Obama Administration Finalizes Its Privacy Framework: DOC Steams Ahead with Privacy Regulatory Blueprint in the Absence of Federal Privacy Legislation

This post was written by Paul Bond, Judith L. Harris, John P. Feldman, Christopher G. Cwalina and Amy S. Mushahwar.

Today, in a ceremony with much fanfare, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration's privacy blueprint for a "consumer bill of rights." Shortly thereafter, the Department of Commerce released its long-awaited consumer privacy green paper entitled,"Consumer Data Privacy in a Networked World" (the "Final Report"), which follows up on a draft staff report issued well over a year ago [see our previous post, Privacy: A Washington Tale of Two Reports].

Like the previous draft, the Final Report calls for a comprehensive privacy framework for all data, instead of the current sector-specific approach to data protection that leaves some personal data (outside of the communications, health care, education, financial services and children's-online sectors) largely unregulated. The Final Report calls for federal legislation to create such a "privacy bill of rights" that would supplement and fill in the gaps of existing federal privacy policy. However, scores of privacy bills have been introduced in 2010, 2011 and 2012, and few expect a comprehensive privacy bill to pass during a bitter election year.

Knowing that privacy legislation will be difficult to pass this year, the administration also laid out a set of voluntary privacy standards in the Final Report that could be adopted by industry in the absence of legislation. The Commerce Department indicated today that it is confident industry will adopt this cooperative approach for a privacy public-private partnership. Secretary Bryson also indicated that his office already conducted extensive outreach with Internet companies, data collection companies, retailers, ad networks, privacy advocates, academics and consumer groups to encourage the voluntary adoption of seven data-handling principles:

1. Individual Consumer Control of Data Through Choice Mechanisms
2. Greater Consumer Transparency
3. Respect for Data Context
4. Secure Handling of Data
5. Consumer Data Access & Correction Rights (Data Hygiene)
6. Focused Collection (Data Minimization)
7. Accountability (through audit controls and vendor contractual obligations)

Such a voluntary code, however, comes with a carrot and an eventual stick. The carrot: FTC enforcement actions regarding online privacy matters are ongoing. As indicated in the Final Report, if the industry adopts any voluntary code that is developed, then in any investigation or enforcement action based on an FTC Section 5 unfair and deceptive trade practices action, the FTC would consider a company's adherence to the voluntary codes favorably. The stick comes in a few weeks. The Federal Trade Commission is expected to release its Final Staff Report on Consumer Privacy that will be in sync with the administration's blueprint. Non-adherence to a Final FTC Staff Report could be used as evidence of a Section 5 violation, even in the absence of any general privacy federal legislation.

In the coming weeks we will be releasing more granular guidance on how companies should begin evaluating their respective privacy practices, as well as other elements of the staff report (i.e., international harmonization, the role of U.S. state attorneys general, and DOC support of national data breach standard legislation).

 Please click here to view additional information from the Reed Smith Teleseminar "The Department of Commerce Steams Ahead with Privacy Regulatory Blueprint: What you Need to Know." 

 


 

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.globalregulatoryenforcementlawblog.com/admin/trackback/271954
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?