|
|
 |
|
 |
 |
| INTERNET PRIVACY | |
 May 26, 2000  |
|
|
The Federal Trade Commission has ruled that the online industry failed to protect consumer privacy.
|
|
ROBERT PITOFSKY, Chairman, Federal Trade Commission: Well, we've issued three reports. We've been looking at this question for about five years. We've issued reports over the last three years. There's a lot of common ground here. I mean, nobody thinks that privacy is not worth protecting. The only issue is, how do you get there? Will self-regulation do it? I don't think self-regulation has been a failure. On the contrary, much has been achieved. But I'm not sure self-regulation is ever going to get to the finish line all by itself without some legislative support. That's really what the issue is about. RAY SUAREZ: And in your recommendations, did you try to craft the, let's say the least intrusive solution for this point?
|
 |
||||||||||||||||||
| Debating the proposals | ||||||||||||||||||||
|
RAY SUAREZ: Well, Christine Varney, people who are not industry experts might listen to that statement and say, "gee, it doesn't sound like he's slamming on the brakes or throttling what's going on on the Internet. What's the problem?"
CHRISTINE VARNEY: Well, I think one of the things, as a former government enforcer, that I've always thought is, good laws don't stop bad people from doing bad things. They merely give prosecutors and in some cases private citizens, more tools to go after them. So, I think we have to remember that we have a lot of law in place right now. The question is whether or not existing law is adequate. As we discussed earlier, the FTC has the authority right now to prosecute bad actors under certain circumstances. I'm not sure that an additional grant of regulatory authority is going to get us all the way there in the least intrusive manner. RAY SUAREZ: Mark Rotenberg, are the legislative remedies proposed by the FTC enough for you and your group?
MARC ROTENBERG: The interesting thing about the Internet is that you can capture people's activities, their interests, when they visit a Web site, when they read a news story, online, for example. If they go to your Web site, that information can be logged. And we've never experienced this in the off-line world. The type of information that marketers typically had in the off-line world was purchase information. And if you bought a sweater one year, a different product the next year, the company that sold you that sweater might well sell you a related accessory. But on the Internet, the information is far more detailed. And what it's leading to is the creation of detailed personal profiles on consumers operating online. And I think, as the Chairman has said quite rightly, consumers today are facing an unfair choice. To go online and to take advantage of electronic commerce they're increasingly being asked to give up their privacy. And it seems to me that that's a choice that consumers should really not have to face.
ROBERT PITOFSKY: Sure. And let me put a sharper point to the - to the
issue. If people put out a privacy policy and then they don't do what
they say, we can and we have challenged it. The problem is that about
40 percent of the Web sites that are out there now either say nothing
or they say something in such a confusing way that nobody can figure
it out - ten pages of legal jargon that the average person isn't going
to figure out, so they don't know what their rights are. Without legislation,
there's no way for us to get at that kind of behavior and self-regulation
won't get at it either, because, as you pointed out, we're talking about
|
 |
|||||||||||||||||||
| Giving consumers a choice | ||||||||||||||||||||
|
RAY SUAREZ: Well, have there been exaggerations of just how much retailers put a value on this kind of data mining?
RAY SUAREZ: Well, Marc Rotenberg, what about Christine Varney's point that most Americans are pretty easy going about the kinds of information that they are often asked for and then come to certain places, insurance, medical records, those kind of things, that's when the concerns rise, and there are already regulations for that?
CHRISTINE VARNEY: I think one of the things that's important to remember here is that this is truly a place where good business judgment and good public policy intersect, when the Federal Trade Commission did their survey, they went through the 100 most popular Web sites, and I think they found in overwhelming percentage of those Web sites offer notice and choice. You can say no, don't share my information. I tell consumers all the time, when you go to a Web site, look for the privacy policy. If you can't find one, don't shop there. And when you find one, exercise your choice. If you don't want your information shared, say, no. Now, I believe that there are different standards that need to be in place for health and medical, financial, and children. And Marc is right. There is a lot of disagreement over whether or not protections in the Financial Services Organization Bbill are adequate and we're going to be revisiting those this year. RAY SUAREZ: So what do you feel you need?
RAY SUAREZ: Chairman Robert Pitofsky, guests, thank you very much. |
 |
|||||||||||||||||||
 |
   
|
|
| Support the kind of journalism done by the NewsHour...Become a member of your local PBS station. | ||
| ||
| PBS Online Privacy Policy Copyright ©1996- MacNeil/Lehrer Productions. All Rights Reserved. | ||
| ||
RAY
SUAREZ: And joining us now to discuss privacy online, Robert Pitofsky,
chairman of the Federal Trade Commission; Christine Varney is executive
director of the Online Privacy Alliance, representing high-tech companies
that support voluntary privacy practices on the Internet; and Marc Rotenberg,
executive director of the Electronic Privacy Information Center, a research
organization focusing on privacy issues concerning the Internet. Mr.
Pitofsky, let's start with you. Bring us up to today. What did you try
first and what have you found about how it worked that makes you seek
a legislative remedy? 
ROBERT
PITOFSKY: Well, I hope we did. You listed the four information practices
that we think should be supported. Certainly notice and choice are the
heart of any. If you don't know what's happening to the information,
and you can't say "leave me out," then have you no rights
at all. On access, which means can you check to see whether there are
errors in the database, we said reasonable access. We said there are
some kinds of information where no access at all would be required.
So we are trying to make sure that we protect consumers' rights on the
Internet, rights to privacy, which we think are so important. But we
certainly don't want to do that by hampering the growth of the Internet,
which, itself is a tremendously pro-consumer development. 
CHRISTINE
VARNEY, Online Privacy Alliance: As well they should. I think that the
Chairman has laid out the problem very accurately. We've been working
for over five years, industry and government and consumers together,
to come to up with meaningful privacy protections for consumers. Congress
has enacted three laws recently: The Children's Online Privacy Protection
Act which protects data from and about children, the Financial Services
Modernization Act, that does have some has privacy provisions. We can
argue about the adequacy of them - and the Health Insurance Affordability
and Accountability Act, whose regulations are not even finished yet,
which does protect medical and health-related information. I think the
question that I really have is at this point we have got three very
strong laws, the children's is the only one which is fully implemented.
The other two are not yet implemented. I would like to see us go a little
slow. Let's get these laws up and running. Let's look at the last, you
know, 10 percent of Web sites that don't have notice and figure out
how we get there. The Chairman's absolutely right. It is a combination
of self- regulation, legislation, and enforcement. And the Federal Trade
Commission today has the authority to prosecute those Web sites that
don't do what they say they're doing. They've done it and they've done
a good job. If anything, I'd like to see them get more resources to
do prosecution as opposed to creating regulatory framework. 
RAY
SUAREZ: All kinds of industries would prefer self-regulation over legislative
regulation. But what do you do about the bad actors? If you were to
continue with a self-regulating model, how do you take those people
who go too far and sanction? 
MARC
ROTENBERG, Electronic Privacy Information Center: Well, I think the
proposals, Ray, are fairly modest, actually. They seem to track what
the industry has said that they are currently doing, those four principles
actually mirror the principles that Miss Varney's group and other industries
self-regulatory organizations say that they're currently following.
So I guess one question you can ask at the outset is if these four principles
are already being adopted by industry organizations, why they're not
prepared to see them backed up in law? But I think a second point that
really needs to be made at the outset here is that the privacy problems
on the Internet are getting more severe over time, which is to say that
as we allow this experiment in self-regulation to go forward, the techniques
for capturing personal data through Web advertising, through Web bugs
and through cookies are accelerating rapidly. And there is a real risk,
I think, that if we don't put in place a legislative framework very
soon, we could quickly lose control of this problem. 
RAY
SUAREZ: Can you give us an example of the kind of personal data that
you're talking about, and the bad uses to which it can be put? 
RAY
SUAREZ: Are stories coming back to FTC regulators, back to your office
are the kinds of experiences that people are having that lead you to
have this concern that you want a legislative remedy for?
some
bad actors here. We're talking about some unprincipled people. If you
go to them and say shape up, we have a self-regulatory rule and we want
you to abide by it, they're making a lot of money, putting together
a profile that - the books you read, the music you listen to, the drugs
you buy, the cosmetics you buy, the tours you take - and they say I'm
- that's very nice about your self-regulation but I think I'm going
to sell this information and make the profit that I'm already making.
I think self-regulation itself would be more effective if there were
a law that they could point to and back themselves up, and the most
successful self-regulation programs I'm aware of, they all work in exactly
that way.
CHRISTINE
VARNEY: Well, I think there has been a lot of concern about what's potentially
possible. And I think that both Marc and the chairman would agree that
the actual practices today are not where they could be and may be in
the future. The question is: What kind of law and combination of law
and best practices is going to restrain them and give consumers a meaningful
choice. If there is a company that is doing what the chairman just described,
I'd like to know their name because I'd like to go talk to them and
see if we can't get them to behave in a better way, but I really think
that what you've got to be careful about here is what Americans care
deeply about is the abuse and misuse of their personal and financial
information, their personal health and medical information, including
the purchasing of drugs, and the information about their children, those
issues have been dealt with. Do most Americans care if a company is
trying to serve them up an Internet page that they think is going to
be reflective of their interests when none of that data is there? Not
really. Not if they know that it's happening, if they have complete
choice that's easy. And on the point that - you know - many of these
privacy policies are ten pages long and written by lawyers, well, I
think the industry would be happy to sit down with the government and
say, okay, you want to make 'em easier, let's make them easier, but
let's get your guarantee that you're not going to prosecute us for not
having full disclosure, because it takes ten pages to do full disclosure.
MARC
ROTENBERG: Well, first of all, I disagree with Christine's characterization
of the current legal protections for financial information and for medical
information. I think most people look at those laws and regulations
agree that this is very weak stuff. Even the President, himself, has
committed to introducing stronger privacy legislation to protect consumer
financial records, so I would hardly call that adequate protection.
But I think more generally if you want to talk about the views of Americans
on this issue, I think their views are quite clear that they believe
they're entitled to some legal rights when they go on the Internet.
They don't understand, for example, why it is if they go to a Web site
and give some information for one purpose, there's a product shift or
loan approved or for some other reason, that information is going to
be sold to a third party for some other purpose. Much of privacy protection
is really common sense. It's about building trust and confidence in
relations between consumers and businesses, and I think the chairman
again has made a point well. We're operating in an environment right
now on the Internet where that trust and confidence is not in place,
because we don't have those baseline privacy standards.
RAY
SUAREZ: Let me come back - because he makes an interesting point. Why
not just shift the balance of power and even things out a little bit?
Yeah, you can have this information but just tell me you're taking it
- you can have it but just ask me if you can have it.
ROBERT
PITOFSKY: Let me just say after five years it's not an overwhelming
percentage. Notice and choice for the best companies is 60%. For all
companies is 40%. Look, we need modest, sensible legislation to make
self- regulation work. And that's what our report says. I don't think
we should go wild. I don't think we should burden the Internet. But
you put it very well. I don't mind you collecting this information,
but if you're going to collect it and sell it to a third party that
I don't know and I've never heard of, I want a chance to say leave me
out.