The Federal Trade Commission last week gave industry failing grades on privacy self-regulation on the Internet and said it will recommend that Congress pass legislation requiring parental consent for the collection and use of personally identifiable data from children 12 and younger.
According to FTC chairman Robert Pitofsky, a March sweep of 1,400 Web sites revealed that 14 percent of Web sites made “even a passable attempt” at publishing their information collection and use practices online. “We were not hard graders,” he said.
Pitofsky called the results of the sweep “disappointing” in general and “particularly disturbing when it comes to children.”
According to the FTC, less than 10 percent of children's Web sites give parents control over data collection. Also, just 2 percent of the sites surveyed publish a comprehensive privacy policy. Pitofsky said the FTC will call on Congress to act promptly, adding that he was surprised by the low number of sites with published privacy policies.
“There were indications that it wasn't going to be good, but I didn't think 14 or 15 percent was where we were going to be,” he said.
Pitofsky cited McGraw-Hill, The New York Times, America Online and IBM as companies with adequate privacy statements on their Web sites but said they “are the exception rather than the rule.”
The FTC plans to release more recommendations concerning privacy protection online this summer and gave assurances that the agency still is committed to industry self-regulation overall.
“I still believe that the way to do this is not through heavy-handed government,” Pitofsky said. “Right now I would say that industry self-regulation simply has not worked, but I will not take the position that it can't work or will not work in the future.”
Connie Heatley, senior vice president of public relations for the Direct Marketing Association, called on industry leaders to act immediately on Internet privacy protection.
“The DMA theme is 'privacy protection now,' ” she said.
Heatley called the FTC report “a signal that privacy protection is going to be a ticket of admission to the Internet marketplace. We agree with the FTC's policy [concerning the collection of children's data]. We disagree with how to make it happen. We don't agree that legislation is needed.”
In an attempt to head off legislative backlash over the FTC report, earlier in the week, the DMA released results from an May online sweep of its own claiming that of the 100 most frequented children's Web sites, 70 percent have posted privacy statements regarding their information practices online, up from 34 percent in January.
“Businesses online are responding to the administration's call for action, and we urge the policymakers when they receive the FTC report to look at where the industry is today, not where it was three months ago, when the FTC did its Web scan,” said H. Robert Wientzen, DMA president and CEO.
According to the DMA, Wientzen has been personally contacting the top 100 sites that do not have privacy policies posted.
“There has been an aggressive effort under way by the DMA to educate businesses about the need to post their privacy policies online, and the privacy landscape is changing almost overnight,” he said.
Pitofsky countered, “Even if the numbers today are better than they were in March, they are still not good enough at this point to head off what I see as appropriate and desirable legislation.”
When asked about parental responsibility, Pitofsky said, “I don't want to diminish parental responsibility in this area, but parents can't be in control entirely. When you're talking about a transaction involving a marketer and a [child], there is a responsibility on the part of the marketer to involve the parent.”
