Government // Leadership
News
11/22/2013
01:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Consumer Privacy Protections Need Review, GAO Tells Congress

A congressional research report concludes that the patchwork of consumer privacy laws needs national review to reflect the increasing industry use of consumer information.

The legal patchwork that exists to protect consumer privacy must be carefully reviewed and possibly overhauled to ensure that consumers have a voice in how their personal information is used, a new congressional watchdog report has concluded.

The statutory framework for consumer privacy doesn't fully address the advent of new technologies and Internet communications, nor does it take into account a rising demand for personal information in the marketplace, the Government Accountability Office states in a report made publicly available Nov. 15.

The lack of an overarching federal privacy law that addresses the collection and sale of personal information among private-sector companies and information resellers may be leaving consumers vulnerable to the exchange and sale of their information in ways they would not approve, the GAO said.

The GAO conducted its investigation for Sen. John D. Rockefeller IV (D-WV), who chairs the Senate Committee on Commerce, Science, and Transportation. He has been keenly interested in how the Internet influences commerce and the implications of unrestricted collection of online data.

"I am afraid... that the need to monetize consumers' data will win out over privacy concerns," Rockefeller said during a Senate hearing in May 2012. He called self-regulation "inherently one-sided," and he worried that "consumers' rights always seem to lose out to the industry's needs."

[Consumer privacy risks also affect the workplace. Read: Facebook Graph Search: 5 Privacy Settings To Check]

The GAO found that no federal statute gives consumers the right to learn what information is held about them and who holds it. In many circumstances, consumers do not have the legal right to control the collection (or sharing with third parties) of sensitive information, such as their shopping habits and health interests, for marketing purposes.

The Obama administration has worked to take a proactive stand on consumer privacy issues. The Privacy and Innovation Blueprint it released last year includes a proposed consumer privacy Bill of Rights that embodies a set of principles governing the handling of personal data in commercial sectors that are not subject to current federal statutes.

For the most part, the laws on the books related to the collection and sale of personal information address specific purposes, situations, or entities governing the use of personal information, the GAO said, but they do not furnish broad and comprehensive protections.

Though marketing industry representatives maintain that privacy laws are adequate, and that companies involved in the collection and sale of consumer information apply self-regulatory measures to their business, the GAO found significant gaps in legal protections for privacy. Moreover, it said the statutory framework does not truly reflect the Fair Information Policies Principles, which are widely accepted principles protecting the privacy and security of personal information. These principles that have guided privacy recommendations made by federal agencies.

The debate over privacy protection has been heated. On one side are privacy advocates who say that an overarching privacy law would offer more consistency and address gaps left by the sector-specific approach. They say there is a real need to give consumers control of their information when it is used for a purpose beyond that for which it was originally provided.

On the other side are individuals and groups that say a one-size-fits-all approach would be overly burdensome and restrictive. They hold that restrictions on the collection and use of personal data would boost compliance costs, inhibit innovation, and keep consumers from receiving relevant advertising and beneficial products and services.

The GAO interviewed representatives of the reseller and marketing industries, consumer and privacy groups, and federal agencies. It recommends that Congress consider strengthening the consumer privacy framework to reflect changes in technology and the increasing demand for consumer information.

Federal lawmakers should find ways to furnish consumers with appropriate privacy protections without unduly inhibiting commerce and innovation, the report said.

Consumerization 1.0 was "we don't need IT." Today we need IT to bridge the gap between consumer and business tech. Read the "Consumerization 2.0 issue of InformationWeek. Also in the report: Stop worrying about the role of the CIO (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
12/3/2013 | 8:59:24 PM
Re: A challenge that must be addressed
Bill, thanks for summing up the essence of viewpoints here and keeping the conversation going forward.  At the end of the day, I think consumers would be well served if we as a nation drafted the equivalent of a digital Bill of Rights, that would among other things: allow citizens to 1) be able to search and view the data being captured about them, and 2) have the right to correct or remedy incorrect information about them.
William Welsh
50%
50%
William Welsh,
User Rank: Strategist
12/3/2013 | 7:43:56 PM
A challenge that must be addressed

Thanks very much to everyone who commented. Each of you made trenchant observations. "Privacy is a thankless debate," an observation of Thomas Claburn, certainly rings true in the case of the privacy issues related to technology facing lawmakers.

I believe Internet founding father Vint Cerf's Nov. 20 remark at the FTC's "Internet of Things" event that "privacy may actually be an anomaly" and that people should not consider privacy a given in the age of social media, serves as an important touchstone for the ongoing debate. With that viewpoint in mind, privacy in today's world is mostly an uphill battle.

It seems among those who commented that there is a consensus here that, as GAO suggested, it is important for lawmakers to make an extra effort on any privacy protection legislation to avoid a potentially overly burdensome one-size-fits-all approach. In this regard, Michael Endler framed the challenge nicely by stating, "Getting anything done will take delicacy."

Tom Murphy did a superb job of laying out many of the questions lawmakers should be asking, and the thorny issues they will be dealing with on the topic of consumer privacy protections and its related challenges.

In GAO's defense it looks like it has been looking into privacy matters regarding technology fairly regularly at least for the past five years and perhaps longer on an intermittent basis based on looking at archives of GAO reports. Granted, the fast pace of the evolution of both social media and wireless devices merit regular assessment of privacy matter for the foreseeable future. As SachinEE writes, "This initiative should not die without having an actual impact."

SachinEE
50%
50%
SachinEE,
User Rank: Ninja
11/27/2013 | 1:58:13 AM
Re : Consumer Privacy Protections Need Review, GAO Tells Congress
@ Tom Murphy, you are absolutely right that GAO is at least a decade late in addressing this issue when piles and piles of data have already been collected. It will be a very difficult question to answer what should be done to the data already been collected. Obviously the organizations or websites which collected this data will not let go of this data easily. It will be interesting to see what government can do about it, if at all.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
11/27/2013 | 1:58:11 AM
Re : Consumer Privacy Protections Need Review, GAO Tells Congress
"On the other side are individuals and groups that say a one-size-fits-all approach would be overly burdensome and restrictive. They hold that restrictions on the collection and use of personal data would boost compliance costs, inhibit innovation, and keep consumers from receiving relevant advertising and beneficial products and services." First argument holds some life without any doubt. All-encompassing laws don't work. But why should they be deciding what is "beneficial" for consumers? When consumers don't want these relevant advertisements and beneficial products and services at the cost of their privacy being compromised, why should they be insisting on it?
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
11/27/2013 | 1:58:07 AM
Re : Consumer Privacy Protections Need Review, GAO Tells Congress
It is a welcome initiative indeed. At long last we hear something about consumers' privacy vulnerabilities from a significant quarter that might matter a lot at the end of the day. What is desirable now is that Congress take the recommendation of GAO seriously and legislate accordingly and in a thorough manner. This initiative should not die without having an actual impact.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
11/22/2013 | 3:55:37 PM
Re: It's sure to be a mess
Privacy is a thankless debate. Consumers say they want it but act otherwise. Privacy will never be practical online. The Internet is a surveillance system. Governments won't allow it to be any other way and businesses won't offer privacy services because so few will pay. And why offer "secure email" when that really means "secure until legally otherwise"? That said, we do need some rules of the road to avoid having our data strip-mined and sold over and over.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
11/22/2013 | 1:53:31 PM
It's sure to be a mess
"[T]here is a real need to give consumers control of their information when it is used for a purpose beyond that for which it was originally provided" vs. "A one-size-fits-all approach would be overly burdensome and restrictive. They hold that restrictions on the collection and use of personal data would boost compliance costs, inhibit innovation, and keep consumers from receiving relevant advertising and beneficial products and services."

I think these two lines cut to the heart of the matter. Like most debates of this kind, lawmakers are going to debate consumer protection against business interests. Given how recent battles of this sort have played out, I'm not optimistic that lawmakers will have any idea how to handle this one (e.g. "It's prehistoric for companies to discriminate on the basis of gender identity/ sexuality" vs. "If we make it illegal for companies to discriminate, it will invite too many lawsuits, which will hurt businesses and cost Americans jobs," or "we have established a consumer proection agency" vs. "but we don't want to confirm its leader"). It's a complicated issue; consumers are not adequately protected, but I agree that sweeping policies and regulations aren't always the best approach either. Getting anything done will take delicacy, but this issue is, unfortunately, one that can be easily hijacked by ideological jingoism. The fact that this topic involves not only individual vs. business, but also technology - something with which lawmakers are generally inept and short-sighted - only makes the outlook that much messier.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Author
11/22/2013 | 1:52:32 PM
Short Arm of the Law
I'm afraid the GAO is about a decade late and a bit myopic in its report on consumer privacy.  Yes, there are needs for greater protections and that has been obvious since the turn of the century.  And yes, it would be nice to see limits on what companies can do, but how would Congress impose those on web publishers outside the US?  Another problem: how could anyone (or any government) hope to retrieve or scrap all the consumer information that has already been gathered and collated. There are corporate and government dossiers now on hundreds of millions -- perhaps billions -- of individuals around the globe. 

Of course, we don't have to go on this way. The questions are what should we do, and how can we bring everyone together to do it?   Any ideas out there?
2014 US Salary Survey: 10 Stats
2014 US Salary Survey: 10 Stats
InformationWeek surveyed 11,662 IT pros across 30 industries about their pay, benefits, job satisfaction, outsourcing, and more. Some of the results will surprise you.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.