On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.
Since September, the NTIA has sought public comments to specifically address a number of questions that focused on the outcomes, goals, risks, and implementation of its proposed high-level framework for consumer privacy protection. The Administration’s framework articulated a set of organizational practices focused on data transparency, minimization of collection, the storage, use, and sharing of data, security, and risk management, in addition to broader goals to reconcile a disparate regulatory patchwork and ensure that resources for privacy protections and enforcement are properly allocated. If a few of these concepts sound familiar, it’s because they loosely mirror elements of existing privacy frameworks established at the industry, state, and international levels, and the sources and arbiters of those frameworks took this opportunity to urge the Administration to follow these examples more closely. As the Executive Branch agency principally responsible by law for advising the president on information policy issues, the goal of the NTIA’s request for comment is to inform the Administration’s approach to consumer privacy. As such, the Administration’s consideration and reaction to the comments received is likely to affect future discussions and proposals in the ongoing debate regarding federal privacy legislation. As expected, many of the comments are framed against the backdrop of recent, related changes in law, with particular focus on the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Here, we summarize some of the significant comments and proposals received by the NTIA.