White House Releases Draft of Privacy Bill of Rights

“This draft -- offered in the spirit of bringing all stakeholders into a public dialogue to advance new privacy protections -- seeks to provide consumers with more control over their data, companies with clearer ways to signal their responsible stewardship over data and strengthen relationships with customers, and everyone with the flexibility to continue innovating in the digital age,” the White House said. The proposal provides consumers with “clear rights to exercise individual control over their data,” by understanding how data will be used, the ability to see and correct data held by a company, ensure sensitive data provided for one purpose is not reused or resold in concerning or surprising ways and allows consumers to remove their data, the White House said. Entrepreneurs and companies are provided an understanding of privacy risk, explanation for why data collection should be focused on in the legislation, and are encouraged to develop codes of conduct specific to their industry that would provide safe harbors for responsible use of data and to prepare and use customary business records. The FTC would monitor and enforce the provisions of the proposed law if enacted, along with states attorneys general.

“There are some interesting elements included in the president’s proposal but we must tread carefully,” because comprehensive legislation may not be the best approach, said House Commerce Committee Chairman Fred Upton, R-Mich., and Commerce, Manufacturing, and Trade Subcommittee Chairman Michael C. Burgess, R-Texas, in a joint statement Friday. “Consumers deserve strong privacy protections online, and companies have a vested interest in safeguarding their customers’ personal information." One area where a “federal solution” is needed is data breach notification, the senators said.

The proposal “falls far short of what is needed to ensure consumers and families are squarely in control of their personal data,” as the federal law could pre-empt strong state laws and companies and data brokers could deny consumers the right to say no to selling their data, Markey said. “We didn’t celebrate a great victory yesterday in the fight to protect the Internet for American consumers just to turn around and enable their online information to be easy prey for digital bandits seeking to pilfer Americans’ personal information." The FCC approved 3-2 net neutrality rules Thursday (see 1502270051">1502270051). Markey said he would introduce data breach legislation this week that would let consumers access and correct their information to help ensure maximum accuracy, and would grant consumers the right to stop data brokers from using, sharing or selling their personal information for marketing purposes.

The Direct Marketing Association (DMA) expressed concern with the proposed legislation, saying it “would impede data-driven innovation that benefits consumers and the economy,” in a letter to Commerce Secretary Penny Pritzker Friday. “Under the Administration’s legislative proposal, the very self-regulatory system that has enabled innovation would be replaced with static regulations that would be rendered out of date by technology advancements before a bill is even enacted,” the DMA said.

Any efforts to modify the legal framework of privacy protections that protect consumers’ information “must be carefully considered with a meaningful opportunity for all relevant stakeholders to participate in the process,” said Information Technology Industry Council Vice President-General Counsel Yael Weinman. “ITI plans to engage with policymakers and lawmakers to provide our input.” The “President and his allies have decided to take a page out of the European playbook best known for stifling innovation and productivity,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation, who called the proposal “far-reaching.”

The proposal was called a “welcome development” by Microsoft Chief Privacy Officer Brendon Lynch, in a blog post Friday. “Not all will agree with every aspect of the proposal -- some will say it goes too far, while others will say it doesn’t go far enough -- but it’s a good place to start the conversation.” But CEA CEO Gary Shapiro fears the proposal could “hurt American innovation” and “burden the tech economy with uncertainty and stifle the development of the Internet of Things," he said.

Obama’s proposed draft bill “falls short on the privacy protections needed in today’s digital world: it just has too many loopholes and doesn't provide for meaningful enforcement,” said Justin Brookman, Center for Democracy and Technology consumer privacy director, in a statement. “However, it’s encouraging that the President is working to advance privacy legislation and we remain committed to working with the Administration and Congress to improve this initial draft.” TechNet "is reviewing the details of today’s proposal,” said CEO Linda Moore in a statement. “We share the administration’s commitment to privacy, and agree that keeping consumer data safe and secure while providing tools for individuals to control the use of that data is critical.”

It's a "serious setback for privacy," said Center for Digital Democracy Executive Director Jeff Chester. The administration's proposal "perversely reduces" FTC power by failing to give it rulemaking authority to craft reasonable safeguards, he said: It "actually empowers the companies that now harvest our mobile, social, location, financial, and health data, leaving them little to fear from regulators."