The House Judiciary Subcommittee on Intellectual Property, Competition, and the Internet recently held a hearing entitled “New Technologies and Innovations in the Mobile and Online Space, and the Implications for Public Policy.” Much of the discussion focused on the relative merits of self-regulation versus the enactment of comprehensive federal privacy legislation. (Separately, the Senate Commerce Committee has announced that it will hold a hearing on the adequacy of self-regulation in protecting consumer privacy on June 28.)
In his opening remarks, Rep. Melvin Watt (D-NC) discussed the need for “baseline progressive legislation that will provide certainty to both consumers and companies, and promote a healthy online economy.” Rep. Watt appeared to support the White House framework of enacting comprehensive federal privacy legislation that would be complemented by industry codes of conduct. Emphasizing the importance of legislation, Watt surmised that, “without a baseline set of principles with the force of law, privacy policies may be used by larger players in an anti-competitive manner to drive smaller players from the market.”
Three of the hearing’s witnesses–Scott Shipman of eBay, Morgan Reed of the Association for Competitive Technology (ACT), and Professor James Grimmelmann of New York Law School–also expressed support for some type of federal privacy guidelines. Shipman noted that “eBay has long supported a federal omnibus privacy bill” in order to “provide certainty,” and Reed said that ACT has supported “the NTIA effort” to develop industry codes of conduct. However, Reed cautioned that an overly prescriptive “top-down,” government-driven approach risked stifling innovation, arguing that the specific details of privacy policies should be determined by technologists.
Chris Babel, the CEO of TRUSTe, testified in favor of self-regulatory regimes, emphasizing their ability to provide “a flexible privacy protection framework that can quickly adapt to these rapidly changing technologies.” Babel also argued that companies in self-regulatory regimes have “strong incentives” to comply, and testified that self-regulation–complemented by FTC enforcement–was preferable to federal legislation. Several subcommittee members were skeptical of relying solely on self-regulation. Rep. John Conyers Jr. (D-MI) noted that “there is a certain element here of let’s all trust everybody to do the right thing,” while Rep. Tom Marino (R-PA) suggested that the “fox [would be] setting rules and regulations for the henhouse.”
On a few occasions, members of the subcommittee addressed the FTC’s capacity to enforce online and mobile privacy under the current regulatory regime. For example, Rep. Conyers cited the Commission’s persistent underfunding and suggested that it should be given direct enforcement authority. Currently, the FTC cannot impose fines under the FTC Act, forcing it to rely on another statutory “hook” — such as the Fair Credit Reporting Act or its authority to enter fines to enforce consent decrees — in order to impose monetary damages. However, Rep. Jason Chaffetz (R-UT) expressed skepticism over whether the FTC was the “right organization” to be enforcing privacy, and suggested that one benefit of legislation would be to grant consumers the ability to enforce their privacy rights in Article III courts.