The White House recently announced a significant
and comprehensive Consumer Privacy Bill of Rights that, if adopted as law, will
have major impact on advertisers, agencies, Internet companies, and consumers.
The Obama administration is raising the bar on this measure in an area where
Congress has struggled in order to provide consumers with greater online
privacy protection through voluntary codes of conduct, federal legislation, and
enforcement by the FTC and state Attorneys General. The measure also provides for
a federal national standard for notification of data breaches and preemption of
all similar state law.
On the same day, the White House, Department of
Commerce and Federal Trade Commission each commended the Digital Advertising Alliance (DAA) for its
self-regulatory privacy program for online, interest-based
advertising. On also on that day,
the DAA announced an industry self-regulatory
program “that will immediately begin work to recognize browser-based choices
with a set of tools by which consumers can express their preferences under the
DAA Principles." Major Internet players such as Google and Microsoft
agreed to honor consumer do-not-track choices, a particularly significant
development given that those players represent the majority of online
behavioral advertising delivery and given that such a commitment is subject to
FTC enforcement.
The White House initiative is an extension of a privacy report issued by the Department of
Commerce on Dec. 16, 2010. This privacy
report was made by an Internet Policy Task Force charged to conduct a
“comprehensive review of the nexus between privacy policy, copyright, global
free flow of information, cybersecurity, and innovation in the Internet
economy.”
Multi-Pronged Approach
The
White House said the “blueprint will guide efforts to protect privacy and
assure continued innovation in the Internet economy by providing flexible
implementation mechanisms to ensure privacy rules keep up with ever-changing
technologies.” The action steps for this
blue print are:
- Making Enforceable the Consumer Privacy Bill of Rights: The Commerce Department’s National Telecommunications and Information Administration (NTIA) will soon convene Internet companies and consumer advocates to develop enforceable codes of conduct that comply with the Consumer Privacy Bill of Rights, building on strong enforcement by the Federal Trade Commission. The Administration will also work with Congress to enact comprehensive privacy legislation based on the rights outlined here.
- Achieving privacy policies for a Global, Open Internet: The Administration’s plan lays the groundwork for increasing interoperability between the U.S. data privacy framework and those of U.S. trading partners.
- Industry Action: In response to calls from the Administration and the Federal Trade commission (FTC), leading Internet companies and online advertising networks are committing to use Do Not Track technology from the World Wide Web Consortium in most major web browsers to make it easier for users to control online tracking.
Seven Fundamental Protections
According to the White House press release, the Bill of Rights consists of
seven fundamental protections that consumers should expect from companies:
- “Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
- Transparency: Consumers have a right to easily understandable information about privacy and security practices.
- Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security: Consumers have a right to secure and responsible handling of personal data.
- Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.
- Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.”
Federal Privacy Legislation
The White House Report, ambitiously titled “Consumer Data
Privacy in a Networked World: A Framework for Protecting Privacy and Promoting
Innovation in the Global Digital Economy,” calls for Congress to enact legislation to:
- Codify the Consumer Privacy Bill of Rights
- Grant the FTC and state Attorneys General authority to enforce the law directly
- Pre-empt state privacy laws that are inconsistent with the Consumer Privacy Bill of Rights
- Establish a safe harbor from enforcement for companies that adhere to voluntary codes of conduct that the FTC has reviewed and adopted
- Set a national standard for security breach notification that pre-empts existing laws in 47 states.
Authors:
Paul C. Van Slyke Bart Huffman
