By Ryan Mowery

In a hearing held by the Senate Commerce Committee last Thursday, a representative from the advertising industry vigorously defended its self-regulatory regime for online behavioral advertising.  Other witnesses were less sanguine about the efficacy of self-regulation, while Committee Chairman Sen. John D. Rockefeller (D-WV) decried the current state of consumer privacy protection in the U.S. and urged adoption of “Do Not Track” legislation. 

In Thursday’s hearing, Bob Liodice, President and CEO of the Association of National Advertisers, spoke about the success of the industry’s Self-Regulatory Program developed by the Digital Advertising Alliance (“DAA”).  Under that program, consumers are given a choice to opt-out of the use of certain data about their online activities.  Liodice noted that more than one million consumers have already opted out.  “We have built and implemented a system that is operating and is effective,” said Liodice, adding that the DAA’s Self-Regulatory Program is “backed by robust enforcement mechanisms” and has “evolved appropriately with the encouragement of the FTC.”  Liodice stressed that “the Internet operates [by] collecting data,” and noted that imposing undue limits on companies’ collection could have unintended consequences, including the reduction of free web content and services and even interference with law enforcement efforts.

Mozilla’s Global Privacy and Policy Leader Alex Fowler expressed concern over the advertising industry’s self-regulatory program, saying that it is “unclear” whether self-regulation by itself is enough.  While pointing out that the DAA’s program is an important effort, Fowler stated that most users still don’t understand what the program’s icons mean. He also testified that even using the ad industry’s own data, fewer than .04% of consumers opt out through the DAA program.  Fowler stated that self-regulation can only work with input from those outside the advertising industry.

Also testifying Thursday were Peter Swire, a law professor at Ohio State University, and Berin Szoka, the president of TechFreedom, a technology policy think tank.  Both expressed concern about the sufficiency of self-regulation.  Swire observed that U.S. companies may be at a competitive disadvantage in international markets in the absence of Internet privacy legislation.  Swire also noted that while the advertising industry may increase its self-regulatory activities when Congress, the FTC, and the White House are paying attention, there is no guarantee that that same level of vigilance will remain in the future. Szoka agreed that “self-regulation is not enough,” proposing instead that the FTC take the lead in policing privacy online, beginning with a stronger statement of enforcement guidelines in consent decrees and advisory opinions.

Senator Rockefeller vigorously disagreed with Szoka’s suggestion that effective privacy enforcement could take place under the FTC’s existing authority.  Rockefeller expressed support for Do Not Track legislation, comparing consumer privacy to child hunger in terms of the necessity of government intervention.  (Rockefeller previously has introduced a Do Not Track bill.)  He expressed particular concern about online data collection and tracking of children. “Until consumers are adequately protected,” Rockefeller said, “I will continue to push for legislation and hold hearings to address this imbalance.”  Other committee members appeared less convinced about the need for Do Not Track legislation. “We must proceed cautiously and carefully before diving into any legislation,” said Sen. Kelly Ayote (R-NH). “Legislation could be outdated before the ink dries.”