Internet Privacy Gets Big Push in US and in EU

There were two developments in the battle over Internet privacy this week that hit the news, but are likely to be over-shadowed because of the on-going crisis in Japan (that Spectrum is covering extensively).

The first happened Wednesday, when the Obama Administration announced before the U.S. Senate Committee on Commerce, Science, and Transportation that it was going to back the creation of a new "Consumer Privacy Bill of Rights" to be overseen by the Federal Trade Commission (FTC), Time magazine reported.

Lawrence Strickling, Assistant Secretary of Commerce for Communications and Information, National Telecommunications and Information Administration, U.S. Department of Commerce was quoted at the hearing as saying:

"In the digital era, privacy is no longer about being ‘let alone.’ Privacy is about knowing what data is being collected and what is happening to it, having choices about how it is collected and used, and being confident that it is secure."

The Administration now wants the US Congress to pass legislation that incorporates, among other things, a consumer Internet "Do Not Track" proposal as described within the FTC's December 2010 preliminary report titled, "A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers." The press release for the FTC report is here, while the full report in PDF can be found here. 

Both Mozilla and Microsoft are incorporating Do Not Track features in their new browser coming out very shortly. Google already has a Do Not Track extension for Chrome available, but I am not totally sure of what Apple's Safari does. Maybe an Apple user can fill in the gap.

Assistant Strickling's full statement before the Senate Commerce Committee can be read in PDF here.

Not everyone is happy with the idea, however. When the idea was first proposed last year, some called it the end of the "Internet as we know it."

More recently, the Competitive Enterprise Institute, which bills itself as a "non-profit public policy organization dedicated to advancing the principles of limited government, free enterprise, and individual liberty," views any such legislation as a risk "... undermining targeted advertising, impeding business transactions that occur between strangers, and stifling mobile ecosystems that are barely out of the cradle."

The CEI believes that competition will (eventually) foster more effective consumer privacy than government regulation ever will.

The European Union certainly doesn't believe that. According to this story yesterday in the London Guardian, the EU likely before the end of the year enshrine a person's "right to be forgotten online." I blogged about this proposed "right" last November which Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, was strongly advocating for then.

The Guardian says that Commissioner Reding is now planning to introduce proposals before summer "... to make high standards of data privacy the default setting [at social media and other web sites] and give control over data back to the user." The paper quotes her as saying:

"I want to explicitly clarify that people shall have the right - and not only the possibility - to withdraw their consent to data processing... The burden of proof should be on data controllers - those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary."

The Guardian says the proposals will also allow national privacy organizations "to investigate and launch legal proceedings against companies with services that target EU consumers."

How workable this idea is in practice remains to be seen. Many Risk Factor readers voiced their doubts last November, and I suspect those same doubts remain today.