White House Releases Draft of Consumer Privacy Bill of Rights Act
Last week the White House released a draft “Consumer Privacy Bill of Rights Act of 2015” as we indicated was coming in our prior post: Obama Revives Privacy Debate in FTC Speech
The bill’s elements are not substantially different from the White House’s prior outline, but its reliance on industry codes of conduct and preemption of state law has resulted in a backlash even among Obama’s FTC.
Principal Element – Concise and Easily Understandable Disclosures
- Consumer Control
Covered entities would be required to allow consumers to exercise control over what data is collected about them and how it is used;
- Respect for Context
Covered entities collect and use data in ways that are consistent with the context in which consumers provide such data. Would require internal reviews of privacy and security practices for data collected outside of such contexts.
Covered entities would be required to identify reasonable risks and implement safeguards designed to protect against breach, theft, loss, etc. of personal data.
- Access and Accuracy
Covered entities would be required to grant individuals access to, or an accurate representation of, data collected about them upon request. The consumer would have the right to correct or amend the data.
FTC and State AGs would be able to assess civil penalties. Bill would preempt state laws.
Also creates Safe Harbor for enforceable industry codes of conduct.
Federal Trade Commission Spokeperson
We are pleased that the Administration has made consumer privacy a priority, and this legislative proposal provides a good starting point for further discussion. However, we have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy. We look forward to working with Congress and the Administration to strengthen the proposal.
Senator Ed Markey (D-MA)
While this proposal from the White House focuses attention on the need for strengthening the privacy rights of Americans, it falls far short of what is needed to ensure consumers and families are squarely in control of their personal data, Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally-enforceable rules that companies must abide by and consumers can rely upon.
I am concerned that this proposal includes a provision that could preempt strong state laws that already are protecting the privacy rights of consumers. And I am especially concerned that companies and data brokers could be able to deny consumers the right to say no to selling their sensitive information for marketing purposes. Next week, I will introduce legislation that will allow consumers to access and correct their information to help ensure maximum accuracy. The bill also provides consumers with the right to stop data brokers from using, sharing, or selling their personal information for marketing purposes. We need to put in place a system of rules that puts consumers in control of their information, not corporate interests and data reapers. I am committed to working with the White House and my Congressional colleagues to pass the strongest privacy legislation to protect American consumers.
Justin Brookman, Center for Democracy & Technology
Americans have long deserved comprehensive national consumer privacy legislation to protect their personal information. Unfortunately, the President’s bill falls short on the privacy protections needed in today’s digital world: it just has too many loopholes and doesn’t provide for meaningful enforcement. However, it’s encouraging that the President is working to advance privacy legislation and we remain committed to working with the Administration and Congress to improve this initial draft
John Simpson, Consumer Watchdog
The bill is full of loopholes and gives consumers no meaningful control of their data.
Jules Polonetsky and Chris Wolf, Future of Privacy Forum
Although the current system of FTC enforcement actions and strong sectoral laws provide important tools to address privacy harms, the ideas proposed in the bill are certain to help frame the discussion about privacy practices by companies and not-for profits in the future. International data regulators should recognize that this bill is not a critique of the current system, but the opening of a nuanced conversation that seeks to balance benefit and risk, while being considerate of consumer right.
Alvaro M. Bedoya, Center on Privacy and Technolgy
Georgetown University Law Center
It would override state statutes that give people more protection. It would be a significant setback for privacy.
Michael Beckerman, Internet Association
It is essential that any privacy rules are finely tailored to address specific harms, so that innovation, which benefits consumers and the economy, can continue to flourish. Today’s wide-ranging legislative proposal … casts a needlessly imprecise net.
Brendon Lynch, Mirosoft
The White House framework tackles issues that are crucial to build trust and foster innovation. Not all will agree with every aspect of the proposal — some will say it goes too far, while others will say it doesn’t go far enough — but it’s a good place to start the conversation.