Senate Set To Debate Online Privacy Bill

The Senate Commerce, Science and Transportation Committee is scheduled to debate a new online privacy bill proposed last week by Senator Ernest Hollings (D-South Carolina).

The bill would increase consumer privacy on the Web by forcing companies to obtain permission from individuals in order to collect and share information about them.

If passed, the Online Personal Privacy Act would become a standard for all e-businesses, superseding individual privacy policies and state regulations.

Worth the Cost

In addition to improving Web privacy, the bill also could boost e-commerce, according to Forrester Research analyst Christopher Kelley.

"Privacy is the top issue holding back online consumers who don't buy online from engaging in e-commerce. So, any move in the direction of eliminating privacy concerns will help," Kelley told the E-Commerce Times.

According to a study conducted by Forrester, US$15 billion in e-commerce revenue was lost in 2001 because of consumer concerns about privacy.

"Whatever costs may be borne by the industry will be significantly offset by the economic benefits to the commercial Internet created by increased consumer confidence occasioned by greater privacy protection," the bill stated.

Types of Information

The legislation divides personal information into two categories: sensitive and non-sensitive information.

Sensitive data includes a user's Social Security number, health records, race, financial data, religious affiliation, sexual orientation and political party.

According to the bill, Web companies will have to use an opt-in model when obtaining user agreement to the collection and dissemination of sensitive information.

In doing so, each company will have to make sure it provides "clear and conspicuous notice to the user and obtains that user's affirmative consent to the collection and disclosure or use of that information before the information is collected."

Companies will have a bit more leeway with non-sensitive information, such as the nature of a consumer's purchases. When dealing with that type of information, e-businesses will be required to let consumers opt out of data collection and sharing.

Setting a Standard

Most sites already tell consumers what they will do with personal information, but they do so in privacy policies, which many consumers do not bother to read. In addition, privacy policies sometimes use hard-to-decipher terms that users do not really understand.

"The key to the bill is making that explicit, which I think is a good thing," Kelley said.

"Companies are already much better at communicating their privacy practices than they used to be, but this bill would set baseline standards," Privacy Foundation primary investigator David Martin told the E-Commerce Times.

According to the bill, a user's consent or lack of consent will remain in effect until changed by that user, even if the company is acquired or files for bankruptcy. This is a key point because some bankrupt e-tailers have made money by selling customer information, often against customers' wishes.

Against the Bill

The bill does have its opponents, however. The U.S. Chamber of Commerce has issued a statement saying the bill would stifle online commerce and would do little to protect privacy.

"We must not legislate privacy laws that are ineffective or hinder the growth of online commerce," said Bruce Josten, Chamber executive vice president.

Josten further said the bill imposes "unnecessary and burdensome requirements on online commerce, opens a Pandora's box for class-action lawsuits, and does not attempt to address or harmonize any of the more than 30 federal laws already in place that govern consumer privacy."

The Financial Services Coordinating Council, which is a coalition of the American Bankers Association, the American Council of Life Insurers, the American Insurance Association and the Securities Industry Association, also came out against the bill.

"Financial institutions are already subject to the most comprehensive set of mandatory privacy protections in the country," said John Dugan, legal counsel to the FSCC.

"These protections apply equally to consumers in both the offline and online contexts. It would be unnecessary, costly and confusing for consumers to impose another layer of conflicting privacy rules on financial institutions."