Risk
2/23/2012
12:08 PM
Connect Directly
RSS
E-Mail
50%
50%

Obama's Consumer Privacy Bill of Rights: 9 Facts

Here's what you need to know about the White House's new proposed consumer privacy framework--and its limits.

The Obama administration Thursday announced its proposal for a Consumer Privacy Bill of Rights, and called on Congress to pass legislation that will allow the Federal Trade Commission and state attorneys general to enforce the framework.

The Internet-focused bill of rights would provide consumers with a say in how their personal information gets collected and used online, require businesses to be transparent about their related data usage practices, and also compel businesses to appropriately secure people's personal data.

How exactly might the framework improve consumers' privacy online, and what are its limits? Here are nine related facts:

1. White House Now Wants Consumer Privacy Laws

The White House's push for an online consumer privacy law is new. "They've been working on this for a couple of years now," said Justin Brookman, the director for the non-profit civil liberties group Center for Democracy and Technology's Project on Consumer Privacy, via phone. "The biggest change is that they recognize that there should be legislation to make this happen, and that was our main criticism of the proposal before--that there may not be enough stick to get industry to the table without a law to make them follow certain rules."

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Fault. ]

2. Passing Related Law A Long Shot

But instead of waiting for a law, the White House has proposed a code of conduct with which key industry groups will agree to abide, backed by industry and government "co-regulation." Why doesn't the White House simply press for the law? "They recognize that it's a tough legislative cycle in an election year," said Brookman.

3. FTC Could Enforce Consumer Privacy

If getting a related law passed soon is a long shot, the proposed code of conduct is an innovative alternative. Notably, any business that says it will comply with the code of conduct will then have to do so. "Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC," according to the White House.

4. Privacy Laws Can Have Downsides

While Brookman said a law would be the most effective online consumer privacy enforcement mechanism, he said the absence of such legislation isn't a deal-breaker. "There are issues that a law can't cover anyway," he said, such as regulating new technologies or techniques for tracking consumers. There's also the open question of whether it's better to trust Congress to craft new laws involving technology, or if the specifics might be better worked out by industry groups and regulators.

5. Framework Avoids European Privacy Issues

Another issue with laws can be the difficulty of translating them into detailed rules and regulations, as Europe has discovered with its privacy directive. "They have this very high-level, broad law that says, 'protect people's privacy.' And what does that mean in practice? No one is exactly sure. And that's the difficulty that you always face when you try to translate high-level laws into rules," said Brookman.

6. "Do Not Track" Moves Forward

The Consumer Privacy Bill of Rights announcement included the news that the Digital Advertising Alliance had reversed its opposition to having a "do not track" feature in browsers that would enable consumers to easily opt out of being tracked by advertisers and marketers and served customized advertisements. The industry association has also announced that it's hoping to reach related agreements with browser makers by the end of the year.

7. Consumers May Still Be Tracked

But the White House's proposal stops short of allowing people to easily escape all tracking. Notably, consumers with preexisting relationships--for example, current users of Facebook or Google--could still be tracked across websites when they click a "like" or "#1" button.

8. Privacy Improvement Work Ongoing

The White House's privacy proposals aren't the only efforts underway to strengthen privacy protections for consumers. Notably, the World Wide Web Consortium (W3C) is crafting its own do not track standard. White House officials said that rather than their proposal competing with the W3C standard, they hoped the W3C might build on their framework.

9. California Targets Mobile App Privacy

Similarly, California's attorney general, Kamala D. Harris, said Wednesday that the state had received assurances from the six technology companies with the largest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--that they'd abide by new privacy principles. In part that's to bring them in line with a California law that requires all mobile apps that collect consumer information to have a privacy policy. Consumers will also be able to report apps that violate the privacy guidelines.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/24/2012 | 2:28:20 AM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Will be interesting to see how the do not track mechanism gets implemented.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
2/23/2012 | 6:45:32 PM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Thank you for breaking this down for us and presenting it so prominently on your site!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.