The Obama administration on Thursday issued its second major report in as many weeks calling for new rules regulating the protection of consumer privacy online, including the creation of a federal privacy office and a nationwide “Privacy Bill of Rights.” However, some privacy advocates were skeptical of the recommendations, suggesting they would give companies, not Internet users, control of consumer data.
The report, released Thursday morning by the Commerce Department, contains a set of 10 new recommendations that touch on virtually every aspect of the digital economy, from cloud computing to e-commerce to social media. The most significant of those recommendations calls for the creation of “voluntary but enforceable” codes of conduct for industry-specific activities and a broader “Privacy Bill of Rights” that would enshrine certain core privacy principles across the board, perhaps through legislation.
“This is obviously a major consumer protection issue, because people want to know that their information is going to be safe,” Commerce Secretary Gary Locke said in a conference call unveiling the recommendations. “Consumers must trust the Internet if businesses are going to succeed online.”
The report also calls for the creation of a new office within the Commerce Department to “use the bully pulpit authority of the administration” to devise and implement new standards for online privacy, according to Daniel Weitzner, associate administrator for policy of the National Telecommunications and Information Administration. Weitzner said the current practice of “notice and choice,” in which Internet companies ask consumers to consent to certain uses of their personal data, “really is not adequate as a basis for privacy protection.” The goal of the Commerce Department’s report, he said, was to “raise the bar on privacy protections over what consumers can expect today.”
However, the nonpartisan public interest group Consumer Watchdog said the new recommendations would place control of sensitive personal information in the hands of Internet companies, not consumers. The group issued a statement Thursday morning calling the Commerce Department report “an industry-friendly document” that “proposes relying on a failed self-regulatory model when it’s clear that real regulations with meaningful enforcement are necessary.”
The report comes just two weeks after the Federal Trade Commission issued what many advocates consider a much stronger document calling for a slew of new privacy regulations, including the establishment of a “Do Not Track” mechanism that would allow consumers to opt out of data collection by Internet companies, similar to the widely popular “Do Not Call” registry. The mechanism would most likely exist as a button on consumers’ Internet browsers.
In the conference call Thursday, Commerce Department officials would not directly endorse the creation of a “Do Not Track” mechanism, but said they were interested in achieving the same results as the FTC. “‘Do Not Track’ has a lot of attention to it; it also has a wide variety of meanings. The meanings that we’re interested in are about advancing consumer control,” Weitzner said. “We think that the framework that we’ve laid out here, of voluntary enforceable codes of conduct, is an ideal mechanism in which to work out the details.”
In a brief statement Thursday, FTC Chairman Jon Leibowitz welcomed the Commerce Department’s report, but noted that it was focused more on encouraging innovation and job creation than regulating Internet privacy. “It places special emphasis on policies that will preserve the viability of the Internet as it evolves through innovation, transforms the marketplace, and spurs economic growth,” Leibowitz said. “We think it will make a significant contribution to the growing and critical debate about how best to protect the privacy of American consumers.”