NTIA Gets Vast Array of Consumer Privacy Legislative Ideas
Wide-ranging suggestions to create broad consumer privacy legislation flooded into NTIA Tuesday. Privacy and civil liberties advocates were nearly unanimous in favor of the White House issuing a legislative proposal. As expected, industry representatives, mostly tech and advertising groups, cautioned against any new legislation, although some offered ideas on government-enforced safe harbor programs and an audit of current commercial privacy laws. In its big data report (WID May 2 p1), the White House ordered NTIA to field comments before it considered whether to move forward with a broad consumer privacy legislative proposal.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Many privacy advocates urged the administration to revive its set-aside consumer privacy bill of rights (CPBR). A “Comprehensive CPBR would be an iconic moment in American consumer protection,” said comments signed by prominent privacy and civil liberties groups -- the American Civil Liberties Union, the Center for Digital Democracy (CDD), Consumer Action, Consumer Federation of America, Consumer Watchdog, Common Sense Media and Privacy Rights Clearinghouse. The FTC and FCC should be authorized to “thoughtfully rein in data collection and use practices,” they said. The FTC, not the NTIA, should oversee any multistakeholder process to update the CPBR (http://1.usa.gov/1hwy3KA). The commission’s involvement would “give the necessary weight, accountability and enforcement to both the process and the resulting codes.” Legislation should then enact the CPBR, they said.
"The same legislation should also call on agencies that have rulemaking authority,” said CDD in individual comments filed separately, specifically citing the Consumer Financial Protection Bureau (CFPB), the FCC and the Food and Drug Administration. The agencies should “immediately initiate proceedings on consumer financial, telecommunications and digital health privacy, respectively,” CDD said. The CFPB, FCC, FDA and FTC should report back within six months on “how commercial big data practices are currently being used in ways that may be harmful to the public."
"Before NTIA starts asking about how to reconcile big data with privacy issues, it would first make sense to ask if it’s even worth it,” said the Electronic Frontier Foundation (EFF). The administration has not done adequate research on “the technical obstacles that prevent big data from being used effectively and accurately in these sorts of privacy-invasive scenarios.” Absent such research, the government risks creating uninformed policy and institutionalizing invasive big data techniques, EFF said. “The more we laud big data without critically evaluating its bona fides, the more we unnecessarily legitimize secret bulk collection of personal information."
Industry stakeholders from tech trade groups and advertising organizations preached the values of self-regulation over legislation. “Data is essential to the Internet economy,” said the Computer and Communications Industry Association (CCIA). It praised the President’s Council of Advisors on Science and Technology report (WID May 5 p1), which stressed a focus on data use, not data collection. The CPBR “can be reinvigorated” by focusing on preventing identified harmful uses of data, CCIA said. The CPBR’s current focus on notice and consent “would severely curtail innovative reuse of data,” the group said. The Interactive Advertising Bureau (IAB) emphasized the robust sectoral privacy laws in existence. “The current U.S. regulatory approach strikes the right balance by addressing the potential for concrete harms in specific areas, while otherwise enabling the free flow of data,” IAB said.
Companies willing to implement protections against data misuse should receive government protection, said the Application Developers Alliance. “Government should encourage industry implementation of consensus-based agreements by legislating enforcement safe harbors for companies that voluntarily provide additional safeguards against data misuse,” the alliance said. Removing the fear of class-action suits would encourage early adoption and competition based on privacy principles, the group said.
"Before Congress can seriously consider new commercial privacy legislation, we need far better economic analysis of the trade-offs associated with restricting data-driven innovation,” said Ben Sperry, associate director of the International Center for Law & Economics, which filed comments with TechFreedom. Congress should establish a “Privacy Law Modernization Commission [PLMC]” to do such analysis, they said. “With independent experts appointed by both parties, this commission could finally forge a consensus about how to balance the benefits and risks of data across the board,” said Berin Szoka, president of TechFreedom. “With bipartisan credibility and clear expertise, the PLMC recommendations could finally break fourteen years of gridlock on the question of whether and how to update America’s commercial privacy laws."
Other organizations filing comments included the Center for Democracy & Technology (http://bit.ly/1sxysAH), the Information Technology Industry Council (http://bit.ly/1pbIuGG), the Information Technology and Innovation Foundation (http://bit.ly/1zTn3NS), Public Knowledge and the Software & Information Industry Association (http://bit.ly/1pXMuqu).