The FTC is due May 23 to release results of its third Web "sweep" checking industry compliance with privacy principles. Advertisers, ad agencies and the American Advertising Federation have written separate letters all saying the FTC should not recommend new privacy laws.
The FTC reportedly found that 90% of sites have privacy policies, but only 20% comply with all four elements the FTC wants -- disclosure, choice, access (to information collected) and security. But that's good news, advertising groups said.
"The way we look at it, the glass is 90% full," said John Kamp, senior VP of the American Association of Advertising Agencies. "The way consumer groups look at it, our glass is 80% empty."
ALL COMMERCIAL SITES
FTC staff reportedly recommended calling for legislation that would apply to all commercial Web sites; previous laws affected only kids and financial information sites. However it's unclear if commissioners would go along with the staff proposal. But the report could kick off quick congressional action.
"It's a crap shoot," said Deirdre Mulligan, staff counsel for the Center for Democracy & Technology, a consumer group that is pushing for privacy legislation. "I do think that it is possible that there could be congressional action, but I also think there is a deck of cards stacked against it."
Sen. Patrick Leahy (D., Vt.), who heads a Democratic privacy task force, would like to see action this year, but with a few weeks of legislative activity left, whether it could happen "is a matter of making it a priority for leadership," said an aide.
The Senate Commerce Committee, headed by Sen. John McCain (R., Ariz.), has scheduled a May 25 hearing to discuss the report.
In their letters, ad and marketing industry officials argue 90% of marketers having adopted privacy policies demonstrates that self-regulation works. They suggest the 20% figure is likely the result of marketers' confusion about two of the more complicated privacy principles -- providing access to information gathered by marketers, while also providing the security to see the information is only available to those who should have access to it.
"While there is more work to be done, progress has been dramatic," said Hal Shoup, exec VP of Four A's in one of the letters. "We strongly believe a call for legislation at this point would be premature and counterproductive."
Dan Jaffe, exec VP of the Association of National Advertisers, noted the 90% compares with 14% of Web sites having privacy policies in 1998.
American Advertising Federation President-CEO Wally Snyder said marketers shouldn't be held to unresolved access standards.
"It is unrealistic to expect sites to meet a criteria where no clear criteria exists," he wrote in the AAF's letter. He said counting marketers as not complying when they don't give access because of security concerns is unfair and unwise.
SELF-REGULATION NOT ENOUGH
Privacy advocates said the industry has had more than enough time to comply, and its requests for the FTC to set standards on access and security issues -- after repeatedly pleading to let industry set its own standards in the past -- are at best a little disingenuous.
"Self-regulation has not provided an adequate amount of progress and it is time to set a legal standard for privacy protection on the Web," said Andrew Shen, a policy analyst for the Electronic Privacy Information Council.
Ms. Mulligan said some marketers have improved, but "we also see some laggards. We believe a baseline is necessary to ensure individual guidance and for economic privacy."