The Federal Trade Commission recently released its “Report to Congress on Privacy Online.” It says consumers have little privacy on the Internet and urges Congress to enact legislation that would ensure that parents are aware of and control data collected on-line from and about their children. The report also criticizes the on-line industry’s attempts at self-regulation.
I have been a proponent of self-regulation on the Internet since it broke free of its governmental and academic roots and became a revolutionary force in shaping new markets and new political arenas.
Unfortunately, self-regulation has been more talk than action. Most enterprises have been afraid to give up their autonomy to any meaningful and enforceable private restrictions. It has been too easy for Internet participants to throw verbal stones at sensible proposals such as the International Ad-Hoc Committee’s recommendation for administering Internet domain names. Instead they should have worked with proponents to resolve disagreements and to put private systems into operation.
The only really interesting privacy self-regulatory system is the one worked out by the Individual Reference Services Group, because it had audit and enforcement mechanisms.
There is no doubt that private regulatory systems would be better than the heavy hand of government, but time is running out. Maybe the FTC statement will serve as a useful stimulus to move self-regulatory proposals forward.
In the meantime, the best near-term action that the Clinton administration could take to protect Internet privacy would be to abandon its anachronistic insistence on restricting export of commercially available encryption software for personal computers.
