What is the “Larger Debate?”

Consumers and businesses feel helpless and violated—by telemarketing calls, a flood of unsolicited e-mail (especially from Nigerian generals and pornographers), and the risk of a credit record ruined by identity theft. While junk mail and fraud have been nagging problems since the advent of computers and credit cards, the scope, speed, and visibility of the Internet is focusing Congress on finding legislative solutions. On the other hand, businesses want Congress to consider only narrow legislation, support market-based solutions, and avoid the unintended consequences of laws that fail to address the actual problem.

It’s not about where your personal data was collected—it’s all about how it’s being used.

The online privacy debate initially focused on information collection practices, even though more consumer data is collected in offline channels such as credit cards and mail order catalogs. In fact, 97% of transactions where consumer information is shared are done face-to-face, via telephone, or by mail order, in an “offline” setting.1 Today, we’re more concerned about marketers who abuse our e-mail in-box with false senders and subjects, disregard our UNSUBSCRIBE requests, or sell or deal in our personal information without consent or knowledge.

Buyers are wary, so “Business, Beware”

Online consumers vote with their wallets by patronizing websites that explain their privacy practices, respect users’ information sharing preferences, and protect data from hackers. E-mail users desert e-mail providers who can’t stop egregious spammers, and many providers now compete for customers by boasting of better spam suppression skills.

Enforce the laws we already have

Every business—on- or off- line—has to keep its promises to customers and keep customers’ information secure. Any marketer who lies about the origin or subject of an e-mail violates federal and state consumer protection laws and should be prosecuted aggressively. While Congress has not enacted broad privacy legislation, most major businesses are already covered by industry-specific privacy laws such as GLB and HIPAA. Kmart, for example, is covered by medical privacy regulations because its stores have pharmacies. Finally, a patchwork of state laws has failed to solve spam problems, while raising the cost of interstate commerce.

A new debate: Security vs. Privacy

Since 9/11, we’ve heard a new debate about the balance between security and privacy. Specifically, civil rights groups complain of no judicial review of subpoenas, companies can’t talk about what they’ve been asked to disclose. Much proposed privacy legislation attempts to protect consumers from decisions they can make for themselves, as they decide where and whether to provide personal information in exchange for content and services. It is more appropriate to focus on protecting consumers from decisions they can’t make for themselves, such as whether governments share information when we have given no consent.

Policy Recommendations for Privacy and Spam.

Based upon surveys, independent studies, and advice from our member companies, ACT advocates several principles for any legislative efforts to protect consumer privacy:

  • Enforce existing consumer protection laws before concluding that new laws are needed.
  • Prevent a patchwork of state laws that would impair interstate commerce.
  • Focus on the use of personal information, instead of how the information was collected.
  • Don’t create new private rights of action, which penalize the deepest pockets instead of the most serious offenders.
  • Don’t create a rigid prescription for managing privacy preferences. Rather, allow flexibility that accommodates technology innovation and changing consumer demands.

1Misener, P., Vice President, Global Public Policy at Amazon “Parity In Consumer Information Collection”