The Association for Competitive Technology (ACT) released a report estimating that U.S. businesses could pay between $9 billion and $36 billion to modify Web sites in compliance with proposed privacy bills. In a separate study, Privacilla.org, an industry-backed privacy group, issued a report that disavowed the importance of public opinion polls in deciding privacy regulations.
Members of a key House subcommittee heard similar complaints about the reliability of polls on online privacy, at times from the pollsters themselves. "Writing legislation off of survey results is tricky," pollster Harrison "Lee" Rainie, director of the Pew Internet & American Life Project, told the House Commerce Subcommittee on Commerce and Trade on Tuesday in Washington.
Such efforts pushing against privacy legislation run in stark contrast to the momentum built by lawmakers for a privacy bill just seven months ago. In October, a bipartisan coalition of House and Senate members came together vowing to pass online privacy protections early this year.
Other studies outlining the dangers of unabashed data-collection online, and resulting consumer concerns about potential privacy risks, caused legislators including former presidential hopeful John McCain to co-sign privacy bills.
But since the beginning of the year, momentum for a privacy bill has slowed, despite regular meetings on Capitol Hill to address such issues. Much of the wind got knocked out of the proposed 19 bills because of widespread disagreement on what those bills should look like. Problems hammering out such points as opt-out vs. opt-in policies have pushed legislative efforts into an eddy.
Now, supporters of self-regulation are armed with more ammunition and are making an impression on subcommittee members charged with influencing a decision on the privacy debate.
Sandra Bauman, who has conducted in-depth focus groups on privacy for Wirthlin Worldwide, argued that privacy can be achieved "through self-regulating policies" rather than legislation or regulation.
Most privacy concerns expressed in polls come from inexperience with the medium, Bauman said, and much like restaurant patrons give their credit cards to wait staff, "as people have positive experiences with Internet commerce, their level of skepticism is diminished."
Columbia University professor Alan Westin, who has advised 45 national surveys on privacy, said "surveys are not a very good way to write legislation," although he said he could envision "framework regulation" that gave broad guidelines to businesses and placed enforcement in an existing agency such as the Federal Trade Commission.
At least one pollster was bullish on new legislation. Humphrey Taylor, chairman of Harris Interactive, said privacy is not a "front burner" issue with consumers but rather a "landmine" issue. This means that it has the potential to explode and prompt legislation if there is a scandal involving, say, massive online theft of credit card numbers or rampant abuse of personal data by an online merchant.
Subcommittee members in attendance seemed torn on whether to proceed with legislation. Subcommittee Chairman Cliff Stearns, R-Fla., said at his fourth hearing on privacy this year that he could see a case for banning "keystroke monitoring," using the analogy of consumers' use patterns at libraries and video stores being protected.
But he said that when he reviewed polling data on privacy, "I realized that there is more to the story being told by the data than a cursory first glance would suggest." He said it was clear that consumers are confused on the issue, have differing definitions of privacy, and at times give answers that don't match their own behaviors.
Still others are in favor of enacting a privacy bill, despite the public's confusion.
"The public is schizophrenic on what they want with privacy," said Rep. Michael Doyle, D-Penn. He said consumers seemed more concerned with financial and medical privacy than with other types, and the witnesses agreed.
Regardless of how polls are interpreted, Doyle said he believes "Americans want the government to take the appropriate actions to ensure they are protected online."
The cost of privacy
Meanwhile, a study released by ACT suggested that the cost of providing privacy safeguards could hinder business. The study, conducted by Robert Hahn, director of the American Enterprise Institute-Brookings Joint Center for Regulatory Studies, priced the cost of converting a single site at $100,000.
Hahn said it is an "open question" whether the conversion costs will go down over time as more sites implement the necessary software, but ACT President Jonathan Zuck said the notion of "economies of scale is a pipe dream. Each site would need custom-built solutions."
Hahn said the high costs of customized sites, especially if the new law requires quick implementation, will be especially difficult on small companies.
"We have to be careful not to kill the goose that laid the golden egg," he said.