Keep Internet Privacy Privatized

The Federal Trade Commission announced to some fanfare recently it would be investigating various health care Web sites, along with Internet advertising agency DoubleClick, Inc., for possible privacy violations. Whatever the merits of these specific cases, it’s important to note that the on-line privacy concerns on which they hinge are common among consumers. Too often, however, the issues involved are misunderstood by the press, the public, and the regulators.

Information about where people go on-line and what they buy is important to businesses seeking to streamline their marketing. The Internet is proving a fertile source for this type of data. The increase in ease and frequency with which consumer preferences are recorded, cross-referenced with other information, or sold has resulted in calls for new regulations, laws, and restrictions.

These measures may not be needed. Which is not to say that the public’s privacy desires are unimportant. But rarely discussed in the debate are the incentives currently encouraging businesses to cater to and address consumers’ privacy concerns–without the prompting of government.

In fact, government-imposed privacy dictates would set a dangerous precedent, opening up a Pandora’s Box for government meddling on the Internet and wasting untold dollars in compliance and enforcement costs.

A number of bills to regulate online privacy are under consideration by Congress. A proposal sponsored by Sen. Conrad Burns (R-MT) would require Web site operators to identify themselves, and to detail what information is collected from patrons of the site, how it’s used, and what aspects might be shared with other companies. Sen. Robert Torricelli (D-NJ) has introduced another bill focusing on the use of “cookies” (tiny files that Web sites send to users’ hard drives to monitor where they go and what advertisements catch their attention). This bill would mandate that sites gain permission from users before cookies can be used. Ideally, the bills would ensure that consumers are in control of their personal information and notified of what information about them is collected and who will see it. Sounds reasonable, right?

So reasonable, in fact, that it’s already happening without heavy-handed federal regulations. Consumer demand has already made privacy policy disclosures commonplace on the Internet. In 1998 the Federal Trade Commission reported to Congress that while more than 85 percent of Web sites collected some form of personal information, only 14 percent provided some type of notice to their patrons. But a January 1999 Georgetown survey found that almost 66 percent of sites posted some type of privacy disclosure. Today the number is surely higher. Such a swift and widespread response may be due in part to the threat of regulation, but more fundamentally it’s being driven by consumer demands.

Even with this impressive industry response, proponents of privacy regulations argue that laws still are needed because consumers remain powerless on any Web site that does not voluntarily post its privacy policy or whose posting is insufficient. But these arguments are unconvincing. Just as discerning consumers may choose not to deal with off-line businesses whose standards and policies prove disagreeable, so too will they avoid Web sites whose privacy standards fall short.

It’s in the interest of businesses to give consumers what they want. Simple as that sounds, it’s a notion foreign to bureacrats and legislators casting about for areas to intrude on and ways to justify their own existences. As more consumers make known their preference for privacy, more on-line sites will respond accordingly. And in the meantime, savvy Web surfers can stick to sites they trust, choose not to fill out registration forms, and set their browsers to consult them before accepting any cookies (for more information visit New technologies allow for anonymous Web browsing, browsing under digital pseudonyms, and automatic screening of privacy policies.

Market forces are already granting consumers greater control over their personal information, making federal regulations unnecessary. Unfortunately, government action often runs a risk greater than merely being superfluous.

Regulations often come with harmful unintended consequences. New privacy guidelines likely would be no exception. The details of a scheme for enforcing Internet privacy regulations have yet to be articulated, but considering the track record of federal agencies for waste and inefficiency, one can bet it will be costly. The Internet is as decentralized as it is vast; an enormous amount of time and money would be needed to patrol it.

Whatever the FTC ultimately decides about DoubleClick and the health sites under investigation, Congress should practice restraint and opt not to mandate Internet privacy policies. Privacy concerns are already more than adequately being addressed in the private sector. Rules and protocols are being hashed out by the parties involved–Web site operators and consumers. Dictates and legislation from Washington would only lead in the wrong direction.

Jessica Melugin ([email protected]) is a CEI policy analyst.