CCIA: New online privacy laws needed

Ed Black, president and CEO of the Computer & Communications Industry Association, wrote this op-ed for our Congress Blog. He argues for a new framework of privacy laws to protect consumers' data online.

His op-ed:

Congress and the Federal Trade Commission are gathering information to consider rules to protect consumer privacy on-line from potential commercial abuse.  Efforts at reform are missing the mark if they don’t address the very real privacy concerns raised by government surveillance and other law enforcement demands for bulk data collection and access to information.

There is broad agreement that Internet users need to know what information is being collected about them and have privacy policy information delivered in ways they can easily understand.  Thus, businesses are focusing on crafting pro-consumer practices that are transparent and provide consumers with more meaningful choices. Internet sites know they are a click away from a customer leaving if they don’t like the privacy policy.  But privacy becomes a more critical issue where there is little competition and few choices, as we see with Internet Access Providers, or just one choice, as with government agency services on-line.

Current privacy laws have created an inconsistent patchwork of variations in protection that can be difficult for consumers and businesses to understand. As technology has continued to rapidly evolve, this leads to many unanswered questions about how the laws apply to emerging technologies such as cloud computing and advancements in mobile technology.

As regulators and legislators begin to respond to these emerging issues, they should remember that consumers want real protection for their personal data whether it is gathered and stored by a hospital, a bank, a website, or the government and whether it is stored electronically or in a paper file. The more power the holder has to misuse the data, the greater the need for safeguards.  Base-line privacy rules will be a start and those protections should apply to data gathered and used by both the public and private sectors.

As tech companies continue to develop best practices for consumer protection, their efforts can be undermined if the government tries to deputize companies to gather information on consumers.  It's tempting to yield to requests to filter Internet traffic to prohibit specific unsavory or criminal activities, such as inhibiting terrorism and child pornography. But any general filtering of Internet traffic is prior restraint, overly broad, and a violation of user privacy. The net impact is an erosion of crucial protections that have been key to innovation, free speech, and growth on the Internet.

Innovative e-commerce services can advance economic growth, but the Internet's essential freedom is in danger of dying a death by a thousand cuts if we allow political demands to trump privacy protections.

U.S. companies face even greater challenges when dealing with censors, regulators and law enforcement abroad. The U.S. government needs to lead the world in safeguarding civil liberties, but such leadership will fall flat if our own surveillance is only minimally less pervasive. A failure to act now will only weaken the hand of U.S. companies operating abroad.

Cross-posted on the Congress Blog

---