Senior Director, Federal Consumer Program, PIRG
Senior Director, Federal Consumer Program, PIRG
Joint Letter to Congress Outlines Principles Privacy Legislation Must Include
WASHINGTON – Warning that “tracking and targeting of consumers online have reached alarming levels,” a coalition of 11 consumer and privacy advocacy organizations today sent a letter to Congress outlining the protections any online privacy legislation must include.
The coalition said that industry self-regulation has not provided meaningful consumer protection and stressed that legislation is needed.
“This tracking is an invasion of privacy… Consumers now rely on the Internet and other digital services for a wide variety of transactions,” the groups wrote. “These include sensitive activities, such as health and financial matters. In these contexts, tracking people’s every move online is not simply a matter of convenience or relevance. It presents serious risks to consumers’ privacy, security and dignity.”
Rep. Rick Boucher (D-VA) chairman of the House Energy and Commerce’s Subcommittee on Communications, Technology and the Internet, is expected to introduce online privacy legislation Tuesday. The coalition’s letter was sent to all members of the House of Representatives.
The consumer and privacy groups noted that for the past four decades the foundation of U.S. privacy policies has been based on Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. They called on Congress to apply those principles in passing legislation to protect consumers online.
“Consumers need rights, and profiling should have limits. Behavioral tracking and targeting can be used to take advantage of vulnerable individuals, or to unfairly discriminate against people,” the groups wrote. “The potential misuse of health or financial information is especially troubling. The assumptions that can be made about people based on behavioral tracking may have detrimental consequences for them. Online profiles may also be obtained by government agencies, private investigators, and others for purposes that go far beyond advertising.”
The groups outlined the following principles and goals for any meaningful legislation to protect consumers’ online privacy:
Principles for Shaping Legislation
• Robust Fair Information Practices are the key to legislation concerning online privacy.
• Notice and choice are inadequate to protect consumers.
• Transparency is not enough if consumers have no real understanding or control.
• Self-regulation for privacy will not protect consumers.
• Law enforcement access to personal data should require a warrant.
Specific Goals to Protect Consumers
• The privacy of individuals should be protected even if the information collected about them in behavioral tracking cannot be linked to their names, addresses, or other overt identifiers.
• As long as consumers can be distinguished based on IP addresses, cookies, or other characteristics, their privacy interests must be protected.
• The ability of websites and ad networks to collect or use behavioral data should be limited to 24 hours, after which affirmative consent (opt-in) should be required.
• Websites should not collect or use sensitive information for behavioral tracking or targeting. The FTC should be tasked with defining sensitive information, which must include data about health records, financial records, ethnicity, race, sexual orientation, personal relationships, and political activity.
• Personal data should be obtained only by lawful and fair means and, unless unlawful or impossible, with the knowledge or consent of the individual.
• Personal and behavioral data should be relevant to the purposes for which they are to be used.
• Websites should specify the purposes for which they collect both personal and behavioral data not later than the time of data collection. Websites should not disclose or use personal and behavioral data for purposes other than those specified in advance except: a) with the consent of the individual; or b) when required by law.
• Websites should be responsible for providing reasonable security safeguards for personal and behavioral data, including protection against unauthorized access, modification, disclosure and other risks.
• Websites should disclose their practices, uses, and policies for personal and behavioral data.
• An individual should have the right to: a) be told by a behavioral tracker whether the behavioral tracker has data relating to the individual; b) obtain a copy of the data within a reasonable time, at a reasonable charge, and in a form that is readily intelligible to a consumer; and c) correct the data or, if requested, have all the data removed from the behavior tracker’s database within a week.
About the members of the coalition:
Center for Digital Democracy: The Center for Digital Democracy (CDD) is dedicated to ensuring that the public interest is a fundamental part of the new digital communications landscape. URL: http://www.democraticmedia.org
Consumer Action: Consumer Action, founded in 1971, is a national non-profit education and advocacy organization committed to financial literacy and consumer protection. URL: http://www.consumer-action.org/
Consumer Federation of America: Since 1968, the Consumer Federation of America (CFA) has provided consumers a well-reasoned and articulate voice in decisions that affect their lives. URL: http://www.consumerfed.org
Consumers Union: Consumers Union is a nonprofit membership organization chartered in 1936 to provide consumers with information, education and counsel about goods, services, health, and personal finance. URL: http://www.consumersunion.org
Consumer Watchdog: Consumer Watchdog (formerly The Foundation for Taxpayer and Consumer Rights) is a consumer group that has been fighting corrupt corporations and crooked politicians since 1985. URL: http://www.consumerwatchdog.org
Electronic Frontier Foundation: When freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. URL: http://www.eff.org
Privacy Lives: Published by Melissa Ngo, the Website chronicles and analyzes attacks on privacy and various defenses against them to show that privacy lives on, despite the onslaught. URL: http://www.privacylives.com
Privacy Rights Clearinghouse: The Privacy Rights Clearinghouse is a consumer organization with a two-part mission: To raise consumer awareness about privacy and to advocate for privacy rights in policy proceedings. URL: http://www.privacyrights.org
Privacy Times: Since 1981, Privacy Times has provided its readers with accurate reporting, objective analysis and thoughtful insight into the events that shape the ongoing debate over privacy and Freedom of Information. URL: http://www.privacytimes.com
U.S. Public Interest Research Group: The federation of state Public Interest Research Groups (PIRGs) stands up to powerful special interests on behalf of the public, working to win concrete results for our health and our well-being. URL: http://www.uspirg.org
The World Privacy Forum: WPF is focused on conducting in-depth research, analysis, and consumer education in the area of privacy. Areas of focus include health care, technology, and the financial sector. URL: http://www.worldprivacyforum.org