Members of the Congressional Internet Caucus told a House subcommittee Wednesday that U.S. lawmakers should avoid strict Internet privacy rules, which are said to be favored in Europe, and instead employ a set of "baseline standards." At the hearings, several speakers pointed to recent indications that the federal government was not abiding by th same privacy guidelines that have been suggested for commercial Web sites.
"We must be careful that we don't micromanage as the Europeans have done," said Internet Caucus Co-Chair Bob Goodlatte, R-Va., in calling for adherence to baseline standards on privacy.
Goodlatte said the Internet privacy debate is complex, because corporations have historically relied on consumer data as part of their business activity. He noted too that the use of consumer information by businesses could be useful to consumers.
"Legislation on this matter must be considered carefully," Goodlatte said.
While further legislation in this area is not expected this year, according to W.J. Billy Tauzin, R-Louisiana, the subcommittee will continue efforts to ensure that both the federal government and the private sector will "honor the rights of private citizens."
The contention that federal Web sites fail to adhere to important Web privacy guidelines is based on conclusions garnered from a recent report by the General Accounting Office (GAO.)
The report, released last month, was requested by Reps. Dick Armey, R-Texas, the House Majority Leader, and Tauzin, to determine how federal Web sites would fare when measured against the Federal Trade Commission's (FTC's) fair information guidelines. In May, the FTC asked Congress to enact legislation required adherence to the FTC's four fair information practices, after reporting that only 20 percent of the busiest commercial Web sites meet the criteria for all four practices.
The government "does not practice what it preaches," Rep. Tauzin stated at Wednesday's subcommittee meeting.
The study Tauzin cited found that only three percent of federal Web sites contained elements of all four of the FTC's guidelines. These guidelines include: Notice, which requires data collectors disclose their information practices; Choice, which requires that consumers be given options as to whether and how personal information is collected from them; Access, which ensures consumers be able to view and contest the accuracy of data collected about them; and, Security, which requires that data collectors ensure that information collected from consumers is accurate and secure from unauthorized use.
The report concluded that, although 85 percent of the sites studied posted a privacy notice, 31 percent of sites did not meet the FTC criteria for notice. Moreover, 55 did not meet the criteria for choice, 87 percent did not provide adequate consumer access to collected data, and 77 percent did not meet the criteria for security.
After receiving the report, Rep. Armey specifically asked the IRS to explain why its site did not meet FTC guidelines for security. The GAO study found that the IRS web site used third-party cookies, which are code-based identifier tokens placed on a consumer's computer by any domain other than the site being surveyed.
"The American people are required to give the IRS the most personal, sensitive information about themselves and their families," said Armey at the time. He also criticized the Clinton administration for not living up to its own online privacy standards.
However Peter Swire, chief counselor for privacy of the Office of Management and Budget, responded that the Clinton administration does not feel the FTC's guidelines are appropriate for federal Web sites, because federal sites are governed by their own laws. For example, the government sites do not feature a statement that the site proprietors' do not sell information, because other laws forbid federal sites from selling information in the first place.
"The complaint about not following FTC guidelines is highly misleading." and is like comparing "apples and oranges," Swire said.
As Internet privacy is considered in a highly-charged political climate, the debate often takes the form of dueling studies commissioned by different factions in government.
The dueling began in earnest last year. In April of 1999, a study was completed by the Center of Democracy and Technology, which said that only one-third of federal agencies had privacy policies clearly posted at their main sites. In response to the study, the head of the Office of Management and Budget, Jacob Lew, issued a memorandum that all federal agencies should have privacy policies as of December of last year.
Last month's GAO report was the second of two studies that followed Lew's memo. The first one was requested of the GAO by Senator Joeseph Lieberman, D-Conn., asking for a measure of government compliance. That study cited progress toward compliance, stating that 69 out of 70 web sites now had privacy policies.
Senior News Editor Jack Vaughan contributed to this article.