Yesterday, the Obama Administration released their latest efforts to effect real privacy standards and legislation in what they are calling the Consumer Privacy Bill of Rights. The paper, entitled Consumer Data Privacy in a Networked World outlines several measures that will drag the US, kicking and screaming, into the development of a real privacy standard that will rival the European and OECD standards and directives.
The plan is broken down into several areas. First, there is a Consumer Privacy Bill of Rights that is similar to the OECD Privacy Principles, albeit unnecessarily complicated and duplicative. Secondly, the Bill of Rights would be implemented in Codes of Conduct that industry would need to develop in concert with the government’s “assistance”. Thirdly, the FTC would be the enforcer of these codes of conduct similar to their current role. Lastly, the plan calls for a Federal breach notification standard and calls for enforceable federal legislation that would enable mutual recognition by other countries. To date, Congress has failed miserably in every attempt to enact Federal data privacy legislation, so I applaud the Administration for trying the carrot approach, since the stick has not been effective.
Consumer Privacy Bill of Rights
The Obama Administration is hoping that even if Congress does not implement Federal legislation, that this will be the starting point for industry discussion and a beginning of privacy standards that can be used by businesses and industries. The Bill of rights is similar to the OECD standards and includes:
•Individual Control
•Transparency
•Respect for Context
•Security
•Access and Accuracy
•Focused Collection
•Accountability
Codes of Conduct
The plan calls for companies and groups to develop these codes of conduct in cooperation with the FTC and the National Telecommunications and Information Administration (NTIA). The enforcement powers would most likely be given to the FTC under Section 5 off the FTC Act, similar to how the FTC now brings actions against organizations for unfair and deceptive trade practices. Any Federal legislation resulting from this should preempt any state laws to the extent they are inconsistent with the Federal law.
Time will tell if the plan will advance privacy legislation and improve consumer protection, but it is already an improvement of anything we have seen come down from Capitol Hill – which is nothing. If this indeed moves forward, the next step will be gaining recognition by the EU, but forgive me if I don’t hold my breath on this just yet.
More to come on this topic as it develops.
