About Us  |  About Cheetah®  |  Contact Us

Commerce seeks input on Internet Policy Task Force report detailing policy recommendations

January 14th, 2011  |  Lucas Otto

The Department of Commerce is seeking comment on its report, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework, which was issued in conjunction with the agency’s Internet Policy Task Force’s comprehensive review of the nexus between privacy policy and innovation in the Internet economy.

Commerce released the report in December – it details initial policy recommendations aimed at promoting consumer privacy online while ensuring the Internet remains a platform that spurs innovation, job creation, and economic growth, according to an agency statement. The report outlines a dynamic framework to increase protection of consumers’ commercial data while supporting innovation and evolving technology.

The following key recommendations were made in the preliminary report:

  • Consider establishing fair information practice principles comparable to a “Privacy Bill of Rights” for online consumers

The report recommends considering a clear set of principles concerning how online companies collect and use personal information for commercial purposes. These principles would be recognized by the U.S. government and serve as a foundation for online consumer data privacy. They would build on existing Fair Information Practice Principles (FIPPs) that are widely accepted among privacy experts as core obligations.

The adoption of baseline FIPPs, akin to a “Privacy Bill of Rights,” should prompt companies to be more transparent about their use of consumer information; to provide greater detail about why data is collected and how it is used; to put clearer limits on the use of data; and to increase their use of audits and other ways to bolster accountability.

  • Consider developing enforceable privacy codes of conduct in specific sectors with stakeholders; create a Privacy Policy Office in the Department of Commerce.

In considering new policies for commercial privacy, the government should enlist the expertise of industry, consumer groups, privacy advocates, and other stakeholders. In particular, the report recommends establishing a privacy policy office in the Department of Commerce that would work with the FTC, the Executive Office of the President, and other Federal entities, to examine commercial uses of personal information and evaluate whether uncertainty or gaps in privacy protections exist. The new office would convene stakeholder dialogues, and, with respect to specific areas of concern, help develop enforceable privacy codes of conduct.

  • Encourage global interoperability to spur innovation and trade

Reducing regulatory barriers to trade is a high priority for the Obama administration. Currently, disparate privacy laws have a growing impact on global competition. The report recommends that the U.S. government work together with its trading partners to find practical means of bridging differences in our privacy frameworks. Collaborations with other privacy authorities around the world can reduce the significant business compliance costs. This global engagement could play a key role in a new dynamic privacy framework.

  • Consider how to harmonize disparate security breach notification rules.

As an initial step towards consideration of a new privacy framework, the report recommends looking at ways in which to harmonize the rules that set standards for businesses to notify customers about commercial data security breaches. This comprehensive national approach to commercial data breaches would provide clarity to consumers, streamline industry compliance, and allow businesses to develop a strong, nationwide data management strategy.

This national approach, enacted through Federal law, could help to reconcile ‘inconsistent state laws, authorize enforcement by the FTC, and preserve state authorities’ existing enforcement power. This recommendation is not aimed at preempting federal security breach notification laws for specific sectors, such as health care.

  • Review the Electronic Communications Privacy Act for the cloud computing environment. The report recommends that the Obama Administration review the Electronic Communications Privacy Act (ECPA) to address privacy protection in cloud computing and location-based services. A goal of this effort should be to ensure that, as technology and market conditions change, ECPA continues to appropriately protect individuals’ privacy expectations and punish unlawful access and disclosure of consumer data.

In order to gather stakeholder input and refine the report’s preliminary recommendations, the Commerce Department will seek public comment and publish questions from the report in a Federal Register notice next week. The Commerce Department’s Internet Policy Task Force will also continue to work with others in government to engage the domestic and global privacy community, and will consider publishing a refined set of policy recommendations in the future.

In a notice and request for comments scheduled for publication in the Federal Register on December 21, the US Department of Commerce’s Telecommunications and Information Administration, International Trade Administration, and National Institute of Standards and Technology said that they “hope to spur further discussion with Internet stakeholders that will lead to the development of a series of Administration positions that will help develop an action plan in this important area.”

The notice seeking input on the report lists 41 questions intended to assist in identifying issues, but they should not be considered a limitation on comments that parties may submit. Comments are due on or before January 28, 2011.