recommended reading

Rockefeller says he doesn't trust industry to regulate itself on privacy

Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va.

Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va. // J. Scott Applewhite/AP

Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va. said Thursday that he doesn't trust that companies can self-regulate themselves when it comes to protecting consumer privacy online and will continue to press for legislation.

"No I don't trust companies to do what's right when it runs against their bottom lines in absolute terms," Rockefeller said following a hearing on consumer privacy. Much of the hearing focused on the issue of whether to pass legislation to give consumers the choice of whether they want to be tracked when they surf the Internet. The issue has become a concern as companies increasingly track consumers as they visit websites or engage in other activities online in order to target ads based on consumer preferences.

Last year, Rockefeller introduced legislation that would require the Federal Trade Commission to develop rules giving consumers a do-not-track option when they surf the Web and would require companies to honor consumer tracking requests. Rockefeller acknowledged the issue will likely slip to next year, but said he would continue to pursue the issue in the next Congress. "Probably it's a next year thing," he said.

Advertising industry representatives told the panel they oppose do-not-track legislation and argue that a self-regulatory program they adopted in recent years is working. The Digital Advertising Alliance's "advertising choices" icon program allows consumers to click on an icon that allows them to choose whether they want to receive ads based on information gathered about them as they surf the Internet.

Association of National Advertisers President and CEO Bob Liodice, who testified for the Digital Advertising Alliance, argued that the coalition's "self-regulatory system works...We have a system that is operating and is effective."

He noted that the program's icon is appearing in more than a trillion ad impressions each month and more than 1 million consumers have opted out of receiving targeted ads since January 2011. That number, Liodice argued, "clearly shows [the program] is enabling consumers to exercise choices."

But the program only allows consumers to opt out of receiving ads, but not out of being tracked altogether and includes several exceptions for certain types of tracking such as market research and product development. Rockefeller questioned whether the exceptions are so wide that they don't really provide consumers with much choice in the end.

In addition, Alex Fowler, chief privacy officer for Mozilla, questioned the effectiveness of the self-regulatory programs like the one offered by the advertising alliance. He noted so far less than one percent of Internet users take advantage of the group's icon program and only one out of 20 of those who use it actually opt out of receiving targeted ads. Mozilla, which makes the Firefox Web browser, has been working with the World Wide Web consortium and industry officials and consumer activists to develop a do-not-track standard.

Ohio State University law professor Peter Swire, who served as the White House privacy adviser during the Clinton administration, said his research shows that industry self-regulation only works when Congress or the administration is focused on privacy. He said industry tends to back off once the spotlight shifts to another issue.

"Industry works a lot harder at this when government is paying attention," he said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.