House CIP Subcommittee Holds Hearing on Online Privacy

(May 18, 2000) The House Courts and Intellectual Property Subcommittee held a hearing on online privacy on May 18. Administration officials offered no new recommendations for legislation.

Jodie Bernstein, Director of the Federal Trade Commission's Bureau of Consumer Protection testified about the FTC's prior studies of online privacy, and its implementation of the Children's Online Privacy Protection Act (COPPA). However, she declined several times to respond to questions about the FTC's forthcoming report and recommendation. She stated only that "a third report will be issued soon."

Andrew Pincus, General Counsel of the Commerce Department, testified that "Privacy has long been a fundamental value for Americans. And along with the great promise of the information age -- wider dissemination of information, and the tremendous engine that is providing for our economy, and the ability of individuals to use technology to protect their privacy -- comes the risk that privacy might be diminished. That is a matter of concern because of the high value that we place on individual's ability to protect their privacy. But also it is a threat to the future of this medium, because it is clear that if consumers don't have confidence that the Internet is a safe place to shop or to work or to play, they won't do that. And, this medium won't realize its potential."

Pincus reviewed the activities of the Department of Commerce in the area of privacy. He did not offer any new recommendations for legislation. However, he did reiterate the administration's support for legislation dealing with children's privacy (as embodied in the COOPA), financial privacy, and health privacy. With respect to online privacy generally, he restated the administration's position that the private sector should lead.

He added that "what is clear about privacy is that there is no one size fits all approach. Especially with the different business models that are developing in this dynamic economy. There are very different privacy concerns. And they really do warrant different solutions."

Rep. Rick Boucher (D-VA)

Rep. Rick Boucher (D-VA) promoted legislation that he is cosponsoring with Rep. Bob Goodlatte (R-VA). "I am just wondering if the time has come when we should have a baseline set of requirements that would apply to all web sites, including that ten percent that we might suspect that are going to be the worst actors. Now Mr. Goodlatte and I have introduced a bill that would do that. It is just a baseline set of guarantees. It would say that every web site that places cookies, and collects information, would have to have a posted on the site, of what information is collected, how that information is used."

"And then every visitor to the web site would have an opt out opportunity: in other words, an opportunity to depart the web site without any information being collected. Now, I have heard Mr. Pincus say that if we do something like that, that it might actually have the opposite effect of what we intend, because it might discourage companies from signing up with the seal programs, that contain those guarantees, and perhaps some additional ones."

"Let me tell you what my honest concern here is if you don't do something like this. I see this rising tide of public concern becoming so great that at some point the Congress is likely to respond in an even more aggressive manner, and actually pass legislation that really does begin to interfere with the effective functioning of electronic commerce. That is what I would add. And, I am concerned that if something like this baseline set of guarantees does not go into effect, reasonably soon, we are very likely to see that a harsher, and perhaps less well considered legislation in the category of overkill, will be enacted. That almost happened with respect to financial services last year. It very easily could happen in relation to collection practices."

Rep. Howard Coble (R-NC)

Rep. Howard Coble (R-NC), the Chairman of the Courts and Intellectual Property Subcommittee, asked questions of Pincus and Bernstein regarding intellectual property and privacy protection. He enquired: "Can you explain what happens when a web site deceptively misappropriates the trademark logo or brand of a seal provider? Let me ask you this. Does it occur often? And does the Bureau have a role in that situation, when it does occur? And what remedies are available to most consumers and the affected parties, a, and b, is current trademark law adequate do protect consumers who rely on seal providers in those deceptive cases?"

Andrew Pincus stated, "on the trademark side, to the extent that those seals have been registered as marks, and are being used without authorization on a site, I would think that those marks' holders would have trademark remedies against the people who are using their marks without authorization."

Jodie Bernstein stated that "the Commission does have its Section 5 authority, which if their is deceptive practices involved in the misuse of a trademark, of course, the Commission has authority to do that."

"We do not have extensive information at the present time that they are being deceptively used," added Bernstein. "The seal programs, of course, also have authority under the Lanham Act to take actions of their own to police that marketplace. And we understand that at least TRUSTe has reported to us that they have developed a software program so that they can monitor the use or misuse of the seals, and take action against those that are being used deceptively.

Rep. Coble also questioned Pincus and Bernstein about federal and state remedies, and federal preemption. He asked: "How do you see the relationship between the legal systems of the states, on the one hand, and the federal government, on the other, shaping the Internet privacy for consumers and the growth of the Internet? And, if the Congress chooses more regulation, should state preemption be considered in some areas?"

Pincus responded that "generally, we have taken the view that state laws, to the extent they comply, provide good backup, especially if they are being used, as I, just from press reports, to address claims of unfair and deceptive practices in terms of companies saying that they are doing one thing and not doing another. I think historically those, with respect to unfair and deceptive practices, we have relied on a two tiered system to provide an effective network of remedies. And so I think that that will continue to be the case here. And generally, we have seen the states as a supplement to whatever exists on the federal level."

Bernstein responded, "We at the Commission have worked very effectively, I think, with the states, in various consumer protection areas."

Rep. Howard Berman (D-CA)

Rep. Howard Berman (D-CA) asked Andrew Pincus: "In your testimony you differentiated between the need for legislation in certain areas -- financial, health, and children's information -- and support for self-regulation in general. And, I assume, at that point, this administration, at least in your eyes, does not, at this point, want to, suggest a proposal that would, eliminate the time for the industry to demonstrate that self-regulation can adequately protect the less sensitive personal information of adult web surfers?"

Pincus responded: "Yes, Congressman. We are not ready to do that yet. Of course, we have not seen the FTC's surf results, or their recommendation. I think, for us, there are two separate issues in this area of online. One is, what is the model that you are going to use? How will -- and we think that the private sector has come up with a good model in the seal programs. And then, there is the, sort of, next question, which is, OK, you have a good model out there. How do we be sure that it becomes ubiquitous? What do you do with the bad actors, and the free riders to get them under the tent? And I think what we have said, is, what Secretary Daley has said on a number of occasions in the last several months, is that we are concerned that the progress in getting people into good privacy programs, good seal programs, has not been moving as quickly as we would like. Although, there has been good progress."

Pincus continued. "How do you create a mechanism that provides the benefits, keeps the benefits, of self regulation, keeps the benefits of the seal program, which we think are tremendous, but provide carrots or sticks, or both, to get them to become ubiquitous? And we think designing that, even if one makes the leap say that legislation is necessary, will be a difficult task."

Paula Bruening, the Director of Compliance and Policy for TRUSTe, testified regarding TRUSTe's privacy seal program. The subcommittee also heard from Marc Szafran, General Counsel of the Entertainment Software Rating Board (ESRB), which launched a privacy seal program last June.

Other witnesses included Deirdre Mulligan (Center for Democracy and Technology), Jonathan Zuck (Association for Competive Technology), and Joel Reidenberg (Fordham University)

The members of the subcommittee who participated in the hearing included Howard Coble (R-NC), Howard Berman (D-CA), Rick Boucher (D-VA), Ted Pease (R-IN), Mary Bono (R-CA), and James Sensenbrenner (R-WI).