Senators split over privacy legislation

Members of the Senate Commerce Committee expressed broad agreement on the need for a national data breach reporting standard but were less unified with regards to the prospect of comprehensive privacy legislation at a hearing on Wednesday.

Chairman Jay Rockefeller (D-W.Va.) said his Do Not Track Online Act focuses on forcing companies to give consumers a clear picture of what information they're collecting and allowing those users a single easy way to stop the collection process.

"This bill is based on a simple concept. With an easy click of the mouse, consumers can tell all online companies that they do not want their information collected. Under my bill, companies would be obliged to honor that request. It’s that simple," Rockefeller said.

"I don't think that's too much to ask."

Rockefeller also voiced support for a comprehensive privacy bill from Sens. John Kerry (D-Mass.) and McCain (R-Ariz.), calling it "a very good piece of legislation." But ranking member Pat Toomey (R-Pa.) was less convinced of the need for comprehensive privacy legislation.

"I"m not sure there is a consensus yet on how to best protect consumers or whether a legislative solution is the best method for doing so," Toomey said in his opening remarks, arguing the U.S. has been more innovative on the Web in part because firms are not subject to the same regulations as in European nations.

Toomey said he wanted a clear picture of the potential harms to consumers that would be addressed by any privacy bill along with the potential cost to industry. He also pointed out that millions of people voluntarily share personal information on Facebook and Twitter.

"We need to thoroughly examine the issue and make sure we don't apply a solution in search of a problem," Toomey said, adding he's not sure which entity should be in charge of setting and enforcing privacy standards.

Federal Trade Commissioner Julie Brill said she has been a proponent of allowing industry to self-regulate with regards to Rockefeller's Do Not Track provision. She said the makers of Web browsers have made significant progress on technology-driven solutions to let users opt out of online tracking, but unless all the disparate ad networks agree to comply she's not convinced self-policing can work.

Two issues upon which members appeared to be in agreement were the need for a national data breach reporting standard and that the committee should be the home of any privacy legislation. The Judiciary Committee has signaled it intends to pursue the issue in recent months, sparking concern among staffers of a potential turf war that could derail the debate.

Rockefeller has offered a data breach bill with Sen. Mark Pryor (D-Ark.) that has drawn industry support; there are also several similar measures being considered in the House. A national data breach reporting standard appears likely to pass this year either as part of comprehensive privacy or security legislation or as a stand-alone measure.

---