Congress Must Act Soon on Privacy Rights

By U.S. Rep. Edward J. Markey (D-Mass.), Computerworld |  Business

It's increasingly clear that U.S. consumers are eager for policymakers to establish rules protecting online privacy. After several years of awaiting effective industry self-regulation to protect consumers, the Federal Trade Commission (FTC) last year conceded that self-regulation alone was insufficient and recommended that Congress act.

Congress must enact a privacy policy combining three key elements: technological tools, industry self-regulation and enforceable privacy rights.

Technological tools: I have long believed in technology's potential to solve some of the problems it poses. I'm particularly encouraged by the growing cadre of software engineers and entrepreneurs who have developed and begun to market technologies that permit consumers to enhance their own privacy.

In addition, the Platform for Privacy Preferences (P3P) holds much promise. P3P enables consumers to indicate electronically to Web site operators how they should treat personal data. At the very least, letting the computers "do the talking" would save consumers the toil of clicking on the privacy policy of each Web site they visit to view its policy. Yet P3P can only truly work if it's widely available and if the private sector honors consumers' expressed privacy preferences.

We must also recognize that privacy-enhancing tools have policy limitations. Relying solely on technology puts privacy at the trailing edge of a never-ending process of technological one-upmanship. Moreover, consumers can't be expected to fully protect themselves through technology, because not every consumer -- at least in the short term -- will be savvy enough to utilize such technology. That's why remedies beyond technological tools are necessary.

Industry self-regulation: Ongoing efforts of certain online companies to develop self-regulatory solutions are quite laudable, and many companies today have posted online privacy policies. But having a posted privacy policy isn't synonymous with having a good privacy policy. Indeed, many voluntary online "protections" are so riddled with loopholes that they render their postings meaningless.

For privacy notices to work, they must be conspicuous and in plain language. It serves neither consumers nor online commerce if posted notices are hard to find or difficult to understand.

The current lack of legal privacy requirements also creates an inverse system of rewards and risks for the industry. If a company posts a privacy policy and then subsequently violates it, the FTC can act under its authority to police "unfair" or "deceptive" practices.

Conversely, if a company doesn't post a policy and then engages in personal information highjacking, it's legally able to continue on its merry way. The company is shielded by the "privacy paradox": As long as it never promises to protect privacy, it can never be accused of deceiving its customers.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question