AOL's recent privacy gaffe that exposed users' search histories may breathe new life into a proposal to slap strict rules on what data Internet companies may collect.
Representative Ed Markey, a Massachusetts Democrat, said on Wednesday that AOL's disclosure of the search habits of more than 650,000 of its users demonstrates that new laws are necessary. AOL has apologised for the disclosure.
"We must stop companies from unnecessarily storing the building blocks of American citizens' private lives," Markey said.
Markey's proposal, called the Eliminate Warehousing of Consumer Internet Data Act (EWOCID), was introduced in February after Google's courtroom tussle over search records with the US Department of Justice.
Republicans have kept it bottled up in a House of Representatives subcommittee ever since, but a Markey spokesman said Wednesday that he hoped "this most recent breach will light a fire under the GOP leadership".
EWOCID is intended to cover far more than search engines. It seeks to import European-style privacy regulations by requiring all Web site operators to delete from their logs personal information, defined as everything from a name and email address to — in some cases — an Internet Protocol address. Violations would be punished by the Federal Trade Commission.
Technology lobby groups including NetCoalition, which represents companies including Google, Yahoo, and CNET Networks (publisher of ZDNet UK) have expressed scepticism toward EWOCID. So have free-market groups including the Pacific Research Institute in San Francisco.
"Representative Markey's bill seeks to micromanage technology firms, which would be an enormous step in the wrong direction," said Sonia Arrison, the institute's director of technology policy. "Why on earth would anyone think the FTC would do a better job at managing data than Google or Yahoo?"
Discussion of AOL's misstep, which exposed anonymised yet intimate details of its users' personal lives, also surfaced at the Search Engine Strategies conference in California on Wednesday.
Danny Sullivan, editor of Search Engine Watch, which hosts the event, asked Google Chief Executive Eric Schmidt if Google would consider limiting the amount of time it retains user data in light of the AOL breach.
"We have actually had that debate," Schmidt said. "We are reasonably satisfied.. .that this kind of thing could not happen at Google," he said, before adding, "Never say never".
Later, Sullivan said that the outcry over AOL's action "will definitely elevate the debate" over user privacy on the Internet. Unless anonymised data can be made "bullet proof" to attempts to tie it back to the individual, it should be deleted, he said.
"I think you have to delete it over time or separate out the data that lets you build a profile," Sullivan said.
At the federal level, privacy laws tend to be created erratically, spurred by one well-publicised emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through DMV records, led to the Drivers Privacy Protection Act.
Even though a Republican-dominated Congress is unlikely to adopt Markey's bill verbatim, especially in the face of opposition from Internet companies, the AOL disclosure could give the data-deletion idea more visibility when privacy legislation is being considered. Texas Republican Joe Barton, chairman of the House Energy and Commerce Committee, has said that he wants to enact a broad privacy bill by the end of the year — but he has not disclosed details of what it will include.
CNET News.com's Elinor Mills contributed to this report.
