Commerce Recommends Online Privacy 'Bill of Rights'
The Commerce Department is recommending that the
government adopt a Privacy Bill of Rights for online consumers mirroring
the Fair Information Practice Principles
that it says are widely accepted by privacy experts as core values and create a
The goal would be to prompt companies to be
"more transparent about their use of consumer information; to provide
greater detail about why data is collected and how it is used; to put clearer
limits on the use of data; and to increase their use of
audits and other ways to bolster accountability.
That is according to the Commerce Department's
just-released Internet Policy Task Force (IPTF) report providing recommendations
for online consumer privacy policies.
"enforceable privacy codes of conduct." Enforcing such
"voluntary codes," could take several forms, said Commerce, from
public statements of administration support to increased FTC enforcement to
legislation creating a safe harbor for those that adhere to the codes developed
through an open, multi-stakeholder process.
That last option, with the threat of regulation
the alternative to compliance, would appear to be rather less voluntary than the
other options, something the report concedes. "As a threshold matter, the
'carrot' offered by a safe harbor has force only if there is a corresponding ‘stick.'
That is, a safe harbor is only as effective as the perceived threat of
legislative, regulatory, or other legal risk faced by the company in absence of
the ability to resort to safe harbor protection."
A veteran cable attorney was a key contributor to
the report. "General Counsel Cameron Kerry has been a leader of
the IPTF and played an instrumental role in the formulation of this
[document]," according to Commerce Secretary Gary Locke's intro to what he
called a "dynamic policy framework." Kerry has represented the cable
industry as an attorney with Mintz Levin in Boston and Washington. He has
also taught and written about cable and telecommunications law and is co-chair
of the National Science and Technology Council Subcommittee on Privacy and
The Federal Trade Commission last week released
its set of policy recommendations for balancing privacy with "innovation
that relies on consumer information to develop beneficial new products and
services." That included encouraging industry to step up
with a flexible, user-centric do-not-track mechanism, preferably in the browser.
The Commerce report does not deal specifically
The FTC also recommended a "privacy by
design" approach by industry, including "reasonable security for
consumer data, limited collection and retention of such data, and reasonable
procedures to promote data accuracy." Both the FTC and
Commerce talked up their preference for industry self-regs over government
action like legislation to mandate do-not-track, but said industry had so far
not done enough.
Daniel J. Weitzner, associate administrator for
policy at the National Telecommunications and Information Administration,
an arm of Commerce, is on the same page as the FTC and telegraphed the new
Commerce framework recommendation.
Weitnzer told an audience at a consumer
watchdog policy conference in Washington last week that the debate over
"do not track"--which was competing Wednesday with network neutrality
for the attention of media reporters--"is an illustration
of a larger problem: the overarching need for a more dynamic framework that can
incentivize the creation of industry codes of conduct, while also
being flexible enough to keep pace with innovation."
NTIA, an arm of Commerce, is the administration's
chief telecom policy advisor. NTIA Chief Larry Strickling also was instrumental
in the new Commerce report, according to Locke.
Commerce says it will seek public comment on the recommendations.