December 28, 2000, 3:12 PM — DON'T LOOK NOW, but the days of self-regulating online privacy practices may soon be coming to a close for Web site operators.
Turning up the fire on what is fast becoming one of the most volatile issues in e-commerce, the Federal Trade Commission this week pushed Congress to introduce legislation that would mandate new online privacy laws to be enforced by the government.
The FTC's move has both exasperated and confused many in the industry who feel they are already moving in the right direction, policing themselves to protect Web site visitors' private information.
"In a general sense, industry sees government reacting to this in an emotional way or as moving too quickly with inadequate understanding," said Gayle Crowell, privacy czar at online marketing company E.piphany, in San Mateo, Calif.
Furthermore, Crowell said that the new legislation looks a lot like the principles the industry is already collectively pursuing.
In its proposal, the FTC wants all Internet and brick-and-mortar companies doing e-commerce to have privacy policies with clear notice, consent, or opt-in policies; ways for customers to access and amend personal data; and reliable security practices. Several Democrats in the Senate this week drafted a bill to that effect
Although the legislation is now before Congress, many observers believe new privacy laws won't materialize immediately. For instance, Forrester Research, in Cambridge, Mass., predicted that action on the bill may be protracted over the next 18 months.
And yet the fact that government oversight is even on the table has perplexed many because it appeared that the FTC and the online industry were working hand in glove on a non-regulatory approach.
An online FTC task force -- with representatives from behemoths such as Disney, AT&T, Intel, DoubleClick, and Excite@Home.com -- had just wrapped up an extensive report on privacy. And the FTC itself had just found that 88 percent of all Web sites now carry privacy policies -- up astoundingly from just 14 percent two years ago.
But a source at one of the five Internet companies on the privacy task force this week characterized -- under condition of anonymity -- the FTC's moves as "misleading," going on to say that, "They basically pumped people for information [on the task force] and then used it against them."
FTC commissioners said they fret over the quality of online privacy statements, which they argue can be ambiguous, confusing, or misleading. Those officials also said that they fear self-policing leaves no way to punish rogue Web sites that are unafraid to expose confidential information in shipping that data back and forth, especially in e-commerce marketing plays.