TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | On Consumer Privacy, President Obama Makes Up for Lost Time Related reading: The Changing Nature of Privacy Practice

rss_feed
GDPR-Ready_300x250-Ad

It is going on three years since the Obama administration announced its privacy blueprint articulating the Consumer Privacy Bill of Rights. That blueprint called for passage of “legislation adopting the Consumer Privacy Bill of Rights” and laid out a roadmap for what such legislation should look like.

As the leader of the administration’s work on consumer privacy, I worked over the following year with my staff in the Commerce Department’s Office of General Counsel and National Telecommunications and Information Administration (NTIA) to put this roadmap into legislative language and pave the way for introduction of a bill. By 2013, I had reached the conclusion that the administration should go ahead and put out its own proposal for baseline privacy legislation.

I thought then that releasing proposed legislation would help to explain a novel regulatory model and begin serious debate about baseline consumer privacy legislation. It would also demonstrate to European partners and others a commitment to maintaining the strength of America’s multifaceted privacy regime.

One of my first reactions to the Snowden disclosures was, well there goes the idea of putting out consumer legislation now.

The roadmap laid out in the 2012 blueprint centered on broad and flexible application of principles in the Consumer Privacy Bill of Rights, which reframed the longstanding and widely-adopted Fair Information Practice Principles (FIPPs) for the era of ubiquitous computing and user-generated data. What was most novel about this adaptation above all was the centrality of context, the explicit recognition that how data is collected, used and disclosed should be a function of the context in which the data is providedthe Respect for Context principle. Second, rather than undertake and prescribe the application of Consumer Privacy Bill of Rights principles in a host of contexts, the framework relies on multistakeholder codes of conduct and FTC adjudication to apply the principles in specific contexts.

This approach consciously favors flexibility and adaptability over certainty and predictability, mirroring a digital world in which new versions and new models are introduced continuously to keep pace with changes in technology and the marketplace. The approach deliberately leaves a lot of questions unanswered, but the alternative risks being overly prescriptive. Releasing draft legislation would help articulate the approach and jumpstart discussion.

Then along came Edward Snowden.

One of my first reactions to the Snowden disclosures was, well there goes the idea of putting out consumer legislation now. The disclosures ignited an international debate about privacy and data collection, but focused on government surveillance. For the administration to put out legislation at that stage would have looked like an effort to deflect attention to the private sector at a time when U.S. businesses were reeling from the fallout. Indeed, even after the President announced surveillance reforms six months later, some companies saw the simultaneous announcement of the White House Big Data Task force in that light.

After an 18-month hiatus in the wake of the Snowden revelations, now his administration is moving to show the way and restore global trust.

The report from Big Data Task Force paved the way to put legislation forward, directing the Commerce Department to seek public comment and then “devise legislative text for consideration by stakeholders and submission by the president to Congress.” The Task Force and the accompanying report by the President’s Council of Advisers on Science and Technology expanded the case for carefully balanced legislation by laying out both the benefits and the risks of big data more thoroughly and concretely than did our 2012 blueprint. Many of the comments in the public consultation that followed supported the enduring application of the FIPPs in the era of big data.

In his speech at the FTC last week, President Obama took the next step, committing to introduce legislation by the end of February. In his forward to the 2012 blueprint, Obama promised to “work with Congress to write these general principles into law.” After an 18-month hiatus in the wake of the Snowden revelations, now his administration is moving to show the way and restore global trust. His State of the Union speech tonight will be one more step.

Let the debate begin.

photo credit: Todd Ehlers via photopin cc

1 Comment

If you want to comment on this post, you need to login.

  • comment Larry • Jan 20, 2015
    The real problem with this is the term "right" - rights are enumerated in the constitution not in enacted in law.  Rights are typically about the relationship between the people and the government. Rights are not subject to congressional action without changing the constitution.  And rights are typically "enforced" by the courts, not the executive branch - because, mostly, rights are about things the executive branch isn't allowed to do!  Updating the privacy principles (implied that is what this actually does) and expanding the sector privacy regime the US has in place would be a better way to phrase what is incorrectly termed as new "rights" - adding the potential for numerous lawsuits about breaches of those rights...