• Commerce Department Calls for "Baseline" Consumer Privacy Rights
  • January 3, 2011 | Author: Ieuan Jolly
  • Law Firm: Loeb & Loeb LLP - New York Office
  • Privacy continues to be a hot topic in Washington. On December 16, the U.S. Department of Commerce Internet Policy Task Force issued a privacy report titled "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework." The task force describes the report as a green paper which is part of an ongoing effort to revise U.S. privacy law, industry guidelines and business practices to accommodate new and increased uses of consumer information.

    The Green Paper is similar to the FTC's recent Privacy Report (summarized here and here) and is designed to provide guidance to Congress as it considers new federal privacy legislation, and guidance for businesses that collect, share, use or store personal consumer information.

    The Green Paper proposes a "Dynamic Privacy Framework," recognition of baseline consumer privacy rights, a new federal security breach notification law, the establishment of a federal Privacy Policy Office, more self-regulatory programs for various industries, more transparency in privacy notices, and more cooperation with other countries to harmonize international privacy standards. The Green Paper recognizes that the continued expansion of the digital economy depends on developing a privacy framework that can quickly accommodate new technologies, address consumer concern, and provide some certainty to businesses about privacy practices.

    The Green Paper does not take positions on do-not-track or opt in/opt out regimes, two big issues in the online privacy debate, but the Green Paper was billed more as a road map and a framework, with the details to be included following industry and public input.

    Below are some highlights of the Green Paper:

    The Green Paper proposes a framework that is "designed to protect privacy, transparency, and informed choice while also recognizing the importance of improving customer service, recognizing the dynamic nature of both technologies and markets, and encouraging continued innovation over time." The framework includes the following policy recommendations:

    1. Adoption of baseline Fair Information Practice Principles (FIPPs) for commercial data privacy that would promote "increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." Establishment of a Privacy Policy Office (PPO) within the Department of Commerce. The Green Paper states that the PPO would work with the FTC in leading efforts to develop voluntary but enforceable codes of conduct, and companies would voluntarily adopt the appropriate code developed through this process. These codes of conduct would be enforceable by the FTC and compliance with such a code would serve as a safe harbor for companies facing certain complaints about their privacy practices.

    2. Encouragement of "global interoperability." The Green Paper states differences in form and substance between U.S. and other national privacy laws make it increasingly complicated for companies to provide goods and services in global markets. Therefore, in order to decrease regulatory barriers to trade and commerce, "the U.S. Government should work with our allies and trading partners to promote low-friction, cross-border data flow through increased global interoperability of privacy frameworks."
    3. Enactment of a federal commercial data security breach notification law that sets national standards, addresses how to reconcile inconsistent state laws, and authorizes enforcement by state authorities.
    4. The release of this Green Paper is another clear indication that the U.S. privacy landscape is changing and momentum is building for the enactment of new privacy laws and new self-regulatory programs. Companies should consider how their own privacy practices compare to the Commerce Department's Green Paper and the FTC's Privacy Report and whether any changes are needed.