The Senate Commerce, Science and TransportationCommittee is scheduled to debate a new online privacybill proposed last week by Senator Ernest Hollings (D-South Carolina).
The bill would increase consumer privacy on the Web by forcing companies to obtain permission from individuals in order to collect and share information about them.
If passed, the Online Personal Privacy Act wouldbecome a standard for all e-businesses, supersedingindividual privacy policies and state regulations.
Worth the Cost
In addition to improving Web privacy, the bill also couldboost e-commerce, according to Forrester Researchanalyst Christopher Kelley.
“Privacy is the top issueholding back online consumers who don’t buy onlinefrom engaging in e-commerce. So, any move in thedirection of eliminating privacy concerns will help,”Kelley told the E-Commerce Times.
According to a study conducted by Forrester, US$15billion in e-commerce revenue was lost in 2001 because of consumer concerns about privacy.
“Whatever costs may be borne by the industry will besignificantly offset by the economic benefits to thecommercial Internet created by increased consumerconfidence occasioned by greater privacy protection,”the bill stated.
Types of Information
The legislation divides personal information into twocategories: sensitive and non-sensitive information.
Sensitive data includes a user’s Social Security number, health records, race, financial data, religious affiliation, sexualorientation and political party.
According to the bill, Web companies will have to use an opt-in model when obtaining user agreement to the collection and dissemination of sensitive information.
In doing so, each company will have to make sure it provides “clear and conspicuous notice to the user and obtains that user’s affirmative consent to the collection and disclosure or use of that information before the information is collected.”
Companies will have a bit more leeway withnon-sensitive information, such as the nature of aconsumer’s purchases. When dealing with that type of information,e-businesses will be required to let consumers opt outof data collection and sharing.
Setting a Standard
Most sites already tell consumers what they will dowith personal information, but they do so in privacy policies, which many consumers do not bother to read. In addition, privacy policies sometimes use hard-to-decipher terms that users do not really understand.
“The key to the bill ismaking that explicit, which I think is a good thing,”Kelley said.
“Companies are already much better at communicatingtheir privacy practices than they used to be, but thisbill would set baseline standards,” Privacy Foundationprimary investigator David Martin told the E-CommerceTimes.
According to the bill, a user’s consent or lack of consent will remain in effect until changed by thatuser, even if the company is acquired or files for bankruptcy. This is a key point because some bankrupte-tailers have made money by selling customerinformation, often against customers’ wishes.
Against the Bill
The bill does have its opponents, however. The U.S.Chamber of Commerce has issued a statement saying the billwould stifle online commerce and would do little to protectprivacy.
“We must not legislate privacy laws that are ineffective or hinder the growth of online commerce,” said Bruce Josten, Chamber executive vice president.
Josten further said the bill imposes “unnecessary andburdensome requirements on online commerce, opens aPandora’s box for class-action lawsuits, and does notattempt to address or harmonize any of the more than30 federal laws already in place that govern consumerprivacy.”
The Financial Services Coordinating Council, which isa coalition of the American Bankers Association, the American Council of Life Insurers, the American InsuranceAssociation and the Securities Industry Association, alsocame out against the bill.
“Financial institutions are already subject to themost comprehensive set of mandatory privacyprotections in the country,” said John Dugan, legal counsel to the FSCC.
“These protections apply equally to consumers in both the offline and onlinecontexts. It would be unnecessary, costly andconfusing for consumers to impose another layer ofconflicting privacy rules on financial institutions.”