WASHINGTON - Ralph Nader and fellow consumer activists accused financial services companies Thursday of exploiting the weaknesses in the Gramm-Leach-Bliley Act by making their privacy policies indecipherable.
On the eve of the July 1 deadline for financial institutions to give customers a copy of their privacy policy and a chance to block the sharing of confidential information with outside companies, Mr. Nader called on lawmakers and regulators to toughen the requirements, and he advised consumers on ways to better shield their own data.
Stricter requirements such as getting explicit permission to share data, or an "opt-in," are "the only effective way to stop corporations anywhere in the world from rummaging through the personal files of millions of consumers," he said at a press conference.
It is unclear whether the strong criticism is a sign that the imminent effective date is activists' last gasp and will quiet for a while the two-year battle over privacy or, instead, mark the start of a consumer revolt. For their part, industry officials played down activists' jabs as exaggerations.
"In many ways, these historic privacy protections are working better than anticipated," Marcia Sullivan, director of government relations for the Consumer Bankers Association, said in a press statement. "Language used in privacy notices reflects a balance between the need to clearly explain complex provisions to consumers and satisfy legal requirements of the regulations."
Yet some policymakers echoed the activists' calls.
Rep. John LaFalce of New York, the ranking Democrat on the House Financial Services Committee, released a draft letter Thursday asking federal regulators to check how easy it is for average consumers to read and understand privacy notices and to take clarity into account when doing compliance exams.
"While a number of financial institutions have worked constructively to create effective privacy notices and opt-out vehicles, too many others appear to have used the privacy notices to confuse their privacy obligations and engage in inappropriate marketing," Rep. LaFalce wrote.
He said that many of the notices his staff members have reviewed are "overly complex, difficult to read and understand, and designed to discourage consumers' exercise of their privacy rights."
Sheila Anthony, a member of the Federal Trade Commission, said Wednesday that privacy notices, such as Internet privacy policy statements or those required under the Gramm-Leach-Bliley Act, should be regulated. She said her office, but not the entire FTC, is looking into standardizing privacy statements.
Likening the effort to the FTC's requirement that food makers use a standard nutritional label, Ms. Anthony said a uniform system might be the best way to inform consumers.
Mr. Nader said one of the main problems with Gramm-Leach-Bliley is the fact that it was watered down by industry lobbyists before its enactment. He called the 1999 law's privacy provision a "congressional sellout" to the banking industry that permits confusing, legalistic notices; makes it too easy to share information with third-party companies; and prevents consumers from blocking information-sharing among banking company affiliates.
Representatives of several other consumer activist groups joined Mr. Nader at the press conference, at which they released a petition they plan to present to the FTC.
David Vladeck, director of the Public Citizen Litigation Group, said the petition will urge the agency to require all financial institutions to provide a detachable card with statements; a 24-hour, toll-free phone line; and an e-mail address that consumers may use to submit their opt-out order. The activists are targeting the FTC, which only has jurisdiction over nonbanks, but Mr. Vladeck said they expect any change it adopts would have to be embraced by banking regulators.
Mr. Nader said the 5% industrywide reply rate to financial services companies' opt-out option proves that the companies are making it too hard to opt out.
Jim Pitts, executive director of the Financial Services Coordinating Council, countered that it is too early to make any statistical conclusion because the compliance date is still nearly two weeks away.
"Nobody yet knows what the actual opt-out rates may be," he said. "It's too early to determine how many people really are taking advantage of them."
He also said that if Mr. Nader's opt-in recommendation were adopted, and the figures did not rise, "Is it that people are happy with the way they are being served by banks or other institutions, or it is that it's too confusing? I don't think anybody really knows."
Mr. Nader and Remar Sutton, president of the Consumer Task Force for Automotive Issues, also discussed their joint venture, www.privacyrightsnow.org. The site includes a form letter consumers can send to companies to request that confidential information not be given to any outside or affiliate companies.
Though Mr. Sutton acknowledged the institutions have no obligation to completely comply with the letter, because Gramm-Leach-Bliley covers only sharing with outside companies, he said he hopes it will be enough to stop some affiliate information trading.
Ms. Sullivan, however, argued the institutions have legitimate uses for the information. "Advantages include quicker and more accurate credit decisions and a broader range of product offerings that are tailored to the customer's unique needs."
