|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
The Auto Beat
Byte of the Apple
Europe Insight
Eye on Asia
Getting In
Investing Insights
The New Entrepreneur
NEXT: Innovation Tools & Trends
On Media
Technology at Work
The Tech Beat
Traveler's Check
TECHNOLOGY
Product Reviews
Tech Stats
Hands On
AUTOS
Home Page
Auto Reviews
Car Care & Safety
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip FINANCE Investing: Europe Annual Reports Bloomberg BW50 SCOREBOARDS Hot Growth Companies: 2008 Mutual Funds Info Tech 100 B-SCHOOLS Undergrad Programs Rankings & Profiles | |
MAY 9, 2002 PRIVACY MATTERS By Jane Black The Painful Path to a Privacy Law With business and privacy advocates still far apart on two crucial issues, don't expect any help from Congress this year
That's a pity. The lack of standards for collecting and sharing personal data looms large for businesses and consumers alike. Why, then, the lack of action? It has nothing to do with the aftershocks from September 11 or a packed legislative session, which ends Oct. 1. Instead, it's an overwhelming lack of consensus on two core issues known as "federal preemption" and "private right of action." Privacy advocates don't like federal preemption, which would give any new U.S. law precedence over sometimes-stronger state regulations. Business, on the other hand, doesn't like private right of action, the ability for individuals to sue or, worse, bring class actions against companies for what in this case would be unjust use of data. "These are deal-killers," says John Kamp, a Washington lawyer at Wiley, Rein & Fielding who represents businesses in privacy disputes. THE HOLLINGS APPROACH. Most experts agree the preemption issue will come to a head next year, since that aspect of the critical Fair Credit Reporting Act expires in 2003. If Congress doesn't take action before then, a storm of new state laws could stiffen the data-collection rules for banks, insurance agencies, and auto dealers. For them, a new federal privacy law extending the deadline could be a lifesaver. That has more than a few experts predicting that next year's legislation could look a lot like this year's Online Privacy Protection Act, a bill sponsored by Senator Ernest "Fritz" Hollings (D-S.C.). It has something for everyone, offering federal preemption, so privacy laws would be consistent across the country, and giving consumers a limited right to file suit against companies that abuse personal data collected online. Privacy advocates continue to lobby against federal preemption, and history is on their side. Of the major privacy regulations passed in the past decade -- including HIPPA, which regulates health data, and the Graham Leach Bliley Act, which regulates financial-services companies -- none allows federal preemption. "In the past, states enacted laws that go far beyond federal protection. Preemptive bills mean many Americans lose their rights," says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center (EPIC). LEGAL BURDENS. Business doesn't see it that way. "Inconsistency in the states would be a barrier of growth to the Internet," says Ronald Plesser, a partner at Washington law firm Piper Rudnick. "Federal preemption is an absolute must." Plesser has a point. As businesses go global, conforming to a patchwork of laws could become a serious financial and administrative burden. In recent weeks, 13 states have introduced or approved new privacy regulations that affect everything from selling consumer financial data to the ways Internet service providers (ISPs) collect and sell customer information. Add to that the difficulties Internet companies face in determining where their customers are physically, and what rules should apply? What law covers a resident of California using a computer in Tennessee? The gap over an individual's right to sue is even wider. Business says privacy should be regulated by the Federal Trade Commission (FTC), not trial lawyers looking to squeeze companies for alleged pain and suffering. Damage to someone's privacy, businesses say, is notoriously difficult to quantify: You may not like it when a company sells your data to one of its partner, but what sort of monetary damage results from a phone call at dinner or an extra catalog in the mail? "LESS CERTAINTY"? Even Hewlett-Packard, a company that has been a model for privacy activism, objects to private right to action. In testimony before the Senate Commerce Committee, Barbara Lawler, HP's chief privacy officer, said HP is "concerned that private right of action will create less certainty and clarity in the marketplace as each court will supply its own definition as to what constitutes 'actual harm'... Calibrating actual monetary loss from privacy violations will therefore be an art rather than a science." Attorney Kamp says businesses might accept a private right of action measure if it were limited to financial harm and "would look closely" at legislation that allowed individuals the right to sue but forbade class actions. These group suits are on the rise -- a consequence of the bursting of the Internet bubble. In the securities industry alone, class actions rose 60% in 2000. The companies that were sued lost more than $2 trillion in market capitalization, a 157% rise from 2000. Privacy advocates counter that without the threat of punishment, any privacy law will be toothless. Moreover, the FTC isn't well-funded enough or designed to enforce privacy comprehensively. So far, the commission has taken on only a handful of narrowly defined cases. "The FTC is shooting fish in a barrel," says EPIC's Hoofnagle. DRAWING CLOSER. On these contentious issues, the Hollings bill seems to be the least offensive to both sides. Unlike many other privacy laws, including the Telephone Consumer Protection Act and the Video Privacy Protection Act, Hollings' bill requires consumers to demonstrate harm, rather than just assert that the law has been broken. It also requires plaintiffs to sue in federal court, rather than small-claims court, which increases the cost for plaintiffs and would reduce the temptation to file frivolous suits. Of course, some changes to the Hollings approach are inevitable. Besides the two basic stumbling blocks of preemption and private suits, details about who the bill applies to -- only online companies or all businesses? -- still need to be negotiated. While no consensus has been reached, the two sides are converging. So even though the experts are betting that no major privacy law will pass until next year, "there will be a bill with something for everyone," says Robert Gellman, a Washington privacy expert and former general counsel to the House subcommittee on government information. The sooner the better.  Black covers technology issues for BusinessWeek Online in New York Edited by Beth Belton Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | MAY [an error occurred while processing this directive] |
 Copyright 2002, Bloomberg L.P.Terms of Use | Privacy Policy |
Printer-Friendly Version
