News

White House Drafts Online Privacy Bill of Rights

President Obama's administration has presented legislation to protect online privacy that includes a consumer bill of rights and a standardized Do-Not-Track feature for browsers.

With online retail business now approaching $200 billion a year in the United States, the issue has become a matter of economic importance, said Commerce Secretary John Bryson.

"Privacy and trust online have never been more important to business and consumers," Bryson said.

But the initiatives announced Feb. 22 would include only limited government enforcement authority. Participation in the programs by online businesses would be voluntary, although if companies include them in their formal privacy policies they would be subject to enforcement by the Federal Trade Commission.

"American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," President Obama said in a prepared statement. "By following this blueprint, companies, consumer advocates and policymakers can help protect consumers and ensure the Internet remains a platform for innovation and economic growth."

The Consumer Privacy Bill of Rights envisioned by the administration is at this point a framework for establishing baseline protections for online consumers. Ideally, it would have the force of law behind it, Bryson said.

"We will work with Congress to implement this in legislation," he said.

But, acknowledging that it is unlikely Congress would enact any such legislation soon, Bryson said the department's National Telecommunications and Information Administration would begin work with corporate and consumer groups to develop a consensus for a voluntary code of conduct based on the framework.

FTC Chairman Jon Leibowitz called the private sector's cooperation an indication that business is willing to address the challenges of consumer choice and trust that were raised in a 2010 FTC report. The report advocates a framework for creating business policies that respect the consumer's right to choose what information is gathered, and endorses a Do-Not-Track option that would allow consumers to opt out of having some information gathered during their Web browsing.

Stu Ingis, general counsel of the Digital Advertising Alliance, said that the organization's members had agreed to honor such a Do-Not-Track option and announced development of a standardized Web browser feature that would let consumers opt out of most tracking features with a single click. DAA members include many large companies that deliver online advertising, including Google, Yahoo, Microsoft and AOL.

Respect for the Do-Not-Track feature would be a part of the online advertising industry's self regulation, Ingis said. Although not written into any law, it will be mandatory for DAA members. "It isn't an option, it will be a requirement," he said.

Once respect for the option is included in a company's privacy policy, it can be enforced by the FTC, Leibowitz said. Failure to abide by a published policy is a deceptive business practice that falls under FTC authority.

Ingis said information covered by the Do-Not-Track option is described in the DAA's Self-Regulatory Principles for Online Behavioral Advertising. Although some information still would be gathered after a consumer opts out of tracking, the option would cover most information about a consumer's online behavior.

Similar opt-out features already are included in some Web browser settings. The DAA's decision will standardize this option with a common icon and creates a broad industry acceptance. Ingis said DAA would be working with all major browser manufacturers to incorporate the standardized feature, which he said could be available in about nine months.

The principles outlined in the proposed Consumer Privacy Bill of Rights are:

  • Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
  • Transparency: The right to easily understandable information about privacy and security practices.
  • Respect for Context: The right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security: The right to secure and responsible handling of personal data.
  • Access and Accuracy: The right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.
  • Focused Collection: The right to reasonable limits on the personal data that companies collect and retain.
  • Accountability: The right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.