On December 2, 2010, discussions about privacy continued at a hearing on “Do Not Track Legislation: Is Now the Right Time?” held by the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Commerce, Trade and Consumer Protection. The hearing focused on a variety of consumer privacy issues, including the implications and challenges of a Do Not Track mechanism, the consumer’s desire for more control over the collection and use of their data and tracking practices, and the need to preserve an advertising supported Internet that promotes economic growth through online business.
David Vladeck, Director of the FTC’s Division of Consumer Protection, and Danny Weitzner, Associate Administrator for the Office of Policy Analysis and Development in the Department of Commerce’s National Telecommunications and Information Administration, testified before the Subcommittee. Their remarks were followed by a panel of privacy and consumer advocates and business representatives.
In his testimony, Vladeck reviewed the findings of the FTC report and discussed the viability of a Do Not Call mechanism to grant consumers broad and granular control over tracking. He emphasized that a Do Not Track mechanism could take several forms and left open the possibility of an industry-administrated program that would need to be enforced by the appropriate law enforcement agency. According to Vladeck, a Do Not Track mechanism is feasible and enforceable and reflects what consumers want. Meanwhile, he indicated that the pace of industry self-regulation has been too slow and industry efforts insufficient.
Danny Weitzner’s testimony explored broader themes. Weitzner emphasized the economic, social and political changes brought about by the Internet, and the privacy concerns that accompany them. He outlined the principles guiding the Internet Policy Task Force’s review of commercial data privacy:
- Preserving consumer trust is essential to the sustainability and continued growth of the digital economy.
- Commercial data privacy implicates a broad array of interests, and the government needs a policy development process that incorporates input from relevant stakeholders.
- Commercial data privacy mechanisms must respond to the evolution of networked technologies.
Weitzner addressed the Commerce Department’s review of four key public policy and operational challenges facing the Internet: (1) enhancing commercial data privacy; (2) ensuring cybersecurity in the commercial context; (3) protecting copyrights; and (4) ensuring the global free-flow of information. He referred to the work on privacy as the Internet Policy Task Force’s “first order of business,” and highlighted the Internet Policy Task Force’s extensive outreach efforts and the clear need to strengthen the U.S. framework for commercial data privacy.
Weitzner indicated that the Department of Commerce will publish a “Green Paper” that proposes a series of policy recommendations and related questions. The paper sets forth Commerce’s findings and proposals, which include the following:
- First, Internet stakeholders believe consumers should be provided a privacy baseline for the handling of their consumer information that offers transparent disclosure of information practices and is based on widely-accepted Fair Information Practice Principles (“FIPPs”).
- Second, government will not have all the answers to privacy. A multi-stakeholder strategy involving industry, consumer groups and civil society is needed to put FIPPs into practice in the U.S.
- Third, the centerpiece of Internet privacy protection may involve upgrading the role of “voluntary, but enforceable codes of conduct, developed through open, inclusive processes,” by which companies implement FIPPs.
- Finally, the U.S. must commit to working collaboratively in multilateral organizations toward global interoperability through global privacy standards and principles.
Regarding the Do Not Track mechanism, Weitzner indicated that the Department of Commerce generally supports this kind of “consumer empowerment” that “maximizes individual choice and individual control of access to information.” A Do Not Track mechanism would require two components: (1) a technical measure that enables the user to choose whether or not to be tracked or profiled, and (2) an understanding between Internet users and web tracking services regarding the types of behavior those services would avoid. Weitzner suggests that even with the enactment of Do Not Track legislation, significant challenges will face the online industry, consumer advocates, regulators and policy makers.
According to Weitzner, the Green Paper would be released soon – “in weeks rather than months.”
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code