Privacy Groups Propose New Government Data Protection Agency

Would supplant FTC, which they argue is not equipped for task
Author:
Publish date:

Privacy Groups are calling for the creation of a new Data Protection Agency to focus on privacy protection and replace the Federal Trade Commission in that role, which lacks rulemaking authority and which, they argue, has failed to exercise the enforcement authority it has in that space.

Privacy groups have lots of suggestions for better protections

Privacy groups have lots of suggestions for better protections

Related: FTC's Simons Says Agency Needs Rulemaking Authority

That is according to a new "Framework for Comprehensive Privacy Protection and Digital Rights in the United States" being put forward by the Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Color of Change, Consumer Federation of America, Electronic Privacy Information Center, Public Citizen, and Stop Online Violence Against Women U.S. PIRG.

The new agency proposal is just part of the plan (see below), which also includes expressly prohibiting preemption of state privacy efforts.

The call for a privacy regulation overhaul comes in the wake of Washington's increasing concern about edge provider use, or misuse, of data, and how to address that through legislation, enhanced transparency, regulation, self-regulation, or some combination of those.

Related: Senators Join Call for FTC Investigation of Google Play

For example, the Department of Justice has met with state attorneys general to talk about how Facebook, Google, Amazon and others protect and share consumer information and any potential for anticompetitive behavior.

The framework announcement came a day after Sen. Marco Rubio (R-Fla.) proposed new data privacy legislation based on a law applying to government
collection and retention of individuals' records.

But that bill would likely include preempting what Rubio's office calls "a patchwork of state privacy laws."

The plan's keys are:

  1. Enact baseline federal legislation
  2. Enforce fair information practices (FIPS) 
  3. Establish a data protection agency
  4. Ensure robust enforcement, including private rights of action and statutory damages
  5. Establish algorithmic governance to advance fair data practices—"independent accountability for automated decisionmaking"
  6. Prohibit "take it or leave it" terms that require users to waive privacy rights or pay more for service
  7. Promote private innovation
  8. Limit government access to personal data

"[T]the FTC has lost the confidence of many consumer and privacy NGOs [nongovernmental organizations]," said Center for Digital Democracy executive director Jeff Chester, "which believe it cannot be trusted to protect privacy."

Chester points to what they say is the FTC's failure to enforce privacy-related consent orders against Facebook and Google.

Also a key to any new legislation, they said, is that it not preempt state authority over privacy—the fear is that weaker national legislation will preempt stronger state efforts.

Chester said that a number of the groups also plan to launch a "very visible" campaign to get the public to pressure Congress "to hold the industry accountable—including on their data use, ad practices and on competition/antitrust."

Related