By Eduard Goodman,

For the past three years, companies have tracked how consumers surf the Internet—what we buy, read and eat—with little to no self-regulation. They’ve collected our personal information, created profiles on us and sold them to advertisers without our consent.

Now, we’re seeing a push for legislation that would protect our privacy online.

In February, Representative Jackie Speier, a Democrat from California, introduced a bill that would give the Federal Trade Commission the authority to establish a Do Not Track system for consumers who don’t want their online activity monitored. The system would offer consumers an opt-out mechanism, similar to the National .

Rep. Speier’s does a great job of expanding the definition of private data to cover any information transmitted online that contains or tracks an individual’s online activity; any unique identifiers specific to the individual, such as an IP address; and personal information, including name and email address.

The bill specifically defines sensitive information as a Social Security number, medical history and unique biometric data. However, it also encompasses race or ethnicity, religious beliefs or affiliation, sexual orientation or sexual behavior, income and financial data and even “precise geolocation information and any information about the individual’s activities and relationships associated with such geolocation.”

Much like the HITECH modifications to HIPAA’s privacy rule, the bill puts enforcement power in the hands of state attorneys general. That’s good for consumers since privacy has remained a nonpartisan issue (and most AGs want to grow up to be a senator or governor one day).

The best part, though? It leaves the FTC to engineer the actual gears of the Do Not Track mechanism. The agency would get 18 months to figure out the rules from the date the bill goes into effect, if it ever does.

The FTC is the most qualified agency to opine on issues of privacy and commerce and to participate in privacy-related rulemaking. Though some in business may disagree, I think the FTC does a better job of balancing practical privacy with commerce than any other privacy regulatory authority in the world. Who better to be left with the real question of how all this will actually work? Are rules the answer or is technology? The likely answer is both—and the browser companies recognize the writing on the wall, even if the online marketers don’t.

Microsoft’s Internet Explorer and Mozilla’s Firefox now both contain variations of a Do Not Track feature. Unfortunately, this just illustrates the problem: Law and regulation move much slower than technology. So what is the solution? Well, from a privacy protection standpoint it might just lie in a concept that’s been around for a while but is just now garnering some real attention: privacy by design.

More on that next time.

Related: The FTC and the Future of Privacy Enforcement in America

Eduard Goodman, Chief Privacy Officer, Identity Theft 911
An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.

Leave a Reply