New Privacy Laws 'Premature' - FTC Chairman
By Brian Krebs, Newsbytes.com Staff Writer Thursday, October 4, 2001; 10:28 AM
Federal Trade Commission (FTC) Chairman Timothy Muris will not advocate any new laws to protect consumer privacy online, he said in an interview with Newsbytes this week, signaling a mainly pro-business approach to the issue within the Bush administration.
Muris told Newsbytes he would rather see stronger enforcement of several recently-passed privacy laws, including the Gramm-Leach-Bliley financial services act and legislation designed to shield young children from online marketers.
"I think at this time what we need is more law enforcement, not more laws," Muris said. "To pass another (privacy) law before we figure out how to make the laws we just passed work seems to me to be premature."
In order to make those laws work, Muris said he is prepared to increase the amount the agency spends on privacy enforcement by 50 percent. The FTC now has 36 people dedicated to handling privacy complaints. Muris said he would like to increase that number to just under 60.
The FTC chairman also said he is skeptical that the issue of online privacy can be tackled without simultaneously addressing the privacy practices of bricks-and-mortar companies.
"I'm concerned quite frankly with legislation that is limited to online privacy," Muris said. "I think increasingly online and offline information is merging, and any legislation considered ought to reflect that."
The former economist added that the agency simply doesn't "have a good idea about the cost-to-benefits" of privacy legislation.
However, Muris said he is prepared to "dramatically increase agency resources aimed at the bad actors, and at people who violate their own privacy policies."
Muris said the FTC would do what it takes to crack down on deceptive spam (unsolicited bulk e-mail), identity theft, telemaketers and companies that do not adequately protect the security of their customer data.
The FTC also plans to increase enforcement of the telemarketing sales rules by establishing a national "do-not-call" list that people could use to avoid the inevitable dinnertime sales calls. Currently, a consumer's only recourse is to ask the company not to call again, or to contact the Direct Marketing Association to opt out of further calls from DMA member companies.
The FTC chairman's stance on privacy could profoundly change the course of privacy legislation on Capitol Hill. Under Muris' predecessor, Robert Pitofsky, the agency became the center of a fairly coordinated campaign for privacy legislation, said Stewart Baker, a Washington, D.C. lawyer who consults with companies on technology policy matters.
"The FTC under Pitofsky often released studies at times that would be likely to move legislation forward. They also fined-tuned analysis of the results of studies to point toward the need for new privacy laws," Baker said. "It was all part of the drumbeat of enthusiasm for privacy legislation, but all of those things will now be gone with this new policy."
Baker said existing privacy laws aren't giving consumers what they want. The Gramm-Leach-Bliley financial services legislation of 1999, for example, gave consumers the right to opt out of having their financial information shared with third-party companies. While the opt-out notices banks mailed to consumers this summer costs millions of dollars to process, most were so complicated to read that consumers simply threw them away.
"If Muris goes after information abuses from spam and telemarketers, he may actually be getting at the crux of what people mean when they say they want more privacy protections," Baker said. "What most people really want is for companies not to misuse information they provide."
But Peter Swire, chief privacy officer for the Clinton administration, said he was struck by the continuity of Muris' message with the previous leadership at the FTC.
"Chairman Pitofsky found this a tough issue where he came to support legislation only gradually over a period of years," said Swire, who is set to introduce Muris at the chairman's first public speech on privacy at a conference in Cleveland today.
"It's possible that Chairman Muris over time will find that current legislation is not all that's needed," Swire said. "He's signaling now that enforcement needs to be greater, and that is consistent with the message sent by Pitofsky, Clinton and President Bush."
DMA President and CEO Bob Wientzen was less than pleased to hear about the FTC's plan to rein in direct marketers.
"I'm not so sure it's the province of the government to advertise against something that people have a right to participate in or not," Wientzen said, noting that action could threaten the jobs of some 5.7 million workers employed by the telemarketing industry.
"The federal government should not be saying that just because I bother somebody that it's against the law," he said.
Direct marketers aside, Muris' comments likely will be embraced by many in the business community that have said privacy legislation will come at a heavy price for companies – and ultimately consumers. One study released earlier this year estimated new privacy laws could cost U.S. businesses as much $30 billion.
Jonathan Zuck, president of the Association for Competitive Technology – the group that funded that study – said Muris clearly understands that when consumers talk about privacy, what they're most concerned about is the security of their personal information.
"Fighting ID theft and fraud will go a long way to increase consumer confidence, which was the basic cover fire that was given to privacy regulation all along," Zuck said.
Many privacy groups are pushing Congress and the FTC to advocate legislation requiring companies to post strong, readable privacy policies that offer consumers a chance to either "opt in" or "opt out" of data-sharing practices.
Ari Schwartz, a policy analyst with the Washington, D.C.-based Center for Democracy and Technology, said companies have virtually no incentive to post privacy policies, since only those companies that have them can be held accountable for violating them.
Yet even before Muris' speech, and before the Sept. 11 attacks that have busied lawmakers with anti-terrorism legislation, the push to enact even the most basic of more than four dozen privacy bills presently before Congress had begun to lose steam.
Sources say that Cliff Stearns, R-Fla., chairman of the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, is expected to use next week's GOP retreat as a chance to introduce his privacy bill. That legislation likely will require companies to post privacy notices and give consumers a chance to opt out of any data sharing.
Senate Commerce Committee Chairman Ernest "Fritz" Hollings, D-S.C., last year introduced legislation favoring a more stringent "opt-in" approach, but has not yet reintroduced the measure this year.
Sarah Andrews, research director for the Electronic Privacy Information Center, called Muris' renewed enforcement pledge "an encouraging development," but said she was surprised to hear that Muris would ask the FTC to reverse its recommendation for privacy legislation.
Still, she noted, Muris is not a lawmaker and his role is simply to enforce the laws before him.
"He has said privacy is going to be given much more focus at the FTC than before," Andrews said. "And if one day we manage to get new privacy laws, then at least we'll have the structure in place to enforce them."
Reported by Newsbytes.com, newsbytes.com. |
