The Direct Marketing Association was the lone holdout among ad groups generally praising the proposal offered by U.S. Reps. Asa Hutchinson (R., Ark.) and James Moran (D., Va.) to create a 17-member commission to look at all elements of privacy -- both offline and online -- over the next 18 months.
"Congress has a very short session, and to do any major legislative activity, let alone one in such a controversial area as privacy, is hard to do," said Dan Jaffe, exec VP of the Association of National Advertisers. But he added, "The other side is that privacy is a hot political issue and we are in a hotly contested cycle, and sometimes impossible tasks miraculously become possible." John Kamp, senior VP of the American Association of Advertising Agencies, warned that privacy is continuing to generate strong attention in congressional districts.
"This is an election season, anything can happen," he said.
Ad groups have called for voluntary self-regulation of privacy rather than new laws, and both Messrs. Kamp and Jaffe questioned the commission's look into privacy offline.
Jerry Cerasale, DMA exec VP, said his group sees no need for a commission. He noted the Federal Trade Commission already has been examining many of the same issues, noting that privacy issues are better handled by sector, such as medical privacy, online privacy and offline privacy.
"If there is a specific problem, let's look at it," he said.
Reps. Hutchinson and Moran, joined by two colleagues, said they made the commission proposal because they felt Congress shouldn't act precipitously on privacy legislation and because there appeared to be no clear consensus in Congress on how to proceed. The commission would look into online privacy, availability of public records, medical privacy and off-line privacy, they said.
"We should not go home without having dealt with the issue," Rep. Hutchinson said. "But I believe this is the best approach, a realistic approach . . . to get a bill that is narrowly tailored."
Rep. Moran said he was concerned about marketers' "profiling" of individuals, but also had "a countervailing fear of overreaction. We need a balanced, measured approach to a complex issue," he said in a statement that was seconded by two other legislators, Reps. Kay Granger (R., Texas) and Kevin Brady (R., Texas).
Other members of Congress, however, were less certain about relying on a commission. Congressional aides noted the FTC is shortly expected to issue a report about online marketing that could include legislative recommendations, and that the Treasury Department is due to make legislative recommendations on financial privacy.
To decide there is not enough agreement to act "is a self-fulfilling prophecy," cautioned David Moulton, an aide to U.S. Rep. Edward Markey (D., Mass.) of the proposal to form a commission. Mr. Markey, who is a member of a bipartisan privacy task force, believes legislation on financial services needs to be considered this year, Mr. Moulton said.
Sen. Patrick Leahy (D., Vt.), who heads a Democratic Senate task force looking at privacy issues, still hopes to act on a medical privacy bill and financial privacy protection this year, an aide said, though he added that Sen. Leahy called the commission proposal "thoughtful." Congress may want to consider it as well, he said.
Privacy critics, too, have called for immediate legislative action, warning that delays could give marketers time to make decisions on combining offline and online profiles that could set the course of the Web.
"I think they are not reading their mail," said Marc Rotenberg, executive director of the Electronic Privacy Information Council. "It's much too late to create a study group."
Another part of the privacy debate became clearer last week as the U.S. and European Union reached final agreement on the steps U.S. companies would have to take if they want to bring profile information gathered in Europe to the U.S.
U.S. companies, under the pact, would be compliant if they belonged to self-regulatory alliances such as Trust-e or BBBOnline, but in the biggest change, they have to agree to expunge data on the European citizens if so ordered.