While few expect Congress to pass broad privacy legislation, privacy will still get a lot of attention in 2012, starting with the release in the coming weeks of two highly anticipated federal reports providing guidance on protecting consumer privacy online.
Both the Commerce Department and the Federal Trade Commission are set to release separate final reports with recommendations on how to improve online privacy.
Commerce, which could release its final report the last week of January, will outline the Obama administration’s policy on the issue. Since issuing its draft report in December 2010, the administration has called on Congress to pass legislation that would provide consumers with privacy protections based on the Fair Information Practice Principles embraced by many countries. These include providing consumers with notice about the information being collected about them, choice, access to the information, and security to ensure the data is protected.
In its draft staff report, also released in December 2010, the FTC did not call on Congress to pass privacy legislation but it did come out in support of a system that would give consumers a choice on whether they want to be tracked online. During a briefing on Thursday sponsored by Microsoft, Maneesha Mithal with the FTC’ s Bureau of Consumer Protection said the commission is aiming to release its final privacy report in the coming weeks. She and other FTC officials, however, have so far declined to provide many details of the report.
During a separate event on Thursday focused on privacy issues that may emerge this year, Jules Polonetsky, director of the Future of Privacy Forum, said he expects the FTC will likely come out in support of an industry self-regulatory program that allows consumers to click on an icon and opt out of receiving ads based on information collected by tracking their online habits. In its draft staff report, the FTC said that efforts by industry to regulate themselves on privacy had been inadequate.
The Commerce Department report could come out days before the European Commission releases its proposed changes to its privacy directive, which could affect U.S. companies that do business in Europe or operate websites used by Europeans. The commission is expected to call for making the directive a regulation to be imposed on its member states.
In addition, the commission is expected to call for increasing fines, requiring express consent from consumers before collecting information about them, and expanding the scope of the privacy law to include websites targeting EU citizens and not just those companies with European operations. “It’s evident it's taking a rather heavy-handed strict regulatory approach,” said Omer Tene, a senior fellow with the Future of Privacy Forum and a visiting fellow at the Berkeley Center for Law and Technology.
Because the United States does not have a broad privacy law, U.S. companies have managed to comply with the EU privacy directive through a safe-harbor agreement with the European Union. But Future of Privacy Forum Cochairman Christopher Wolf said the EU may reevaluate that agreement in light of the proposed changes to its privacy directive. Some privacy advocates have argued that the EU’s changes may ultimately force the United States to bolster its privacy protections.
Despite this, Wolf and others say it’s unlikely Congress will pass privacy legislation this year. And while committees in both chambers held several hearings last year, Wolf said lawmakers will use their oversight authority to hold more hearings this year on various privacy issues, which can prompt voluntary action by companies.
“In an election year in what can charitably be called a dysfunctional Congress, the odds are against any privacy legislation becoming law in 2012,” Wolf said.