Privacy & Information Security Law Blog

The White House today released its long-awaited report outlining a framework for U.S. data protection and privacy policy. As expected, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Global Innovation in the Global Digital Economy” articulates a Consumer Privacy Bill of Rights based on the individual’s right to exercise control over what personal data companies collect from the individual and how companies use the data. The Consumer Privacy Bill of Rights, which reflects principles of fair information practices and applies to personal data, sets forth individual rights for consumers and corresponding obligations of companies in connection with personal data. It also provides for the consumer’s right to:

• transparent privacy and data security practices;
• expect that companies will collect, use and disclose data in a manner consistent with the context in which it was collected;
• have their data handled in a secure manner;
• access and correct personal data;
• set reasonable limits on the personal data that companies collect and retain; and
• have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

In a press release, the Administration stated its intention to work with Congress to draft legislation based on the Consumer Privacy Bill of Rights. According to the report, “enacting the Consumer Privacy Bill of Rights through Federal legislation would increase legal certainty for companies, strengthen consumer trust, and bolster the United States’ ability to lead consumer data privacy engagements with our international partners.”

As reported in BNA’s Privacy Law Watch, Lisa J. Sotto, partner and head of Hunton & Williams’ Global Privacy and Data Security practice, said “Members of Congress will certainly see this as an influential document when considering new legislation. Privacy is a bipartisan issue that everyone can agree on, but of course the devil is in the details, and where it goes from here remains to be seen.”

The report also describes an open forum in which stakeholders will work toward consensus on codes of conduct that would implement the provisions of the Consumer Privacy Bill of Rights. Although their adoption by organizations is voluntary, the codes will be enforceable. The report emphasizes the critical role of the FTC in privacy enforcement and encourages Congress to provide the FTC and state attorneys general with specific authority to enforce the Consumer Privacy Bill of Rights.

Finally, the report underscores the Administration’s goal of global interoperability of privacy protections facilitated by effective enforcement and accountability mechanisms.

The report builds on the recommendations of the Department of Commerce Internet Policy Task Force’s “Green Paper” on privacy, entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”