Privacy Deadline Looms As Fall Show Set to Open

The Federal Trade Commission will be listening to what comes out of the DMA's 81st Annual Conference & Exhibition in San Francisco next week, especially what H. Robert Wientzen, president/CEO of the DMA, says during his kick-off speech.

Since Wientzen told last year's attendees that the DMA would make adherence to its privacy guidelines a condition of membership by July 1999, the Web and children's privacy online have become red-hot topics. Though he wouldn't divulge specifics, Wientzen will certainly address those two issues in his keynote speech.

“The press has failed to draw the line between privacy issues on the Internet and privacy issues in the broader context,” Wientzen said. With Web use growing at light speed, it looks increasingly like the legislation-vs.-self-regulation debate may be decided long before the July deadline arrives.

“I think the [Internet] market is moving much faster than that,” said FTC commissioner Mozelle W. Thompson.

According to a Sept. 21 story in The New York Times, the FTC is ready to break ranks with the White House on its contention that business can regulate itself on Internet privacy. When asked about the article's accuracy, Thompson hedged.

“We are strong supporters of self-regulation, but it has to be meaningful and effective,” he said. “We stand by what we said in July [in testimony to the House Subcommittee on Telecommunications, Trade and Consumer Protection]. We want to see that progress is being made and [we will] wait until the end of the year for something meaningful to be implemented.”

Thompson reiterated the FTC's contention that industry self-regulation online faces two barriers: getting universal adherence to privacy protection policies and crafting an effective enforcement mechanism.

“We posed some questions [in July] and we're still waiting to hear from various industry groups as to what their self-regulatory proposals really mean,” he said.

The FTC demonstrated this summer that it is ready to pull the regulatory trigger if it deems the industry's self-policing efforts a failure. For example, in the wake of a March Net sweep that found just 14 percent of 1,400 Web sites published their information collection and use practices online, the FTC presented the House with a baseline legislative model it says would address consumer privacy online if self-regulation fails.

Under the proposal, all commercial Web sites that collect personal identifying information from or about consumers would be required to:

* Provide consumers notice of their information practices.

* Offer consumers choices as to how their information is used beyond the purpose for which the information was provided.

* Take reasonable steps to protect the security and integrity of personal information.

* Offer consumers reasonable access to their information and an opportunity to correct inaccuracies.

The DMA agrees with the first three principles, but contends that consumer access to a database should be consistent with the potential harm that could result from the marketer's misuse of the data.

In August, the FTC asserted jurisdiction on the Internet with its first online privacy enforcement case. In that case, the FTC reached a settlement with personal home-page site GeoCities ( after charging the company with publishing a misleading privacy policy.

Meanwhile, Wientzen said the Times' assertion that the FTC is ready to part company with the Clinton administration on self-regulation is nonsense.

“I can tell you, having talked just last week to highly placed FTC officials, that there is no change in the FTC's basic position that the self-regulation is appropriate in the area of information about adults from marketers,” he said. “They do have a concern about medical information and information dealing with marketing to children, but in the vast majority of instances [of data collection and use] that we deal with, the FTC believes that self-regulation is appropriate.”

At press time, the Children's Online Privacy Protection Act was scheduled for a mark-up meeting in the Senate Commerce Committee. The bill would require Web sites to get parental permission to collect information from children 12 and under.

Meanwhile, since the FTC's March Internet sweep, more than 70 percent of children's sites and more than 50 percent of shopping sites have implemented and published privacy policies, Wientzen said.

“That's still not good enough,” he said, “but the reality is that the private sector has made tremendous progress. In my conversation with the Federal Trade Commission, that point was made and acknowledged.”

As for the July deadline, Wientzen said, “I'd like to see us accelerate. I don't think it should take that long. It's one thing to say it. It's another thing to do it and put teeth in it.”

One critic called the FTC and DMA deadlines a “cat-and-mouse game” that should have ended long ago.

“It doesn't matter when the deadline is. It shows the unwillingness of many mailers to come up with even the simplest of solutions,” said Robert Ellis Smith, publisher of the monthly newsletter Privacy Journal, Providence, RI. “Certainly on the Internet [the implementation of a privacy policy] can be done tomorrow.”

Part of the problem is that direct marketers haven't made enough of an effort to understand the issue, Smith said.

“In many cases, they'll find out that what's expected of them is not as dire as a lot of mailers seem to think,” he said.

Related Posts