By Heather Green The maneuvering has started over the Online Privacy Protection Act, a bill designed to give consumers more control over the use of personal information. Backed by Senator Ernest Hollings (D-S.C.), the measure would require that online businesses obtain Web surfers' permission before collecting or disclosing data like ethnic background, medical and financial histories, and other material.
If the hard time the bill encountered simply making it out of the Senate committee is any indication, expect more problems ahead. A vote to send it to the full Senate was eventually carried but only after delays and compromises.
LOTT'S ROADBLOCK. Legislation typically goes through a markup session in the committee in which it's introduced. When the changes have been made, the committee then votes to send the bill to Senate for consideration. After last week's markup session for Hollings' bill, however, Senator Trent Lott's (R-Miss.) procedural maneuverings temporarily prevented it from being voted on. Lott essentially shut down the meeting by evoking a rule that bars committees from deliberating for more than two hours after the Senate's daily session begins. The bill's supporters finally prevailed, but not until the early morning of the following day.
So what got Lott all hot and bothered? Two specific issues:
The first was a provision giving consumers the right to sue over privacy violations. To meet that concern, the bill's supporters lowered the maximum amount a plaintiff could win from $5,000 to $500.
The second issue, how to justify setting higher privacy standards for online outfits than offline ones, is more fundamental. Existing privacy laws covering consumers' medical and financial information require that bricks-and-mortar outfits give customers the ability to "opt out" by forbidding the collection, sharing, and selling of information about them. The Hollings bill would reverse that by imposing a more stringent "opt in" standard -- one that would require that online outfits obtain permission before a consumer's personal data is collected or shared.
BURIED IN LEGALESE. For business, the difference between the two approaches is very worrying. Opt-out standards give companies a lot more leeway to pull the wool over consumers' eyes. Last year, for example, financial companies were legally required to inform consumers that a new law gave them the right to opt out of having their personal information shared.
Boy, did the credit-card companies and banks finesse that transition! They buried the opt-out notices within masses of legal jargon at the bottom of monthly mailings. The result was that many consumers had no idea that opt-out was available.
If the Hollings bill should pass and people begin to see the wonders of opt in, it's very likely many would demand similar treatment from offline outfits. Because they require affirmative assent, opt-in standards stand to make consumers much more aware of both their rights and the ways businesses have made money by using their information. Companies rely on consumers being unaware, or just too lazy, to remove themselves from telemarketing and magazine lists, or to find out where their bank has been selling the information. The last thing information-sellers want is an obligation to ask permission.
SPEAKING OUT. It's a pity, but Corporate America probably doesn't have much to worry about. The forces are already aligning to beat back Hollings' bill. Financial firms and high-tech companies either directly affected by the online privacy bill or by the possible spillover effect on traditional uses of data have made it very clear they have no intention of letting this thing get far. Industry associations including the Financial Services Coordinating Council, the Software Industry Association of America, and the Computer & Communications Industry Assn. have spoken out against the bill.
In an attempt to take some wind out of the opposition's sails, supporters of the Online Privacy Protection Act had been careful not to include amendments that would impose the more stringent online standards on offline companies. They rejected an amendment introduced by Senator John McCain (R-Ariz.) to extend the bill to cover traditional companies, arguing that there are very basic differences in how information is collected and used online.
Instead, the bill's supporters adopted a compromise that will likely stall debate on the issue: It directs the Federal Trade Commission to look into coming up with rules for the privacy of offline information.
RETHINKING STANDARDS. Judging from these early tactics, the Hollings bill's path is going to be very rocky. Still, online privacy continues to pop up in consumer surveys as a major concern. Here's one area where the Internet has had a dramatic impact. For years, consumers accepted the steady erosion of privacy. But the novelty of the Internet forced them to rethink just how widespread that erosion is -- and the course it's likely to take in the future.
Mucha as the bill's opponents try to fight it, the online privacy debate's spillover effect is already being felt. Green covers the Internet for BusinessWeek from New York