TORONTO (04/06/2000) - There may be no U.S. privacy czar or constitutional law about privacy, but the U.S. model still effectively punishes privacy violators, a U.S. Federal Trade Commission (FTC) official said at the Computers, Freedom and Privacy (CFP) conference held here this week.
The FTC has been "very active" in pursuing companies which violate consumers' privacy under the U.S. model of self-regulation, said Mozelle Thompson, a commissioner with the FTC.
The U.S. model calls for companies to voluntarily adhere to policies they devise and publicize or adhere to the policies set by the particular industry group, such as marketers, to which they belong. There are pointed exceptions: some industries, such as the financial industry, are governed by federal regulations with which they must comply. However, according to the model's theory, people who disagree with the policies of a company which is not in a compulsorily regulated industry can take their business elsewhere. By contrast, nations in the European Union (EU) typically have explicit laws governing the privacy of personal data.
"But that doesn't mean (in the U.S.) there's not a right to privacy," any more than it means Europeans are better protected, Thompson said. "The Europeans have a privacy directive, but that's not going to give (them) more privacy."
Under the American system, if companies violate policies which they claim to follow, the FTC goes after them, Thompson said. In fact, the FTC has brought 120 actions against people or companies for fraud and deception over the last two and a half years alone, he said.
For example, last year the FTC shut down a Web site which was deceptively selling "U.S. consumer protection seals" for US$1000, Thompson said. In partnership with other organizations, the FTC last month tagged more than 1,600 Web sites suspected of trying to lure people into participating in bogus "get-rich-quick" business propositions. [See "Update: FTC Announces Results of Internet Fraud Sweep," March 23.] Asked why it was sensible to pass a law protecting consumers from credit card theft -- consumers' liability is limited to $50 -- but not sensible to pass laws protecting privacy, Thompson said the credit card law "developed after a long policy discussion."
A discussion on privacy protection may be taking place now. For the past three years, the FTC has been involved with surveying how well the self-regulation model is protecting people's privacy. Based on the most recent report, issued last July, a majority of commissioners voted against recommending passing legislation, even as they noted that businesses must do more to address consumers' concerns.
Thompson said he was part of that majority, although he is worried that there may always be some companies who behave in a deceptive and fraudulent manner.
Still, the potential existence of a persistent group who won't play fair does not necessarily mean the U.S. should seek a legislative remedy, according to Thompson.
"It's very dangerous to set down a set of codes and regulations" pertaining to technology, since such rules become out of date so quickly, Thompson said.
Moreover, American consumers do not necessarily trust the U.S. government having a role in protecting their privacy, according to Thompson. Instead, the government should emphasize its role as an educator, he said.
"We have to do a better job educating consumers individually about steps they can take themselves," Thompson said.