House members went back to the drawing board on Internet consumer protection Thursday; once again tackling the subject of how much personal data Web companies should collect about you, and whether or not Congress needs to legislate a solution.

House members went back to the drawing board on Internet consumer protection Thursday; once again tackling the subject of how much personal data Web companies should collect about you, and whether or not Congress needs to legislate a solution.

"What is needed is not just a decision about opt-in and opt-out, but also a framework for privacy protection," said Rep. Rick Boucher, chairman of the House Energy and Commerce Internet subcommittee.

"Opt-in taken by itself is completely meaningless" unless it includes a good description of what type of data a company will be collecting, he said.

The hearing dealt primarily with deep-packet inspection (DPI), a technique that allows for the detailed inspection of data as it travels across the Internet. ISPs can use it to filter out the illegal transfer of copyrighted material or harmful viruses and spam, but providers have come under fire for allegedly using the technology to block certain file-sharing applications or to serve up targeted advertisements based on Web activity.

The National Cable & Telecommunications Association (NCTA), which represents most of the major U.S. cable companies, denied that any of its members utilizes DPI for behavioral advertising purposes. AT&T also said it does not use DPI at this point.

"We will initiate such a program only after testing and validating the various techs and only after establishing clear and consistent measures to engage customers," said Dorothy Attwood, AT&T's chief privacy officer. "If AT&T deploys these technologies and processes, we'll do it the right ways."

"Let me stress again that [DPI]  like any technology we deploy  is being deployed in a manner that respects our customers' privacy," said Kyle McSlarrow, president and CEO of NCTA. "We believe that protection of subscriber privacy is the most useful focus for the policy debate."

These are not new revelations, so what should happen going forward? Should Congress step in and craft a bill that bans companies from collecting customer information without their consent? Or should the industry be responsible for coming up with its own set of guiding principles without government intervention?

Not surprisingly, NCTA and AT&T voted for a more hands-off approach, while the interest groups on the panel, like Free Press, the Electronic Privacy Information Center (EPIC), and the Center for Democracy and Technology (CDT), were in favor of a bill.

"Even if ISPs or advertising networks intend to only use a small portion of what's captured by DPI, it doesn't diminish the breadth and intrusiveness of that initial data capture," said Leslie Harris, president and CEO of CDT. "I worry about the unlimited appetite for surveillance that our government appears to have, and that DPI is a game changer there as well."

Harris pushed for "baseline, technology neutral consumer privacy legislation."

McSlarrow urged Congress to "consider allowing self-regulation to work."

"This entire arena is moving so fast," McSlarrow said. "I think we should allow industry and all stakeholders to try to work together to force us to come up with self-regulatory principles."

When done correctly, "behavioral advertising can actually be the most pro-consumer thing we do, to enrich the Internet, [and] to allow new services that haven't even been created yet to survive and thrive," he said.

It doesn't appear that Boucher is entirely behind the self-regulation option. He pledged to introduce consumer privacy legislation that will be similar to a bill he and Cliff Stearns, the subcommittee's ranking member, introduced several years ago, though he suggested that it will focus more on consumer's online rights than impeding any specific technology.