Commerce Recommends Online Privacy 'Bill of Rights'


The Commerce Department is recommending that the government adopt a Privacy Bill of Rights for online consumers mirroring the Fair Information Practice Principles, which it says are widely accepted by privacy experts as core values, and create a Privacy Policy Office at Commerce.

The goal would be to prompt companies to be "more transparent about their use of consumer information; to provide greater detail about why data is collected and how it is used; to put clearer limits on the use of data; and to increase their use of audits and other ways to bolster accountability.

That is according to the Commerce Department's just-released Internet Policy Task Force report providing recommendations for online consumer privacy policies.

The Privacy Policy Office would help develop "enforceable privacy codes of conduct." Enforcing such "voluntary codes," could take several forms, said Commerce, from public statements of administration support, to increased FTC enforcement, to legislation creating a safe harbor for those that adhere to the codes developed through an open, multi-stakeholder process.

That last option, with the threat of regulation as the alternative to compliance, would appear to be rather less voluntary than the other options, something the report concedes.

"As a threshold matter, the 'carrot' offered by a safe harbor has force only if there is a corresponding ‘stick.' That is, a safe harbor is only as effective as the perceived threat of legislative, regulatory, or other legal risk faced by the company in absence of the ability to resort to safe harbor protection."

A veteran cable attorney was a key contributor to the report. "General Counsel Cameron Kerry has been a leader of the IPTF and played an instrumental role in the formulation of this [document]," according to Commerce secretary Gary Locke's intro to what he called a "dynamic policy framework." Kerry has represented the cable industry as an attorney with Mintz Levin in Boston and Washington. He has also taught and written about cable and telecommunications law and is co-chair of the National Science and Technology Council Subcommittee on Privacy and Innovation.

The Federal Trade Commission last week released its set of policy recommendations for balancing privacy with "innovation that relies on consumer information to develop beneficial new products and services." That included encouraging the industry to step up with a flexible, user-centric do-not-track mechanism, preferably in the browser.

The Commerce report does not deal specifically with do-not-track.

The FTC also recommended a "privacy by design" approach, including "reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy." Both the FTC and Commerce talked up their preference for industry self-regulations over government action like legislation to mandate do-not-track, but said industry had so far not done enough.

Daniel Weitzner, associate administrator for policy at the National Telecommunications and Information Administration, an arm of Commerce, is on the same page as the FTC and telegraphed the new Commerce framework recommendation.

Weitnzer told an audience at a consumer watchdog policy conference in Washington last week that the debate over "do not track" -- which was competing Wednesday with network neutrality for the attention of media reporters --"is an illustration of a larger problem: the overarching need for a more dynamic framework that can incentivize the creation of industry codes of conduct, while also being flexible enough to keep pace with innovation."

NTIA, an arm of Commerce, is the administration's chief telecom policy advisor. NTIA chief Larry Strickling also was instrumental in the new Commerce report, according to Locke.

Commerce says it will seek public comment on the recommendations.