On May 9 the U.S. Senate held a discussion on the proposed Consumer Privacy Bill of Rights which seeks to establish the framework for legislation that will require transparency and individual control on what personal data companies collect from consumers online and how it is used.
As the regulations stand today, the FTC can enforce that companies who have a privacy policy abide by it and only use consumer data for purposes explicitly mentioned, but the FTC has very little authority over how companies use consumer data when no such privacy policies are in place. The FTC has brought allegations against companies for violating their own privacy policies, such as recently with Myspace and Google, but the FTC cannot fine the company in question on the first incident. In February the White House Administration released “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” a document on building strong consumer data privacy protections along with a Consumer Privacy Bill of Rights.
On May 9 Jon Leibowitz, FTC Chairman, and General Counsel of the U.S. Department of Commerce Cameron F. Kerry explained their position to the Senate Commerce Committee that new consumer privacy protection laws, and giving the FTC authority to enforce them with civil penalties, would increase the trust Americans have in online transactions, thus promoting internet commerce. Leibowitz commended online retail and advertising companies for their efforts to self-regulate and establish a “Do Not Track” mechanism, but also said consumer privacy regulations should go beyond simply blocking targeted ads and that he was against a centralized “Do Not Track” list as this could be a privacy concern itself.
The FTC Chairman also said he believes there will “be meaningful Do Not Track (legislation) for American consumers so they can opt out of third-party advertisements,” by the end of this year. In the hearing the FTC also reiterated that data brokers who resell databases of user information should be regulated as well, allowing consumers to view and update information that has been gathered about them.
In the document establishing the Consumer Privacy Bill of Rights, published by the White House Administration in February, it calls for strengthening of FTC enforcement to ensure companies are accountable for adhering to their privacy commitments. The Consumer Privacy Bill of Rights applies to personal data, including aggregated data that can be linked back to an individual, and consists of seven consumer privacy rights:
Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
Security: Consumers have a right to secure and responsible handling of personal data.
Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the consumer privacy bill of rights.
For more information: