On June 18, 2009, the House Subcommittee on Commerce, Trade and Consumer Protection held a joint hearing with the Subcommittee on Communications, Technology, and the Internet on the topic of “Behavioral Advertising: Industry Practices and Consumer Expectations.” The subcommittee members explained that they hoped the hearing would help determine the need and possible parameters for new legislation governing privacy and behavioral advertising.
The subcommittees heard testimony from the following witnesses:
- Edward W. Felton, Professor of Computer Science and Public Affairs at Princeton University
- Anne Toth, Vice President of Policy and Head of Privacy, Yahoo! Inc.
- Nicole Wong, Deputy General Counsel, Google Inc.
- Christopher Kelly, Chief Privacy Officer, Facebook
- Jeff Chester, Executive Director, Center for Digital Democracy
- Charles Curran, Executive Director, Network Advertising Initiative
- Scott Cleland, President, Precursor LLC
Committee members' questions focused on issues that would be important to drafting legislation. For example, several members asked about the benefits of opt-in as opposed to opt-out requirements. Opt-in and opt-out are two schemes for allowing consumers an option as to whether to participate in targeted advertising. Opt-out requires consumers to affirmatively seek out the company's policy and elect not to participate, while opt-in would require companies to affirmatively notify consumers of their privacy policies and obtain permission before using consumers' data. After hearing from witnesses from Google and Yahoo about their opt-out programs, Chairman Rush asked exactly what consumers "opt-out" of, inquiring whether opt-out ensures that a consumers data will not be collected, or whether opt-out means that a consumer will not see targeted ads. Both witnesses explained "opt-out" allows users to exclude themselves from targeted advertising, but not data collection.
Committee members also focused attention other issues that would be important to the drafting of legislation, including the treatment of personally identifiable and sensitive information, and whether the Federal Trade Commission (FTC) or the Federal Communications Commission (FCC) should be given jurisdiction over new legislation. Consistent with the FTC Chairman's recent questioning of the adequacy of existing industry self-regulation, reported here, members also inquired about whether self-regulation can be effective without an enforcement mechanism and whether industry audits would advance privacy interests.