Yesterday, two Subcommittees of the House Energy and Commerce Committee (Commerce, Manufacturing and Trade and Communications and Technology) held a joint hearing entitled “Internet Privacy:  The Views of the FTC, the FCC, and NTIA” that featured testimony from FCC Chairman Julius Genachowski, FTC Commissioner Edith Ramirez, and NTIA Assistant Secretary Lawrence Strickling.  Topics discussed included the need for privacy and data security legislation, the development of baseline governing principles, and current efforts by each agency to engage stakeholders on these issues.

Legislators from both Subcommittees recognized the economic and social value of the Internet throughout the hearing and emphasized that nearly every aspect of our daily lives now has an online component.  Despite its “incalculable value,” the Chairwoman of the Subcommittee on Commerce, Manufacturing and Trade, Rep. Mary Bono Mack (R-Cal.), characterized the Internet as a “work in progress” and expressed concerns shared by many Members of the two Subcommittees over the collection, use, sharing and protection of online data and the need to improve consumer education.  The witnesses generally shared these concerns, and although their testimony did not reflect a shift in policy at the FTC, FCC, or NTIA, the dialogue between the legislators and regulators did shed light on the current state of thinking about privacy regulation at the federal level.

The hearing focused primarily on the following issues:

  • Ensuring consumer trust and promoting transparency.  Many Members and the panelists expressed concerns that the failure to address privacy and data security could deal a crushing blow to the sustainability of e-commerce and become a barrier to the adoption of new consumer technologies.
  • Adopting a balanced approach to privacy and data security.  Members expressed their commitment to ensuring that legislative or regulatory actions protect consumers while also ensuring that investment, innovation, and job creation are not stifled.  The panelists, for example, fielded questions about whether their agencies had conducted market analyses or assessed the economic impact of increased regulation in this space.  Commission Ramirez, while not citing specific analyses, indicated that the FTC is considering this issue and that it may be addressed in a staff report on consumer privacy that will be released later this year.
  • Protecting children first.  Many Members argued that legislative efforts should focus on the growing consensus that children and teenagers face special privacy risks that must be addressed by passing a privacy bill of rights for children or updating current laws such as COPPA, which, it was suggested, does not address technological advances of the past decade.  Reps. Ed Markey and Joe Barton, co-sponsors of the Do Not Track Kids Act of 2011 (which we blogged about here), both made the case for enactment of their legislation.
  • Recognizing the importance of privacy and data security.  Both the current and former Chairmen of the House Energy and Commerce Committee, Rep. Fred Upton (R-Mich.) and Rep. Henry Waxman (D-Calif.) emphasized that protecting online consumer privacy is not a partisan issue.  This sentiment was echoed by other legislators including Markey and Barton, the co-chairs of the House Bipartisan Privacy Caucus.
  • Overlapping jurisdictional issues.  The agencies largely defended their regulatory roles in protecting online consumer privacy.  Ramirez and Genachowski each asserted that their respective agencies had  strong histories of enforcement and expertise that should not be displaced.  Genachowski particularly argued that the FCC has expertise in regulating communications networks and has jointly collaborated with the FTC.  When asked if the FCC has the authority to regulate the sale of data from Internet service providers to third parties, Genachowski responded that “legislative clarification [of the scope of FCC authority under the Communications Act] would be beneficial.”  This jurisdictional tension between the agencies could be a consideration as Members, such as Rep. Cliff Stearns (R-Fla.), emphasized the need for a central regulatory actor.
  • Actual harm to consumers.  Members asked the panelists to identify and quantify the harm caused to consumers by current online practices and whether this harm requires regulatory action.  Reps. Marsha Blackburn (R-Tenn.) and Gregg Harper (R-Miss.), for example, asked if legislation is needed to address solely a lack of transparency on the part of some companies or whether the agencies had performed market analysis or impact studies to show an actual harm to consumers.  In response, Ramirez pointed to an example in her written testimony of how students are targeted and noted the use of online data by insurance companies to identify health risks.  These concerns from Members could signal a lack of willpower to support legislation absent evidence that consumers are actually harmed by certain privacy practices.
  • Self-regulation and enforcement.  All three panelists recognized industry efforts to improve privacy protection and emphasized that self-regulation is necessary even as some Members argued that self-regulation is failing.  Strickling, for example, renewed the Obama Administration’s call to enact legislation establishing baseline consumer protections that would serve as a “consumer privacy bill of rights” with voluntary codes of conduct and sector-specific standards.  Ramirez noted the importance of enforcement in the context of self-regulation and that the FTC would like to play a role in ensuring such accountability, but she also noted that the FTC had not taken a position on whether legislation is necessary.  Although the efficacy of self-regulation was widely acknowledged, Rep. Harper noted that self-regulation could be a barrier to market entry, particularly for small businesses, and expressed concern over how regulations would account for this.

The hearing was the first in a series of anticipated hearings within the Energy and Commerce Committee aimed at examining how information is collected, protected, and utilized in the online ecosystem–and whether increased regulation is needed in this space.  Inside Privacy will keep you up to date on these as they happen.