Search
  Share Print Page
Search


Filter results:
Dates: to

Apply Filters

People

Services

 

Alerts/Articles

Obama administration releases long-awaited consumer data privacy report
February 24, 2012
Privacy Alert
Author(s): Linn Foster Freedman

On February 23, 2012, the White House released a long-awaited report with final recommendations for a new consumer privacy regime in the United States.  “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy” makes clear that “strengthening consumer data privacy protections in the United States is an important Administration priority.”  The framework suggests four key elements that the Department of Commerce should work to implement that include Consumer Privacy Bill of Rights, Enforceable codes of conduct, enforcement and global interoperability. This alert discusses the report and its possible implications to your company’s privacy practices.

Download PDF

On February 23, 2012, the White House has released a long-awaited report with final recommendations for a new consumer privacy regime in the United States. The report is titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy” and makes clear that “strengthening consumer data privacy protections in the United States is an important Administration priority.”

The “framework” consists of four key elements that the Administration has charged the Department of Commerce with implementing.

  • A Consumer Privacy Bill of Rights that sets forth individual rights and corresponding obligations of companies in connection with personal data. These consumer rights are based on U.S.-developed and globally recognized Fair Information Practice Principles;
  • Enforceable codes of conduct, developed through multistakeholder processes, to form the basis for specifying what the Consumer Privacy Bill of Rights requires in particular business contexts;
  • Federal Trade Commission (FTC) enforcement of consumers’ data privacy rights through its authority to prohibit unfair or deceptive acts or practices; and
  • Increasing global interoperability between the U.S. consumer data privacy framework and other countries’ frameworks through mutual recognition, the development of codes of conduct through multistakeholder processes, and enforcement cooperation.

The report expounds on each of these four elements as summarized below.

  1. Consumer Privacy Bill of Rights

    The Administration promotes “A Consumer Privacy Bill of Rights” that includes the principles listed below. It bears noting that these principles are similar to those promoted by Europe’s Organization for Economic Co-operation and Development (OECD) and Asia-Pacific Economic Cooperations (APEC) that have been in place for years.

    • Individual Control
    • Transparency
    • Respect for Context
    • Security
    • Access and Accuracy
    • Focused Collection
    • Accountability

    The Bill of Rights will be “flexible” to promote innovation and will be enforced by the Federal Trade Commission. The Administration believes that enacting the Consumer Privacy Bill of Rights through federal legislation will increase “legal certainty for companies, strengthen consumer trust, and bolster the United States’ ability to lead consumer data privacy engagements with our international partners.”

  2. Enforceable codes of conduct

    To implement the proposed Bill of Rights, the Administration calls on individual companies, industry groups, privacy advocates, consumer groups, crime victims, academics, international partners, state attorneys general, federal civil and criminal law enforcement representatives, and other relevant groups to participate in multistakeholder processes to develop codes of conduct that implement the general principles listed above.

  3. Enforcement

    The report calls the FTC the government’s “leading consumer privacy enforcement authority.” Thus, FTC enforcement is critical to ensuring that companies are accountable for adhering to their privacy commitments and ensuring that responsible companies are not disadvantaged by competitors playing by different rules. As part of consumer data privacy legislation, the Administration encourages Congress to provide the FTC (and state attorneys general) with specific authority to enforce the Consumer Privacy Bill of Rights.

  4. Promoting International Interoperability

    The Administration recognizes that cross-border data flow is vital to the domestic and global economy. Differences in national data policies create bottlenecks and challenges that stifle growth and commerce. As such, the President’s report suggests engaging with international partners to increase interoperability in privacy laws by pursuing mutual recognition, the development of codes of conduct through multistakeholder processes, and enforcement cooperation.

Call for federal privacy legislation

The report concludes by urging Congress to pass legislation that codifies the Administration’s Consumer Privacy Bill of Rights. The President also seeks legislation that grants the FTC direct enforcement authority, puts in place a safe harbor that allows for the international exchange of personal information, and sets a national breach notification program, all while balancing state and federal roles in data privacy protection and preserving existing federal data privacy laws. Lofty goals to be sure!

Conclusion

Reaction to the report has been swift by privacy advocates, industry experts[1],  and scholars. Some call it a signal that privacy is finally getting the attention it deserves, while others have called it “more of the same.” In the final analysis, while the report sets forth general principles and seeks the participation of representatives from all entities that have an interest in privacy, it obviously remains to be seen if the report has any effect on building a consensus around privacy rights and obligations. Until now, it has been clear that various diverging interests have made comprehensive agreement elusive. We expect the debate over many of these privacy principles to continue and expand, and therefore, suggest that you begin incorporating privacy into your business culture and information practices. We will continue to monitor this rapidly changing area of the law and will keep you advised of developments as they occur.


  1. http://blogs.intel.com/policy/2012/02/23/white-house-privacy/
    [Back to reference]

Ideas


The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.