On Thursday, February 23, 2012, the White House released its highly anticipated report and recommendations on consumer privacy. The report, entitled, “Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy and Promoting Innovation In The Global Digital Economy,” includes a "Consumer Privacy Bill of Rights" establishing principles for how companies should handle personal information on the Internet. The report is part of a broader push by the Obama administration, and the federal government in general, to develop a stronger privacy framework in the United States and addresses growing concern over consumer privacy on the Internet.
Four Key Elements
The framework comprises four key elements: (1) a Consumer Privacy Bill of Rights, (2) a multi-stakeholder process to specify how the principles in the Consumer Privacy Bill of Rights apply in particular business contexts, (3) effective enforcement, and (4) a commitment to increase interoperability with the privacy frameworks of international partners.
Consumer Privacy Bill of Rights
In a move toward globalizing privacy principles in the United States, the Consumer Privacy Bill of Rights utilizes comprehensive, globally recognized Fair Information Practice Principles (FIPPs). For example, the guidelines call for consumers to have better control over their individual data, including control over what data companies collect and what they do with it, as well as access to data collected and the ability to correct inaccurate data. The framework also calls for increased transparency with easily understandable and accessible privacy and security policies, the secure handling of data, reasonable limits on data collection, data collection that is consistent with consumers' expectations given their online behavior, and accountability of companies who collect data.
The Consumer Privacy Bill of Rights provides general principles that afford companies discretion in how they implement them. This flexibility will help promote innovation. Flexibility also will encourage effective privacy protections by allowing companies, informed by input from consumers and other stakeholders, to address the privacy issues that are likely to be most important to their customers and users, rather than requiring companies to adhere to a single, rigid set of requirements.
Multi-Stakeholder Development of Codes of Conduct
The guidelines are voluntary, but the White House is urging Congress to draft them into law. The White House also is encouraging companies to work with the government and other stakeholders to adopt codes of conduct in multi-stakeholder discussions. The FTC would have the ability to enforce compliance with standards and guidelines if companies have chosen to adopt them. Private sector participation will be voluntary, and companies ultimately will choose whether to adopt a given code of conduct. By encouraging companies and industries to adopt guidelines, the White House is hoping to allow for innovation and flexibility for businesses while increasing privacy protection for consumers.
The report notes that FTC enforcement is critical to ensure accountability of private companies in complying with their privacy obligations and to ensure that responsible companies are not disadvantaged by competitors who would play by different rules. As part of the consumer data privacy legislation, the Obama administration encourages Congress to provide the FTC (and state attorneys general) with specific authority to enforce the Consumer Privacy Bill of Rights.
The framework embraces the goal of increased international interoperability to provide consistent, efficient rules for personal information in the user-driven and decentralized Internet environment. The two fundamental principles for this cross-jurisdictional interoperability are mutual recognition and enforcement cooperation. Mutual recognition requires effective enforcement and well-defined accountability mechanisms. Multi-stakeholder cooperation can result in scalable, flexible methods for developing codes of conduct that simplify compliance standards. Enforcement cooperation facilitates the ability of countries to protect the rights of their citizens when personal information leaves the country. These approaches enable U.S. efforts to clarify data protection standards globally while maximizing the flexibility that is critical to technological innovation.
As part of the White House's push for privacy rights, a coalition of Internet companies has announced it will support a do-not-track mechanism or button embedded into Internet browsers. This button would allow consumers to quickly and simply indicate when they do not wish personal data to be collected. The coalition companies have agreed to then not collect data based on Web-browsing habits for targeted advertising purposes. The coalition will work with companies, likely during the next nine months, to implement the new do-not-track feature into Web browsers.
The report states, “the Administration will implement this framework without delay.” The White House, through the Department of Commerce, plans to work with other federal agencies to convene stakeholders, including international partners, to develop enforceable codes of conduct based on the Consumer Privacy Bill of Rights.
Implications for Business
The report adds further emphasis and detail to the White House's efforts to promote consistent privacy standards in a global economy, while balancing the interests of private enterprise and technological innovation on one hand, with the privacy rights of consumers on the other. The report provides a very useful roadmap for companies to develop and refine their internal privacy practices and externally facing policies. The next step for privacy compliance — codes of conduct — appears to have gathered real traction. Companies should start planning now for how they will comply with these privacy standards.
Legal News Alert is part of our ongoing commitment to providing up-to-the-minute information about pressing concerns or industry issues affecting our clients and colleagues. If you have any questions about this update or would like to discuss this topic further, please contact your Foley attorney or the following:
Chanley T. Howell
Ariel Fox Johnson
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns