On December 16, 2010, the Department of Commerce released its Internet Policy Task Force Privacy Green Paper, which details recommendations on the protection of consumer privacy online. Titled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework”, the Report provides a set of recommendations to strengthen data privacy while protecting innovation, job creation, and economic growth.
The Report recognizes that more than self-regulation is needed. It acknowledges the economic and social importance of preserving consumer trust in the Internet, and the need to keep pace with changes in technology, online services and Internet usage. To do so, consumers need more transparency and control over the use of their personal information. The new framework must help increase protection of consumers’ commercial data while supporting innovation and evolving technology.
The Report makes recommendations in several key areas:
- Establish Fair Information Practice Principles comparable to a “Privacy Bill of Rights” for Online Consumers
The Report recommends that the US Government articulate certain core privacy principles in order to assure baseline consumer protections. These principles would define how online companies can collect and use personal information for commercial purposes. They would build on existing Fair Information Practice Principles (FIPPs), which include the principles of notice, choice and ensuring security. The additional principles would include limitation, purpose specification and accountability.
- Encourage Global Interoperability to Spur Innovation and Trade.
The Report acknowledges that disparate privacy laws create regulatory barriers and have a negative impact on global competition. It recommends that the U.S. Government work together with its trading partners to find practical means of bridging differences in privacy frameworks and reduce the significant business compliance costs.
- Harmonize Security Breach Notification Rules
The Report recommends looking at ways in which to harmonize the security breach disclosure laws, which require businesses to notify customers about security breaches that expose personal data. It envisions that a Federal Law would help to reconcile inconsistent state laws, streamline compliance, and allow businesses to develop a strong, nationwide data management strategy. This Federal law would authorize enforcement by the Federal Trade Commission, and preserve the existing enforcement power of state authorities. The law would not preempt other federal security breach notification laws for specific sectors, such as healthcare.
- Review the Electronic Communications Privacy Act for the Cloud Computing Environment
The Report recommends the revision of the Electronic Communications Privacy Act (ECPA) to address privacy protection in cloud computing and location-based services, so that ECPA can continues to appropriately protect individuals’ privacy expectations and punish unlawful access and disclosure of consumer data, as technology and market conditions change.
The Department of Commerce is seeking public comments to its proposed framework. Comments must be provided by January 28, 2011.
To download a copy of the Report, visit http://www.commerce.gov/node/12471.