programs on our web sites. and can you join in the conversation on social media sites. the obama administration is encouraging congress to pass legislation to protect consumer privacy on-line. the senate commerce committee

recently looked into the issue with the head of the federal trade commission. john leeb wits called for an expansion of the ftc authority to regulate on-line privacy laws. this is an hour and a half. >> good morning and afternoon. aapologies for being five minutes late. everyday, tens of millions of americans go on-line to search for information. they want it shop, pay their bills or their accessing social networking. they have transformed every aspect of our lives. what is less obvious is the level of information collected about us each time we visit a website.

consumers have no choice but to place an enormous amount of trust in the on-line world. trust that their information is safe, secure and used appropriately. whatever that means. but the incentive to misuse consumers' information is very great. a consumer's personal information is the currency, in fact, of the web. the value of this data has created untold riches for those who have successfully harnessed it. this is not necessarily bad as it enables an enormous amount of content to be accessed for free and allows companies to offer a number of services for free. but unfettered collection of consumer's on-line data poses to me very significant risks. right now consumers have little

or no choice in managing how their online information the collected and how it is used. whatever limited choices they do have are often too difficult to use and modeled by complicated, wordy privacy policies. it's, again, your classic health insurance comparison. tiny writing. protecting consumer privacy is critical for companies, and i understand that. people need to trust the web sites that they are visiting. but online companies are conflicted. they need to protect consumers' information, but they also need to be able to monetize their users' data. i am afraid that in the hypercompetitive online marketplace the need to monetize consumers' data and profits will win out probably almost every time over privacy concerns. the administration and the federal trade commission have both recently issued reports on the need for industry to do more to protect consumer data and

give consumers control over how their personal information is used. they have worked to bring about industry consensus on voluntary actions. this is an interesting subject which we'll discuss further at another hearing. the administration's and the industry's actions are to be commend in this respect. but i have learned over many years that self-regulation is inherently one-sided. in many industries, many times, in many eras, it's inherently one-sided, and that consumers' rights always seem to lose out to the industry's needs. i believe consumers need strong legal protections. they need simple and easy-to-understand rules about how, what, and when their information can be collected and

used. they need easy-to-understand privacy policies rather than pages of incomprehensible legalese. we should take up strong consumer-focused privacy legislation this year. i do not believe that significant consensus exists yet on what that legislation should look like, but i will continue to work with my colleagues on legislation. as chairman of this committee,ly continue to work with the administration and the ftc, both represented here, to push the industry to develop an adhered-to strong consumer privacy protects. i will continue to oversee hearings to make sure the trusting is people have placed in these companies is being respected. i call now on the ranking member, my next-door neighbor. >> thank you very much, mr. chairman, and thank you for holding another hearing on the topic of privacy.

it is a very important topic. as i have said in this committee in the past, i still remain skeptical of the need for congress to pass privacy legislation or, for that matter, for the ftc to have increased authority to enforce new privacy rules, regulations, or principles on the private sector. seems to me neither this committee, nor the ftc, nor the commerce department fully understand what consumers' expectations are when it comes to their online privacy. consumer expectations of privacy can vary based on the particular application they're using or by the general privacy preference of any given individual consumer. it's important that companies have maximum flexibility to work with their customers to ensure their customers' needs and preferences are met and that the application of service functions as consumers expect. as the recent ftc report correctly points out, companies are already currently competing on privacy and are promoting services as having stronger

privacy protects than what is being offered by marketplace rivals, for instance. this is a sign of a healthy, functioning, and competitive market. this type of competition is something that we should be encouraging. overly restrictive privacy rules and regulations handled down from washington may threaten this innovation by shifting the incentive to compliance over competition. i don't think anyone desires such a result, which is why i caution my colleagues and the administration to proceed with caution. proponents of federal privacy legislation and of granting the ftc authority to regulate online activity really should clearly demonstrate the market failure and consumer harm that they seek to address. the benefits of online tracking and data collection are very clear. facebook is free. gmail is free. google maps is is free. there are thousands of mobile device applications that are free. it's often said that information is the currency of the internet. a detailed, cost-benefit analysis of a do not track regulation or other new privacy rules would better inform our

discussion. but to my knowledge, one has not been completed. we need to fully understand the impact these proposals will have on the marketplace and the many online services consumers have come to expect for free or at a minimum cost. less information available is very likely to result in fewer free online services and an increase in pay walls. i think it's irresponsible for the federal government to require companies to radically alter a successful business model that's provided many consumer benefits without knowing all the facts first. i also question whether specific consumer harms currently occurring in the marketplace is cannot be addressed under the ftc's current statutory authority. section 5 of the ftc grant -- the ftc act grants the commission broad authority to investigate unfair or deceptive

acts or practice, and the commission has brought enforcement actions using this authority. in fact, the commission highlights a number of these enforcement actions in the beginning of its recently released report. when the commission sees what it believes to be unfair or deceptive practices, it has acted. just yesterday, it was reported that the ftc and myspace reached a privacy settlement that will subject the company to biannual privacy assessments for the next 20 years. in addition, google and facebook recently entered into consent decrees that subject the companies to outside audits for two decades. i have not heard a persuasive argument why the ftc needs greater authority. lastly, i find it interesting the commission seems concerned about consumer frustration in the private sector. consumer trust is very, very important. but there's no one for whom it's more important than the company that's hoping to attract and maintain customers. so i think trust in the marketplace is something that the marketplace tends to sort out pretty well. companies in all sectors of the economy have a powerful interest in building a strong, trusting relationship with their customers.

consumers don't trust company a, they quickly flee to company b. in the online space, this incentive is even stronger. the internet has made leaving one company or service provider for another very easy, can often be done at little or no cost. as one major online company likes to say, the internet is where, quote, competition is one click away, end quote. while this is an important topic and certainly worthy of our consideration, i think it's premature to discuss specific legislative fixes or increased ftc authority when we don't fully know whether or not and to what extent the problem exists. i look forward to hearing from our witnesses today, thank them for coming and thank you, mr. chairman. >> thank you very much. i call on the chairman of the subcommittee that works this, and that is senator john kerry. >> thank you very much, mr. chairman. i appreciate it. i certainly appreciate this hearing. and i think this hearing can help as a couple of prior hearings have. i think the record is already fairly clear, senator toomey, if i may say that a lot of the

questions you've raised have actually been addressed in those hearings and i think there's been a pretty powerful showing with respect to both the ability to have a privacy standard as well as the need for the privacy standard without affecting those applications and the free access and all the other things you're talking about. and i think the record will reflect that. i'm delighted that we have the chair of the federal trade commission and one of the commissioners from the commission here with us today. and obviously i'm delighted to welcome my own brother, who carries either the burden or privilege of being so. but i'm glad that he's here today representing the commerce department. he's been working on this under two different secretaries now, as have many of us here on the committee. so i know that in his capacity as the general counsel together

with the chair, they are going to set out today so the final findings of both the commerce department and the federal trade commission with respect to this question. it is not unimportant, i think, that both the commerce department and the federal trade commission frankly together with most of the privacy experts in the country have all come to the conclusion that we need to have a privacy law with respect to providing protection to individuals in commerce. and i think that the distinction, senator toomey, is is that the privacy experts have all come to that conclusion. obviously, some of the companies have not and don't share it. and the reason for that is very simple. in the information economy, the more that a company knows about you, the more valuable you are to them, whether you have

consented to that or not. and they are collecting more than simply the information that you type in. and a lot of americans aren't necessarily aware of that. these companies watch your behavior. and they measure your behavior. how long you linger on a site, your specific searches. a lot of people think they're just going in and searching privately. somebody's watching you. somebody's tracking you. you know, you wouldn't feel particularly good if you had a private investigator trailing you through the mall, looking at every single receipt that you get and everything you peruse and look at and ask for. that's essentially what's happening here. you don't have privacy. they analyze and enhance that data and then they reach a conclusion about you. using that information, these data scientists are creating enormous wealth, often producing innovative products, we agree,

and services. but there's nothing to stop them from doing the creation of those products and services with the consent of people who want to be part of that or without necessarily the detail of those who do not. so what's the harm? senator toomey sort of asked the question today. what's the harm of what can happen to you without your knowledge, consent, or active participation, and where there are no limbs to what can be collected and where you have no right to access what has been collected about you? it seems to me the more conservative position here is frankly to protect the individual in america, not to protect the right of people to invade your space without your knowing it. so if it's not properly secured, that information can actually harm you, number one, through identity theft. even if it is properly secured, it can be used to categorize you inaccurately or in ways that you don't wish to be categorized,

exposing you to either reputational harm or to unwanted targeting. for example, by analyzing your buying habits, a retailer may know that you're pregnant before you even tell anyone. they begin to send you advertising based on medical status or on your ethnicity or on your age, and corresponding behavior can then be used to target you in different ways than other populations may be targeted. and maybe you don't want to be targeted or analyzed in that particular way. or as in the case of the google wi-fi collection, your private communications including sensitive conversations can be easily captured, exposing aspects of your life to companies that are simply nobody's business. but when information collected about you is used to make your buying experience better or

serve you better, you'll find a majority of the people have absolutely no problem consenting to that kind of use. but the collector ought to have the right to make that judgment, the value proposition with respect to the consumer. most americans don't have any awareness that there's no general law of privacy in commerce in the u.s. today governing these transactions. and when it's brought to their attention, they say they want one. our largest trading partners have such laws. build on the european standard. but i believe it's important for us to set our own standard, something that could, in fact, be more flexible and more stakeholder driven and less punitive than what exists in europe today. but just as capable of delivering strong privacy protections. so in keeping with the spirit that the united states normally

doesn't, you know, wait for someone else to set the standard and then borrow it, we ought to be setting our own standard. the final agency reports that have been issued recently that we ought to lay out a blueprint of privacy principles for legislation. senator john mccain and i have agreed on one approach, and i introduced that approach with him more than a year ago. it reflects each of the principles that are being put forward in the analyses today as well as the concept of a safe harbor for a flexible application of the code of conduct to different kinds of businesses. i think all of us know that consumers in the united states are very smart. they'll consent to reasonable and useful data collection and use practices, particularly if they think it enhances their buying and life experience. but the most important principle we want to reinforce here is that the individual consumer has the right to make that decision. so can we get there? i think it's up to the members of this committee. the bipartisan proposal that

senator mccain and i offered up, is, as i said, not the only way to approach this. we're ready to negotiate. and i think we ought to compromise in this effort to reach a fair standard. but we need to get down to that discussion because we really can't afford another year of delay which may in the end wind up putting america into a default position on this, which would be far less flexible, thoughtful, and sensitive to our own business interests. and i think that americans ought to know that congress believes that in the digital age every individual american has a right to an expectation of privacy. i hope we can find that way forward, mr. chairman. >> thank you very much, senator kerry. i want to proceed now to our witnesses, and we'll have ample time for questioning and others will be -- members will be coming and leaving.

let's start by preference of order, would be to start with the honorable john leibowitz, chairman of the federal trade commission, then honorable -- i'm going to skip over you to the guy who's general counsel to the department of commerce, who is somehow related to senator kerry. and then come back to you as a cleanup. is that all right? >> sure. >> so let's start with chairman leibowitz. >> thank you, chairman rockefeller. senator toomey, senator kerry, senator ayotte, i appreciate the opportunity to present testimony on consumer privacy alongside our newest commissioner as well as my friend cam kerry. the commission commends the recent privacy efforts by the department of commerce as well as the bipartisan leadership your committee has shown on consumer privacy issues. though most of my remarks today will concern privacy policy and especially do not track, the ftc

is primarily an enforcement agency and commissioner ohlhausen will describe our recent enforcement efforts. mr. chairman, imagine a cash-strapped college student working part-time to keep up with tuition payments. to make ends meet, she applies online for a loan and obtains it at a favorable rate. but she also goes online because her father suffers from depression, so she wants to research symptoms and potential treatments. soon after, in the mail, she receives another loan offer. this time from a payday lender at a much higher rate. in the evening, she spends time relaxing by catching up with friends' posts on a social network. while online, she notices she's receiving ads for medication for stress and depression as well as more loan offers. could the lender have sold the information about her need for money to payday lenders who are now offering her loans? could the fact that she researched depression be sold to or shared with potential employers or insurers?