This post was also written by Christopher G. Cwalina and Amy S. Mushahwar.
Today, in a ceremony with much fanfare, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration’s privacy blueprint for a “consumer bill of rights.” Shortly thereafter, the Department of Commerce released its long-awaited consumer privacy green paper entitled,“Consumer Data Privacy in a Networked World” (the “Final Report”), which follows up on a draft staff report issued well over a year ago [see our previous post, Privacy: A Washington Tale of Two Reports].
Knowing that privacy legislation will be difficult to pass this year, the administration also laid out a set of voluntary privacy standards in the Final Report that could be adopted by industry in the absence of legislation. The Commerce Department indicated today that it is confident industry will adopt this cooperative approach for a privacy public-private partnership. Secretary Bryson also indicated that his office already conducted extensive outreach with Internet companies, data collection companies, retailers, ad networks, privacy advocates, academics and consumer groups to encourage the voluntary adoption of seven data-handling principles:
1. Individual Consumer Control of Data Through Choice Mechanisms
2. Greater Consumer Transparency
3. Respect for Data Context
4. Secure Handling of Data
5. Consumer Data Access & Correction Rights (Data Hygiene)
6. Focused Collection (Data Minimization)
7. Accountability (through audit controls and vendor contractual obligations)
Such a voluntary code, however, comes with a carrot and an eventual stick. The carrot: FTC enforcement actions regarding online privacy matters are ongoing. As indicated in the Final Report, if the industry adopts any voluntary code that is developed, then in any investigation or enforcement action based on an FTC Section 5 unfair and deceptive trade practices action, the FTC would consider a company’s adherence to the voluntary codes favorably. The stick comes in a few weeks. The Federal Trade Commission is expected to release its Final Staff Report on Consumer Privacy that will be in sync with the administration’s blueprint. Non-adherence to a Final FTC Staff Report could be used as evidence of a Section 5 violation, even in the absence of any general privacy federal legislation.
In the coming weeks we will be releasing more granular guidance on how companies should begin evaluating their respective privacy practices, as well as other elements of the staff report (i.e., international harmonization, the role of U.S. state attorneys general, and DOC support of national data breach standard legislation).
Please click here to view additional information from the Reed Smith Teleseminar “The Department of Commerce Steams Ahead with Privacy Regulatory Blueprint: What you Need to Know.”