Honorable Edolphus Towns, Ranking Member
Energy and Commerce Committee
Commerce, Trade and Consumer Protection Subcommittee
The Association for Competitive Technology (ACT) submits the following views on H.R. 4678. ACT represents over 3,000 information technology (IT) companies and professionals, all of whom care deeply about protecting privacy. We appreciate the Subcommittee’s interest and efforts to address the issue of protecting the privacy of personal information and we hope our past testimony on the Child Online Privacy Protection Act was helpful in the Subcommittee’s drafting process. We offer our comments to assist the Subcommittee in understanding the impact H.R. 4678 could have on an important sector of the IT industry.
H.R. 4678 is a vast improvement over other legislative approaches purporting to answer the question of how best to protect consumer privacy. The bill makes positive strides by rejecting the artificial distinction between data collected offline and online; by not creating a new private right of action; and, by preempting a patchwork of state privacy laws and addressing identity theft individually.
However, ACT feels there is little need for a sweeping privacy bill such as H.R. 4678. As you know, ACT has steadfastly and consistently opposed the need the for privacy legislation. ACT’s position is rooted in the following principles:
The IT industry recognizes that protecting personally identifiable information is important to its customers. Based on corporate practices, consumers will make their own decisions about which sites they surf and shop on based on their own privacy preferences.
Increased consumer education creates opportunities for IT firms to capitalize on “the business” of privacy and create new technologies and services directly targeted to securing a more private Internet experience
Laws and regulations would not be able to contemplate the many activities businesses are actively pursuing to gain consumer trust. Moreover, any regulatory scheme would not be able to respond to rapidly changing consumer demands the same way that businesses can.
H.R. 4678 does not appear to embrace these principles and will create burdensome compliance costs for small technology companies. The bill also does not acknowledge the effort of the private sector is currently taking to safeguard consumer’s privacy. In addition, it is inconsistent with reasoned approach set out by the Federal Trade Commission.
The FTC has further obviating the need for legislation by proving its ability to use current laws to protect privacy. For example, the FTC has recently completed its investigation of Microsoft’s Passport service. In fashioning a complaint and consent order, the FTC demonstrated the ability to identify, investigate and remedy an alleged privacy violation. While ACT disagrees with the severity of the remedy in light of the findings, we acknowledge the FTC’s effectiveness in working through a specific set of allegations.
In the end, a fully-funded FTC would be more effective in improving privacy than any new regulations. Therefore, ACT suggests that the Subcommittee pursue increasing the FTC’s funding for both privacy enforcement and education initiatives as the primary method for improving privacy protections nationwide. We already have the laws necessary to go after the privacy “bad apples,” but now we need to ensure that FTC has the funds to go after them and educate consumers what they can do to protect their own privacy.
Again, we appreciate the effort expended by the Subcommittee to grapple with the privacy problem. At the end of the day, ACT maintains consumer education and technological empowerment, coupled with robust enforcement will do more than broad legislation to ensure data that consumers expect to be private, stays private.
Cc: Members of the Subcommittee