Reaction was swift and generally positive Thursday to the Commerce Department's report on online privacy recommendations from its Internet Policy Task Force, though one privacy advocate suggested it was too much talk and too little action.
The recommendations, after they are put out for public comment and finalized, are meant to become the basis of the administration's policy position on the issue.
"The Department of Commerce privacy green paper highlights the need for greater privacy protections for Americans," said Senate Commerce Committee chairman Jay Rockefeller (D-W.VA). "As pointed out in the report, the United States only has privacy laws in limited areas such as the healthcare and financial sectors," he said in a statement. "This means that there are no baseline privacy protections for most consumer online activity. Industry self-regulation has largely failed, and I hope that the Department of Commerce in its final report will reach the conclusion that legislation is necessary to protect consumers."
That is a possibility, said Commerce officials Thursday, but they are hoping for industry self regulation, though they concede that to date, such self-regulation has been inadequate.
"We commend the Commerce Department for identifying the need for comprehensive protections of Americans' privacy," said the American Civil Liberties Union. "For too long, Americans have been ill-served by a patchwork of privacy laws that contain broad gaps and loopholes," said Christopher Calabrese, ACLU legislative counsel in a statement. "Not only do those gaps increase the risk of identity theft, they also allow for the compilation of profiles on every citizen that can be shared with employers and the government."
Jeff Chester, executive director of the Center for Digital Democracy and a strong voice for greater government online privacy protections, was less sanguine. He said that the report raises good questions, but that it is past time for the government to be providing some answers.
"Instead of real laws protecting consumers, we are offered a vague "multi-stakeholder" process to help develop "enforceable codes of conduct," he said. "If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy."
The report does not take positions on do-not-track or opt in/opt out regimes, two big issues in the online privacy debate, but the report was billed more as a road map and a framework, with the specifics to be filled in later and after industry and public input. That public comment on the report is due Jan. 28.
"The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace," said Chester. Instead, the report focuses on voluntary standards, suggesting that legislation is something of a last resort if administration pressure or stronger FTC enforcement do not light a fire under self-regulatory efforts by industry.