"While the Commission applauds the efforts by the private sector to address the issue of on-line privacy," said Chairman Robert Pitofsky, "survey results show that such efforts have not been enough." He added, "the number of web sites meeting basic standards of privacy protection is far too low, endangering consumer confidence."
The Report recommends that Congress enact legislation to ensure a minimum level of privacy protection for on-line consumers, establishing "basic standards of practice for the collection of information on-line." This legislation would require consumer-oriented commercial web sites "that collect personal identifying information from or about consumers on-line" to "comply with the four widely-accepted fair information practices: "Notice, Choice, Access and Security."
A recent FTC survey showed that only 20% of randomly sampled sites were found to have implemented all four fair information practices. And among the most popular web sites in the US, only 42 percent did so.
The Commission concluded that proposed legislation, in conjunction with self-regulation, will allow electronic commerce to reach its full potential and allow consumers to gain "the confidence they need in order to participate fully in the electronic marketplace."
One Commissioner, Orson Swindle, voted against the recommendations, calling it "an unwarranted reversal of its earlier acceptance of a self-regulatory approach" despite what he described as "continued, significant progress" in self-regulation. He argued that, “legislation should be reserved for problems that the market cannot fix on its own.”
If the recommendations are followed through, it could mean the US introducing legislation which, at least in part, reflects the UK’s Data Protection Act 1998. For more information on this Act, see our guide.
