Chairman Rockefeller Remarks on the State of Consumer Online Privacy

March 16, 2011

Chairman RockefellerWASHINGTON, D.C. — Welcome to all of our witnesses. Today’s hearing is the first in a series of hearings this Committee will hold on consumer privacy in the 112th Congress.

Online privacy is a matter that concerns Americans everywhere. According to the Pew Internet and American Life Project, 96 percent of working Americans use the Internet as part of their daily life. We are increasingly plugged-in and logged-on: working, playing, learning, shopping and socializing using computers, smart phones and tablets. And every time we use a device, such as an Android or iPad, to interact online, a machine—a computer server—somewhere in the world is recording this information.

Much of this information is used for targeted advertising purposes, but not all of it. According to press reports, data is being collected for other reasons as well. Data brokers such as RapLeaf, Inc. have created profiles on individuals, including their income and gender, and sold that information to third parties such as political campaigns and MySpace. Insurers are reportedly considering using data collected online as part of their assessment process. There is a multibillion dollar industry growing around the dissemination and sale of personal data picked up and packaged online.

Worse, even when Americans are aware this is happening, too often there is little they can do to stop it. I’ve been alarmed by reports that companies are figuring out new ways to limit and circumvent consumer choice online. For example, “Flash Cookies” are small data files used to facilitate multimedia viewing on websites. But some companies are using them for a different purpose altogether—to undermine users’ browser privacy settings. I recently wrote the Federal Trade Commission (FTC) and asked them to investigate this practice.

I believe that consumers should be able to clearly understand and control what information is being collected and how this information is being used. If you’re shopping at the mall, you could stop someone from recording every store you visit, every book you peruse and every product you buy. Shouldn’t online shoppers—and online users—have these same protections, too?

Now, I appreciate that we live in a world in which online technology is rapidly evolving. I know some online companies have taken steps to address consumer privacy. And, I appreciate the need to proceed carefully when providing consumer protections that may disrupt the functionality of the Internet. But Congress can no longer sit on the sidelines. There is an online privacy war going on, and without help, consumers will lose. We must act to give Americans the basic online privacy protections they deserve. 

For too long, we’ve heard that the private sector will voluntarily work to protect consumers. For too long, Congress has been asked to let self-regulation work. We’ve waited. And waited. And while we’ve waited, Americans have grown exposed. Companies have developed more tools to gather even more personal details about their lives. Self-regulation, by and large, has been a failed experiment. This is not just my view. It is also a view supported by the recent FTC privacy report. The majority of consumers are uncomfortable being tracked online and it is time the law gave Americans a choice in the matter.

I am encouraged by a growing consensus among stakeholders—business and consumer advocates alike—that basic privacy rules are necessary. I look forward to working with my colleagues on legislation that protects consumers from unwarranted intrusions on their personal privacy while preserving the ability of online companies to prosper in a competitive global marketplace. Protecting consumer privacy does not have to be a zero-sum game.

We have a terrific panel of witnesses. I want to thank them again for being here today.