WASHINGTON— It’s time for a do-not-track law to protect consumer privacy online, Federal Trade Commissioner Julie Brill told a Senate committee Wednesday, but she said data security may not need federal regulation.
The Senate Commerce Committee debated consumer privacy and data security in the online world, focusing on two bills from Committee Chairman John Rockefeller, D-W.Va., that would require companies to quickly notify consumers of any breach in online security and that would create a one-step process for consumers to tell all online companies to stop tracking their information.
“I don’t think this is too much to ask of companies that are making millions, if not billions, of dollars off consumers’ personal information,” Rockefeller said in his opening remarks.
Rockefeller also said companies must inform consumers about possible data breaches as quickly as possible.
The committee also considered a bill from Sens. John McCain, R-Ariz., and John Kerry, D-Mass., that would create a commercial privacy bill of rights.
Brill testified that the industry might be able to regulate itself when it comes to data security, she does see a need for do-not-track legislation. Do-not-track web browsers do exist, but according to Rockefeller, the only company honoring that consumer request is The Associated Press.
“If a company promises to honor a consumer’s request, or an advertising network promises, then we can proceed fairly easily if they break that promise,” Brill explained. “But if a company does not make a promise to heed a consumer request, it’s more difficult.”
Tim Schaaff, president of Sony Network Entertainment International, acknowledged that consumers must be informed about any cyber attack that puts their information at risk in a “timely” manner, but urged the committee to give companies time to conduct an investigation.
“Ensure that consumers receive helpful information,” Schaaff said, citing the importance of knowing the extent of a breach before alerting the public.
Sony’s PlayStation Network was the target of cyber attack by the hacker group Anonymous in April, which compromised personal data from more than 100 million users.
“If nothing else, perhaps the frequency, audacity and harmfulness of these [cyber] attacks will help encourage Congress to enact new legislation to make the Internet a safer place for everyone,” Schaaff added.
Hewlett-Packard Co. Chief Privacy Officer Scott Taylor told the Committee HP supports the Privacy Bill of Rights proposed by Kerry and McCain, the concepts in Rockefeller’s do-not-track legislation and the principles behind Pryor’s data security legislation.
“We firmly believe it is time for the U.S. to establish comprehensive, flexible and legal framework for protecting consumer privacy,” Taylor said.
Sen. Patrick Toomey, R-Pa., was more skeptical of the need for online privacy legislation.
“In a world where millions of people voluntarily share very personal information on websites like Facebook and Twitter, I don’t know what consumer expectations are in regards to privacy,” Toomey said. “We need to thoroughly examine this issue so we don’t apply a solution in search of a problem.”