Federal Trade Commission Protecting America's Consumers

Statement Of Mozelle W. Thompson

Before the

Subcommittee on Telecommunications, Trade and Consumer Protection

July 21, 1998

Mr. Chairman and members of the subcommittee, thank you for inviting us here today to talk about this important issue. I'd like to elaborate on Chairman Pitofsky's comments by discussing an important aspect of this issue -- and that is industry self-regulation.

As you know, the FTC has spent a long time working with consumer groups and industry leaders to craft a workable solution to the problem of Internet privacy.

In our June 4 Report, the Commission expressed its disappointment with the online industry's progress on self-regulation. Since then, we have been encouraged by the efforts of certain industry leaders to take concrete steps to secure consumers' privacy online.

Unfortunately, two key areas continue to prove difficult for industry to tackle:

1. (Coverage) -- First, industry self regulation has only been endorsed and adopted by a small percentage of the actual online community. To the extent there has been industry attention, it has largely been focused on the most popular sites. We are also concerned about what types of information, including information available from public records, are covered under self-regulatory proposals.
2. We believe that "hot" sites are not the only ones that are important. Consumers should be protected wherever they go. (e.g., credit cards)
3. (Enforcement / Remedies) -- Second, industry has been slow to develop and implement enforcement mechanisms that will give meaningful remedies to consumers harmed by web sites not complying with privacy principles.

The legislative model we present today addresses these challenges by proposing that the supervising agency have given rulemaking authority that would permit it to grant industries (with effective self-regulatory schemes) a "safe harbor" from agency challenge.

1. This legislative structure would incorporate industry participation and reward their voluntary efforts by treating compliance with industry guidelines as compliance with the law. Such industry guidelines would be certified by the selected regulatory agency, after a notice and comment process, if those guidelines have been approved as consistent with statutory requirements.
2. It also would allow self-regulatory programs to be "industry specific," thus allowing implementation of fair information practices tailored to the needs and requirements of particular industries.
3. It would also be flexible enough to change as technology changes.
4. The legislative model we have recommended provides for concurrent federal and state enforcement of the requirement that all commercial Web sites that collect personal identifying information adhere to the fair information practices discussed in our Report

The Commission is eager to work with industry, consumers, and this Committee to achieve further progress on safeguarding consumers' online privacy. We believe that the proposal submitted today moves in this direction by recognizing the progress we all have made so far while providing a means of ensuring future, enforceable protections for all consumers.