Protection of Online Privacy

The Council supports the position that if companies voluntarily create effective privacy policies for their web sites, regulation is not needed, as companies would then be subject to the Federal Trade Commission's existing authority to regulate false and deceptive practices.

To protect the privacy of users on-line, companies should voluntarily create effective privacy policies for their web sites by:

  • Implementing the "Fair Information Practices" of:

    • notice: clear and conspicuous disclosure to users about the use, or change of use, of personal information

    • choice: giving users options regarding how information collected from them online may be used, including the opportunity to opt out of such use

    • access: the right of individuals to have reasonable access to information about them

    • security: measures to prevent unauthorized disclosure of information, to assure its reliability and to protect it from loss, misuse or alteration;

  • Participating in third party seal programs (Better Business Bureau On-line; Trust E, etc.) to monitor and verify the implementation of the Fair Information Practices and to provide for user complaint resolution;

  • Incorporating the Platform for Privacy Preferences, P3P, in order to aid users in understanding the privacy policies of web sites they visit. The technology industry is increasingly emphasizing this technology-based approach, a standard developed by the Worldwide Web Consortium and implemented by Microsoft in Version 6 of Internet Explorer.

The Council further supports the position that if legislation is proposed to protect on-line privacy, it should be considered only at the federal level, and it should only:

  • Require web sites to provide users clear and conspicuous notice about their information collection practices and the choice to limit the disclosure of information;

  • Authorize the FTC to enforce these notice and disclosure requirements through civil penalties; and

  • Pre-empt state laws regulating on-line privacy.

The Council believes that regulation at the state level is impractical because state authorities can only reach servers located within their jurisdiction, and state efforts to regulate Internet content have been invalidated by courts as an unconstitutional regulation of interstate commerce.

Finally, the Council believes that any proposed legislation should not disadvantage the on-line world, as compared to the off-line world.