The Obama Administration on February 27 released, and called on Congress to begin active consideration of draft legislation that would establish clear principles for how consumer data is collected, stored in online transactions, and defined.
The President’s so-called “Consumer Privacy Bill of Rights Act of 2015” is modeled after a similar proposal announced in 2012. It contains requirements for meeting seven privacy principles – individual control, transparency, respect for context, security, access and accuracy, focused collection, and accountability – that will likely serve as a blueprint for privacy in the information age, even though the technology industry and privacy advocates have been highly critical of the legislation.
“We appreciate the Obama Administration’s effort to address important consumer privacy and security, but its proposal could hurt American innovation and choke off potentially useful services and products,” said Gary Shapiro, president and CEO of the Consumer Electronics Association, in an online statement. “If enacted, the proposal’s broad definitions, expanded bureaucratic authorities and steep penalties could burden the tech economy with uncertainty and stifle the development of the Internet of Things (IoT), which holds promise for novel new services and products, consumer safety and security, and job creation.”
The new proposal is already facing similar obstacles in Congress, where Republicans claim it’s not needed, while Democrats are concerned it doesn’t go far enough and undermines existing privacy protections.
“The Internet economy is dynamic and certainly moves faster than Congress,” stated Reps. Fred Upton (R-MI) and Michael Burgess (R-TX), the respective chairmen of the committee and subcommittee with jurisdiction over the issue, in a joint statement. “We are seeing great innovation on privacy and consumer choice, raising doubts about whether comprehensive legislation is the best approach.”
“While this proposal from the White House focuses attention on the need for strengthening the privacy rights of Americans, it falls far short of what is needed to ensure consumers and families are squarely in control of their personal data,” said Senator Edward Markey (D-MA) in a statement. “Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally-enforceable rules that companies must abide by and consumers can rely upon.”
The proposed legislation grants new enforcement power to the Federal Trade Commission (FTC) to require companies to abide by “fair information practice principles” that include being transparent about data-collection activities and giving consumers the right to exercise control over their personal information. However, it provides companies with so-called “safe harbor” protection if they agree to comply with a privacy code of conduct approved by the FTC. It also preempts state laws to the extent that they impose requirements regarding the privacy of data that is linked to an individual or a specific computing device.
“We want our children to go online and explore the world, but we also want them to be safe and not have their privacy violated,” said President Obama in remarks at a Cybersecurity and Consumer Protection Summit at Stanford University in mid-Feb. “So this is a direct threat to the economic security of American families, not just the economy overall, and to the wellbeing of our children, which means we’ve got to put in place mechanisms to protect them.”