IAPP-GDPR Web Banners-300x250-FINAL

By Jennifer L. Saunders

The time has come for national privacy legislation.

That’s according to testimony prepared by National Telecommunications and Information Administration Administrator Lawrence Strickling for today’s Senate Commerce Committee hearing focused on online privacy that indicates the Obama Administration’s intent to pursue a privacy bill of rights for U.S. Internet users based on the Department of Commerce’s December report on Internet privacy.

As quoted in Tech Daily Dose, Strickling’s testimony notes, "Having carefully reviewed all stakeholder comments to the ‘green paper,’ the department has concluded that the U.S. consumer data privacy framework will benefit from legislation to establish a clearer set of rules for the road for businesses and consumers, while preserving the innovation and free flow of information that are hallmarks of the Internet.”

Strickling’s comments come in the wake of multiple reports of privacy bills coming forward in both the U.S. Senate and House of Representatives.

In advance of today’s hearing, Senate Commerce Committee Chairman John D. (Jay) Rockefeller IV announced it would effectively start the 112th Congress’ deliberations on the issue of consumer privacy.

Speaking before the committee, Strickling discussed the need to improve the protection of consumer data privacy in the rapidly evolving Internet economy, noting that trust is imperative for the stability and continued growth of the Internet.

The hope, he said, is to establish multi-stakeholder approaches based on fair information practice principles (FIPPs) with flexibility to address privacy issues as they arise, enforceable codes of conduct and strengthened enforcement powers for the FTC.

“The administration now recommends that congress enact legislation to provide a firm legal foundation” for enforceable codes of conduct that would be designed to be flexible and create greater interoperability with other countries’ privacy laws, he said, adding that consumer privacy “remains a top priority.”

FTC Chairman Jon D. Leibowitz voiced support for the idea of a privacy bill of rights, noting that the reaction to the FTC’s report on consumer privacy and call for a do-not-track mechanism for Internet users has resulted in a record 446 comments during the report’s review period.

Protecting data will only improve trust on the Internet, he said, telling the committee, “Stakeholders have responded very, very positively to our call for do not track.”

Explaining that he remains “agnostic” as to whether such a mechanism should come from the private sector or be a legislative requirement, Leibowitz said do not track cannot be an “empty slogan;” it needs to be universal, easy-to-use and access, provide persistent opt-out protection for users and be enforceable.

Following on the recent release of privacy reports by the FTC and the Department of Commerce, the hearing featured a range of input on the collection and use of consumers’ personal information for commercial purposes.

“Modern technology has connected people with the world and led to new innovations, new products and new experiences,” Rockefeller said prior to the hearing, noting that with “these new opportunities come new risks. I want to know if the privacy protections we have in place are enough, or whether congress needs to step in and do more.”

Following the opening of the hearing, Sen. John Kerry (D-MA) spoke of his plan to introduce legislation calling for a “commercial privacy bill of rights” not to discourage innovation on the Internet but to encourage information sharing under a “common code of conduct” that respects individuals’ rights at time when technology “allows private entities to observe…Americans on a scale that is unimaginable.”

And, he warned, “Once a person’s information is collected, there are no legal limits on the further distribution of that information,” stressing that baseline privacy protections “are a matter of common sense.”

Recognizing the importance of privacy, Sen. Claire McCaskill (D-MO), who described the Internet economy as one where “behavioral monitoring equals money,” cautioned, “I just want to be sure that we don’t kill the goose that laid the golden egg here under the very laudable notion of privacy.”

Leibowitz and Strickling noted, however, that there has been industry support for baseline legislation.

That support, Leibowitz said, indicates that online companies recognize that with limits on tracking and improved privacy protection, “the sky won’t fall down on Internet commerce,” as with more trust, consumers are likely to do more business online.

Strickling added that there appears to be support among industry leaders for baseline privacy legislation, where a federal “privacy bill of rights” based on FIPPs would then allow organizations and industry to create the codes of conduct rather than having government draw the specific lines of just how privacy on the Internet would be protected.

With FIPPs-based legislation and FTC enforcement, Strickling said such a plan would allow what McCaskill referred to as the “good guys” to have some flexibility in terms of actual implementation to meet those requirements and enable enforcement for the “bad guys” who ignore the regulations.

During the second witness panel, industry and advocacy leaders weighed in on consumer privacy legislation.

Intuit’s Barbara Lawler, CIPP, spoke to the importance of customer trust and the value of principles-based privacy legislation that enables flexibility to offer data-driven solutions within sector-specific privacy laws.

Such legislation “is more likely to be understood by the public it seeks to protect” and win the international support that is essential in the global economy, she explained, adding that “codes of conduct, based on context…would build on top of a privacy baseline.”

Ashkan Soltani, a technology researcher and consultant who was the primary consultant in The Wall Street Journal’s “What They Know” series, described the current state of online tracking across the Internet. “Today’s consumer choice mechanisms fail to provide consumers with meaningful control,” he said.

Online tracking is pervasive, difficult to understand and hard to stop. “There’s a clear need for better privacy controls to limit unwanted tracking, and industry has not delivered.”

He called for technology and policy working in tandem.

Chris Calabrese of the American Civil Liberties Union added strong support for privacy legislation, stating that on the Internet, “data collection is neither benign nor anonymous.”

Erich D. Andersen of Microsoft Corporation endorsed the call for baseline privacy legislation.

The current sectoral approach “is confusing to consumers and costly for businesses.”

He said the company is committed to working with legislators in the effort to protect consumer privacy while supporting Internet innovations.

John Montgomery of GroupM Interaction described the self-regulatory process, recommending giving self-regulation an opportunity to work given that protecting consumer privacy is “not only the right thing to do, it is good for business.”

Kerry concluded the hearing by stating he is working with Sen. John McCain (R-AZ) on privacy legislation and hopes to have their bill in a form to be introduced very soon.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»