Here's what you need to know about the White House's new proposed consumer privacy framework--and its limits.

Mathew J. Schwartz, Contributor

February 23, 2012

4 Min Read

The Obama administration Thursday announced its proposal for a Consumer Privacy Bill of Rights, and called on Congress to pass legislation that will allow the Federal Trade Commission and state attorneys general to enforce the framework.

The Internet-focused bill of rights would provide consumers with a say in how their personal information gets collected and used online, require businesses to be transparent about their related data usage practices, and also compel businesses to appropriately secure people's personal data.

How exactly might the framework improve consumers' privacy online, and what are its limits? Here are nine related facts:

1. White House Now Wants Consumer Privacy Laws

The White House's push for an online consumer privacy law is new. "They've been working on this for a couple of years now," said Justin Brookman, the director for the non-profit civil liberties group Center for Democracy and Technology's Project on Consumer Privacy, via phone. "The biggest change is that they recognize that there should be legislation to make this happen, and that was our main criticism of the proposal before--that there may not be enough stick to get industry to the table without a law to make them follow certain rules."

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Fault. ]

2. Passing Related Law A Long Shot

But instead of waiting for a law, the White House has proposed a code of conduct with which key industry groups will agree to abide, backed by industry and government "co-regulation." Why doesn't the White House simply press for the law? "They recognize that it's a tough legislative cycle in an election year," said Brookman.

3. FTC Could Enforce Consumer Privacy

If getting a related law passed soon is a long shot, the proposed code of conduct is an innovative alternative. Notably, any business that says it will comply with the code of conduct will then have to do so. "Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC," according to the White House.

4. Privacy Laws Can Have Downsides

While Brookman said a law would be the most effective online consumer privacy enforcement mechanism, he said the absence of such legislation isn't a deal-breaker. "There are issues that a law can't cover anyway," he said, such as regulating new technologies or techniques for tracking consumers. There's also the open question of whether it's better to trust Congress to craft new laws involving technology, or if the specifics might be better worked out by industry groups and regulators.

5. Framework Avoids European Privacy Issues

Another issue with laws can be the difficulty of translating them into detailed rules and regulations, as Europe has discovered with its privacy directive. "They have this very high-level, broad law that says, 'protect people's privacy.' And what does that mean in practice? No one is exactly sure. And that's the difficulty that you always face when you try to translate high-level laws into rules," said Brookman.

6. "Do Not Track" Moves Forward

The Consumer Privacy Bill of Rights announcement included the news that the Digital Advertising Alliance had reversed its opposition to having a "do not track" feature in browsers that would enable consumers to easily opt out of being tracked by advertisers and marketers and served customized advertisements. The industry association has also announced that it's hoping to reach related agreements with browser makers by the end of the year.

7. Consumers May Still Be Tracked

But the White House's proposal stops short of allowing people to easily escape all tracking. Notably, consumers with preexisting relationships--for example, current users of Facebook or Google--could still be tracked across websites when they click a "like" or "#1" button.

8. Privacy Improvement Work Ongoing

The White House's privacy proposals aren't the only efforts underway to strengthen privacy protections for consumers. Notably, the World Wide Web Consortium (W3C) is crafting its own do not track standard. White House officials said that rather than their proposal competing with the W3C standard, they hoped the W3C might build on their framework.

9. California Targets Mobile App Privacy

Similarly, California's attorney general, Kamala D. Harris, said Wednesday that the state had received assurances from the six technology companies with the largest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--that they'd abide by new privacy principles. In part that's to bring them in line with a California law that requires all mobile apps that collect consumer information to have a privacy policy. Consumers will also be able to report apps that violate the privacy guidelines.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights