Commerce Dept. Calls for Privacy Bill of Rights
New report from Department of Commerce tees up issues for the executive branch to consider as it continues to develop its evolving approach to online privacy.
The Department of Commerce on Thursday issued a long-anticipated report outlining recommendations for protecting consumers' personal information in the digital age, including the establishment of an online "privacy bill of rights" that would expand on existing Fair Information Practice Principles.
The department explained that the report (available in PDF format here) attempts to find a balance between safeguarding consumers online while ensuring that Web-based businesses that run on advertising revenue can still thrive. It's a common friction in the debate over online privacy, with some advertisers and trade groups protesting government efforts to impose regulations on the industry.
Several industry groups and prominent Web companies have launched efforts to provide consumers with control over the information that is being collected about them. Those initiatives include online dashboards that companies like Google and Yahoo have launched offering users a glimpse of their profiles and a chance to edit them, as well as a recently formed coalition comprised of many of the leading ad associations advocating the Web-wide adoption of an icon that will appear on sites to provide visitors with information about what information is being collected and by whom.
The report's authors acknowledged that the Internet industry, which has well outpaced the growth rate of other economic sectors, would collapse with the imposition of heavy-handed restrictions on all forms of data collection. "Some uses of personal information are essential to delivering services and applications over the Internet. Others support the digital economy, as is the case with personalized advertising," they wrote in the report.
But Commerce Secretary Gary Locke made it plain that, in his department's view, the threat to privacy posed by online ad firms hungry for ever greater and more detailed stockpiles of information about Web users demands forceful government oversight.
"Self-regulation without stronger enforcement is not enough. Consumers must trust the Internet in order for businesses to succeed online," Locke said in a statement. "Today's report is a road map for considering a new framework that is good for consumers and businesses."
The new policy recommendations from Commerce closely follow a report released by the Federal Trade Commission (FTC) proposing a "do-not-track" mechanism for consumers to opt out of behavioral targeting and other forms of data collection on the Web. The FTC report, which was a staff-level draft, stopped short of issuing specific legislation recommendations.
The report also recommends that the administration undertake a review of the 1986 Electronic Communications Privacy Act, or ECPA, which governs law enforcement access to electronic data. Earlier this year, a broad coalition including major tech players like Google and Microsoft formally launched with the aim of pressing Congress to bring the aging law into step with the new ways that personal information is being stored, specifically to extend the same protections governing locally stored information to data housed in the cloud.
Additionally, the report recommends federal action to harmonize the patchwork of state data-breach notification laws.
The Commerce Department will accept comments from the public on its report, with plans to issue a final version in the future.
Keep up with security news. Follow eSecurityPlanet on Twitter: @eSecurityP.