Rep. Speier of California starts the ‘Do Not Track’ ball rolling
On Friday, Feb 9, 2011 Jackie Speier (D-CA) introduced H.R.654, a bill designed to take the next step forward in protecting consumers’ privacy on the internet. Several items caught my attention.
The first thing to know is that this is not a bill that produces law. It is a bill that encourages the FTC to take action within 18 months. There are no clear definitions of how any of the Do Not Track processes would work, just that they should be there and they should be enforced and that the FTC has a year and a half to figure it out.
The Good
The good thing about this bill is its intent. The bill proposes that the mechanism, however it evolves, provides for:
- Consumer’s choice to opt out on a vendor by vendor basis
- Government to take action if a company does not comply or honor its opt-out procedures
- Transparency so that consumers can easily understand what the procedures used by the company to collect data are, easily opt out and even request to see what information the company had on that consumer.
- Failure to comply results in a fine of $11,000 times the number of days found to be in violation up to $5,000,000
The Bad
There are several things that are disturbing about the bill. The first and most glaring is that any government agency is exempt from these provisions. In other words, the government can track everywhere you go and everything you do and does not fall under any of these restrictions. Additionally, the government gets to decide what is ‘tracking’ and what is ‘business as usual.’ If I were a marketing company, I’d be more than a little worried about this. Secondly, any company that collects data on less than 10,000 consumers per year is exempt. In other words, tracking and privacy invasion is legal as long as you don’t do it more than 10,000 times per year. Thirdly, and I don’t understand why, all information relating to your business and employment status is exempt. This one takes deeper thought…
Section 2-B-ii – “any information collected from or by and employee by an employer, prospective employer, or former employer that directly relates to the employee-employer relationship” is excluded from protection. Perhaps I am a cynic, but I read this to mean that the practice of collecting information about a person’s activities online can be used without consent in decisions regarding hiring and firing. I guess this puts an end to tweeting ones frustrations about the workplace.
The Ugly
Assuming that we work though the above mentioned anomalies, the resulting landscape is thus: hundreds of companies must provide clearer and more concise privacy policies, they must provide an opt-out mechanism and they must make a particular consumer’s information available for review. This is like looking out across a minefield and seeing where every mine is, but having to stop and read the label on every mine to determine what it’s potential for causing harm is and then deciding whether to turn it off or not. Most consumers will opt for turning off everything. It is simpler and faster.
Summary
The phrase “Do Not Track’ is being used across the press as it is snappy and creates a good sound bite. It also reminds people of the 2003 ‘Do Not Call’ initiative put forth by the FTC. But that analogy does this bill an injustice. I have been saying for months now that ‘Do No Call’ didn’t do nearly as much for consumer’s rights as ‘Caller ID’ did. This bill more closely parallels that technological gem – allowing consumers to opt out of each and every offender selectively – than it does ‘Do No Call’. While fraught with technical and logistical complications, this bill takes a giant leap forward in putting consumers back in control of their online privacy.
