United States: Ecommerce News

Dot Com Disclosures. On May 3, the FTC issued "Dot Com Disclosures: Information about Online Advertising," a working paper that examines how current consumer protection rules and guides apply to advertising and sales on the Internet. The paper focuses on the clarity and conspicuousness of disclosures in Internet ads, and stresses that the same consumer protection laws that apply to commercial activities in the offline world apply online as well. Accordingly, ads must be truthful and not misleading, advertisers must be able to substantiate their claims, and ads cannot be unfair. Some ads require disclosures to prevent them from being misleading -- and such disclosures must be presented "clearly and conspicuously."

What makes a disclosure "clear and conspicuous?" In evaluating whether disclosures are likely to meet the "clear and conspicuous" requirement, the FTC suggests that advertisers place disclosures near, and if possible, on the same screen as the claim they modify and use cues to encourage consumers to scroll down when necessary to view a disclosure. When using hyperlinks to lead to disclosures, the FTC suggests that advertisers make the link obvious, label it to mark its importance, place it near relevant information and make it noticeable, use link styles consistently, take consumers directly to the disclosure on the click-through page, and assess the link’s effectiveness by monitoring the disclosure page.

The FTC's laundry list of advice continues by suggesting that advertisers should display disclosures prior to purchase; creatively incorporate disclosures in banner ads or disclose them clearly and conspicuously on the page to which the banner ad links; prominently display disclosures so they are noticeable and not drowned out by other elements on the page; repeat disclosures as necessary; and use clear language and syntax.

How do FTC guides and rules apply to ecommerce? The FTC's report makes clear that rules and guides that apply to written ads or printed materials also apply to visual text on the Internet. Although the FTC will continue to examine the application of these rules and guides on a case-by-case basis, the general rule is that the words "written," "writing," and "printed" will apply online. If a seller uses email to comply with FTC rule or guide notice requirements, the seller should make sure consumers understand that they will receive the information by email, and should provide the information in a form that consumers can retain.

On May 22, the FTC issued "Privacy Online: Fair Information Practices in the Electronic Marketplace," its third report in a series on online privacy. In this report, the agency reviewed the results of its "sweep" search of online privacy disclosures, evaluated the effectiveness of self-regulation, and took into account the recommendations of the FTC-appointed Advisory Committee on Online Access and Security. In a controversial change from its traditional reliance on industry self-regulation, the Commission, in a 3-2 vote, concluded that industry’s efforts at self-regulation have been insufficient and that legislation is needed to protect consumer information. The Commission recommended that legislation require sites that collect personally identifying information from or about consumers to comply with the four traditional fair information practices: notice, choice, access, and security.

In general, notice entails informing consumers clearly and truthfully about how sites collect and intend to use personally identifiable information. Choice means allowing consumers to decide how their information is used beyond the purpose of the transaction for which it was provided. Access involves allowing consumers to review the data that sites collect about them and giving them a reasonable opportunity to correct errors or delete information. Finally, security requires sites to take reasonable measures to protect the security of consumer information they collect.

What did the FTC's "sweep" search find? A survey conducted by the FTC earlier this year examined two groups of web sites: a random sample of 335 sites with at least 39,000 unique visitors each month and 91 of the 100 most popular web sites. Among the FTC’s findings were that nearly all the sites collect some personally identifying information, such as an email address. The agency found an increase in the percentage of sites posting at least one privacy disclosure (up from 14 percent two years ago to 88 percent of sites in the random sample and 100 percent in the popular group today). Despite this increase in sites’ use of security policies, the FTC found only 20 percent of the random sites and 42 percent of the popular sites follow all four of its recommended practices. Moreover, 41 percent of the random sites and 60 percent of the popular sites meet both the notice and choice requirements. The FTC also found that 8 percent of random sites and 45 percent of the popular sites had joined online privacy "seal" programs that inform consumers that the site follows and monitors certain industry information practices.

This data led the Commission to conclude that while industry self-regulation has led to substantial progress, such efforts alone are insufficient. To supplement efforts at self-regulation, the Commission recommended legislation that would establish the basic privacy standards described above and give an implementing agency the authority to promulgate and enforce more detailed standards.

Did all the Commissioners agree with the findings in the report? Two dissenting Commissioners (Leary, concurring in part and dissenting in part, and Swindle, dissenting) stated that the majority’s vote was not justified by the Commission’s own data. Commissioner Leary agreed that some legislation is necessary, but argued that the Commission’s recommendations were both too broad in some senses and too narrow in others. Commissioner Swindle argued that the agency should consider the potential costs and other unintended consequences of such legislation.

What is industry's response to the report? Industry representatives responded that self-regulation is working and that legislation is unnecessary. As evidence, many pointed to the Commission’s own numbers, particularly the large increase in sites’ use of privacy policies. The FTC responded that while these numbers indicate the number of sites that have privacy policies, they do not indicate how many sites use the information practices it outlined. Industry representatives also expressed surprise that the FTC seemed to be criticizing the industry for not implementing certain measures on standards, like access, upon which the FTC had not focused and consensus had not been reached at the time of the report. (The access issue cuts both ways from a privacy perspective because sites would have to ensure -- by asking searching questions -- that the person accessing information is really the subject of the data.) The FTC agreed that self-regulation has made significant progress, but suggested it would be more successful with backup legislation.

What is Congress's view? In response to the agency’s proposal, several members of Congress, including Sen. Ernest Hollings (D-S.C.) and Sen. John D. Rockefeller (D-W.Va.), announced that they will introduce a bill establishing a federal standard for online privacy protections. This bill would use an "opt-in" approach, requiring sites to gain a consumer’s express consent before seeking personal information.

Many people agree that such legislation would be extremely difficult to pass before the end of this session. Some people in Washington, however, say a bill could move more quickly if Internet privacy becomes an election issue.

What is online profiling? Network advertising companies, such as DoubleClick, Engage, and 24/7 Media, supply banner ads. These companies gather information about consumers who view their ads mainly through the use of "cookies" and "web bugs," which track a consumer’s actions on the Internet. Using such tracking, ad companies collect information (including web sites an individual has visited, time and duration on each site, search terms entered into a search engine, online purchases, and responses to ads). Ad companies can collect this information even if the consumer does not click on an ad.

Often, the information advertisers gather about individuals is anonymous, that is, non-personally identifiable information. In some cases, this information is merged with a consumer’s personally identifiable information when the consumer identifies herself on a web site containing a banner ad. This process can result in the creation of a highly-detailed profile of the individual consumer.

While such data-gathering allows companies to personalize the experience of their online visitors, consumers are often unaware that it is happening.

What has the FTC done about online profiling? On June 13, the FTC issued "Online Profiling: A Report to Congress." The report discussed the nature of online profiling, consumers’ privacy concerns about such practices, the agency’s efforts to address these worries, and the industry’s efforts toward self-regulation. Unlike the controversial privacy report issued less than a month before, the online profiling report did not recommend legislation. Rather, it encouraged advertisers to use self-regulation to preserve privacy. In pursuit of this goal, the Commission and Department of Commerce have been negotiating with members of the National Advertising Initiative (NAI), an organization of the leading Internet advertisers, to develop principles for self-regulation of the online profiling industry. The report noted that NAI has submitted drafts of principles for consideration and announced the Commission’s intention to supplement its report with specific recommendations to Congress after it considers NAI’s proposals.

The Commission’s vote to release the report was 5-0, with Commissioner Swindle concurring in part and dissenting in part.

What will Congress do about online profiling? The day the Commission released its report, Jodie Bernstein, Director of the Bureau of Consumer Protection at the FTC, and Internet industry executives testified before the Senate Commerce Committee about the report and NAI’s formation. A security and privacy consultant testified about "data spillage," which occurs when sites share personally identifying information with third parties, such as Internet advertising companies.

All six Senators at the hearing said legislation is necessary to protect consumers from unknowingly disclosing their personal information. Again, it is unlikely that legislation on this subject will pass during this session.

FTC issues final Rule on privacy provisions for financial institutions. In mid-May, the Commission issued a final Rule implementing the privacy provisions of the Gramm-Leach-Bliley Act. The Rule requires financial institutions to provide their customers with both initial and annual notices about their privacy policies and practices, describes conditions under which financial institutions may disclose consumers’ personal financial information to unaffiliated third parties, and provides (with some exceptions) a method for consumers to opt out of disclosures of their nonpublic personal information to unaffiliated third parties. The rule will go into effect in July 2001, and companies that could be considered "financial institutions" under the rule (see February 2000 Ecommerce News) should be preparing now to comply.

Electronic commerce dispute resolution proposal released. At an FTC/Department of Commerce online dispute resolution workshop in early June, The Electronic Commerce and Consumer Protection Group (AOL, AT&T, Dell, IBM, Microsoft, Network Solutions, and Time Warner) proposed draft "Guidelines for Merchant-to-Consumer Transactions." The guidelines are a set of best practices that are aimed at protecting consumers who make purchases online. The Group also issued a companion "Statement on Global Jurisdiction Framework for Electronic Commerce," which describes how the guidelines were developed and how they may lead to a permanent framework for consumer protection and growth of e-commerce.

On June 29-June 30, the FTC will hold a public workshop on business-to-business (B2B) electronic marketplaces. Open to the public and the press, the workshop will bring together designers, owners, and operators of B2B electronic marketplaces, and buyers and sellers who would like to use them. Its aim is to enhance understanding of how B2B electronic marketplaces function and generate efficiencies, and to identify possible antitrust issues.

Summer associate Marina Mazor assisted in the preparation of this newsletter.

China PNTR. Senate Majority Leader Trent Lott (R-MS) says he expects legislation granting China permanent normal trade relations status after the July 4 recess. The White House has made the legislation a top priority since passage in the House of Representatives on May 24 (by a vote of 237 to 197). The President recently met with a bipartisan group of senators in hopes of expediting Senate consideration. Many observers believe Sen. Lott is using the vote as leverage in urging the White House's support for other measures. Several industry groups are worried that the longer it takes for the Senate to bring up the bill for consideration, the more it becomes embroiled in election year politics and the more likely it could be pushed off until next year.

COPA. On June 222, the Third Circuit ruled as "likely unconstitutional" the criminal provisions of the 1998 Child Online Protection Act (COPA). COPA sought to make it a crime to knowingly publish on the Internet, in a location accessible to persons under age 18, material that is deemed harmful to minors. The American Civil Liberties Union and several adult-content web sites filed suit against the Act claiming the law violated their First Amendment rights. The three-judge panel wrote "To avoid liability under COPA, affected Web publishers would either need to severely censor their publications or implement an age or credit card verification system whereby any material that might be deemed harmful by the most puritan of communities in any state is shielded behind such a verification system."

Copyright. The federal district court for the Northern District of California on May 5 denied Napster's motion for summary judgment in a lawsuit filed by several major record companies for copyright infringement. Napster provides free software on its web site for those who wish to exchange MP3 music files. Napster argued that it should be protected from liability under the safe harbor provisions of the Digital Millennium Copyright Act of 1998 (DMCA) which pertain to online service providers. But the court disagreed, saying Napster facilitates connections among its users and does not transmit connections through its system as the DMCA safe harbor contemplates. A trial has not yet been scheduled, and Napster is said to be discussing settlement with the record companies.

Electronic Signatures. On June 22, Congress overwhelmingly passed the Digital Signatures in Global and National Commerce Act (S. 761). The legislation, which is expected to be signed by the President, confers legal validity on electronic signatures.

Internet Taxation. While Sen. John McCain (R-AZ), Chairman of the Senate Commerce, Science and Transportation Committee, has legislation that remains stalled in his committee, Sen. Byron Dorgan (D-ND) has introduced what he calls compromise legislation. Dorgan's proposal would extend the moratorium on discriminatory access charges for four years, and allows states to form compacts among each other to compel out-of-state businesses with over $5 million in gross sales to collect sales taxes. A compact would have to include a minimum of twenty states with a simplified tax regime. However, Sen. McCain rejected the proposal, saying that the Internet must remain tax-free for an extended period and that Sen. Dorgan's proposal would amount to a "back-door" tax. Meanwhile, Sen. McCain is continuing to negotiate with members of his panel to pass a five-year moratorium on Internet taxes.

Spam. The House Committee on Commerce reported the Unsolicited Commercial Electronic Mail Act of 2000 (H.R. 3113), sponsored by Reps. Heather Wilson (R-NM) and Gene Green (D-TX). The legislation would require unsolicited, commercial e-mail to include a header identifying the message as an advertisement and have a valid return e-mail address that recipients may use to request that they be removed from the distribution list. Additionally, ISPs would "not be liable, under any Federal, State, or local civil or criminal law, for any action it takes in good faith to block the transmission or receipt of " spam. Both consumers and ISPs would have a right of action against an offender in state court. Meanwhile, Sen. Conrad Burns (R-MT) has proposed S. 2542, Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN SPAM Act). There have been no hearings on the bill and Sen. Burns says he has not received word there will be committee action on his proposal.

Workforce Development. With an estimated 300,000 high-technology jobs going unfilled, the technology industry has lobbied hard for legislation that would allow them to hire more foreign workers with appropriate skills. In 1998, Congress increased the number of foreign work visas, known as H1-B visas, from 65,000 per year to 115,000 per year. But the cap was reached for fiscal year 2000 in March. There are several proposals in the current Congress to increase the cap. Senate Judiciary Committee Chairman, Orrin Hatch (R-UT), and Immigration Subcommittee Chairman Spencer Abraham (R-MI) have proposed The American Competitiveness in the Twenty-First Century Act (S. 2045) raising the cap to 195,000 over three years, while excluding from that number foreigners with graduate degrees and those who work for universities and government research entities. Bipartisan legislation, Helping to Improve Technology Education and Achievement Act of 2000 (H.R. 3983) introduced by Reps. David Dreier (R-CA) and Zoe Lofgren (D-CA) would raise the cap to 200,000 with 10,000 dedicated to jobs in higher education and 60,000 dedicated for those with advanced degrees. House Judiciary Subcommittee Chairman on Immigration and Claims, Rep. Lamar Smith (R-TX) has legislation, The Technology Worker Temporary Relief Act (H.R. 4227) which would remove the cap on the number of visas for three years, but imposes a series of regulatory and bureaucratic hurdles that would be difficult for the industry to fulfill. Many in the industry oppose this approach and support H.R. 3983 and S. 2045.