In May, during a commencement speech, Vice President Al Gore called for an “Electronic Bill of Rights” to allow Americans to protect their privacy.
In June, the Federal Trade Commission issued a blistering report that recommended developing legislation to give parents control of the online collection and use of personal information from kids. FTC proposals on how to shield all online customers will appear later this summer.
Also last month, Christine Varney, the former FTC commissioner now in private practice, announced in Wired magazine that she has given up on the idea of market-based solutions for protecting privacy, and called on Congress-“if the situation doesn’t change”-to direct the FTC to develop sector-by-sector guidelines.
Clearly, the privacy pendulum is swinging against direct marketers. Experts say what’s happening is different from the typical anti-industry blip that rises now and again, usually after a widely publicized misuse of personal data. Privacy-traditionally the hobbyhorse of a small circle of policy wonks-has gone mainstream. And it doesn’t bode well for direct marketers, though some insiders believe the spotlight on privacy also brings an opportunity for the industry to make its case anew.
“It’s been changing for a while but the FTC report saying the business community has twiddled its thumbs has made the tone significantly more hostile,” says Martin Abrams, vice president of information policy and privacy at Experian Inc., Orange, CA. “The FTC report is going to be a difficult obstacle to overcome to preserve the flexible use of information.”
The broad initiative that Gore proposed seeks to restrict access to medical records, create a government review of how federal agencies handle personal data and stem the tide of direct mail.
Ironically, the main culprit for the ill winds blowing is at the same time held out as the future of direct marketing: the Internet. The World Wide Web has publicized marketers’ use of personal data. The brouhaha over America Online disclosing information to the U.S. Navy about a gay officer hasn’t helped. A recent Business Week/Harris poll found that “worries about protecting personal information on the Net ranked as the top reason people are staying off the Web.”
Abrams says new policies could be expensive for direct marketers, both in terms of lost opportunities because of restricted use, and in actual dollar terms for implementing some measures, such as allowing consumers access to their information-if regulation goes that far. Companies will have to be more candid about how they use personal data, he says. “The industry will have to step up the self-regulation process or run the risk of legislation, first in the online world and then moving into older media.”
But in a May speech before the Direct Marketing Association, Ira Magaziner, President Clinton’s senior adviser for policy development, expressed pessimism about the industry developing self-regulatory guidelines in a timely fashion. Magaziner is scheduled to present the president with a report on July 1 assessing and developing codes of conduct for self-regulation.
Many believe the report is timed for the October debut of the European Union’s Directive on Data Protection, which has also highlighted the privacy issue. The measure prevents the flow of personal data from E.U. member countries to those that are deemed to have “inadequate” privacy protections for their consumers. It has yet to be determined how the United States will be categorized.
The privacy advocates, of course, are skeptical that the industry will step up to the self-regulation plate. “By its nature, the industry can’t admit something is wrong,” says Robert Bulmash, of Private Citizen Inc., Naperville, IL. “They’d be opening the door for regulation. The industry is priming the explosives around its feet right now.” Evan Hendricks, of The Privacy Times, Washington, DC,says: “The Clinton administration was gullible enough to believe that the industry would accomplish something through self-regulation, but it hasn’t accomplished anything.”
In her Wired article, Varney criticized the DMA for not providing an enforcement mechanism and for not prohibiting the use of children’s data. No one can doubt the DMA’s Herculean efforts to get businesses to post privacy statements on their Web sites in preparation for the FTC’s survey, but the industry still flunked the test.
For its report, the FTC checked out 1,402 Web sites. In one category including a cross-section of 674 commercial sites the agency found that 92% collected personal information but only 14% gave any indication of how they used it and only 2% had a privacy policy. Of the 212 children’s sites, 89% collected personal data from children, but only 54% disclosed their collection practices. Fewer than 10% of the sites told the children to get their parents’ permission before providing personal data.
When the report came out, Rep. Edward J. Markey (D-MA), the ranking minority member on the House telecommunications subcommittee, called it “a historic landmark that changes forever the discussion of the protections which children need in a cyber era.”
However much the tone of the privacy debate has changed, the actual consequences are still unclear. It seems unlikely that any legislation will be passed during the fall campaign season, with the possible exception of the Children’s Privacy Protection and Parental Empowerment Act (S. 504, H.R. 1972). Even the European directive may turn out to be a scarecrow. Not all the union members have their laws in place and once they do a country would have to object to an American company’s practices, which would then be litigated. The data flow will not halt in October.
And the mainstreaming of privacy may have its benefits. Says John Awerdick, an attorney with Williams, Caliri, Miller & Otley, in Wayne, NJ: “Because privacy is now on the major policy agenda, the industry is capable of getting its story out better than before.”