its responsibility over to the Commerce Department, is troubling. It is important to note that the Commerce Department – as it should – primarily seeks to promote the interests of business. It is not, nor should it be expected to be, the primary protector of consumers’ interests. Commerce, therefore, must not have the lead role in online privacy. That is a role best left to a new independent Privacy Protection Office and the Federal Trade Commission.

This bill should raise concerns from the European Union, because it provides inadequate baseline protections for those U.S. companies engaged in international e-commerce.