Risk
2/23/2012
12:08 PM
Connect Directly
RSS
E-Mail
50%
50%

Obama's Consumer Privacy Bill of Rights: 9 Facts

Here's what you need to know about the White House's new proposed consumer privacy framework--and its limits.

The Obama administration Thursday announced its proposal for a Consumer Privacy Bill of Rights, and called on Congress to pass legislation that will allow the Federal Trade Commission and state attorneys general to enforce the framework.

The Internet-focused bill of rights would provide consumers with a say in how their personal information gets collected and used online, require businesses to be transparent about their related data usage practices, and also compel businesses to appropriately secure people's personal data.

How exactly might the framework improve consumers' privacy online, and what are its limits? Here are nine related facts:

1. White House Now Wants Consumer Privacy Laws

The White House's push for an online consumer privacy law is new. "They've been working on this for a couple of years now," said Justin Brookman, the director for the non-profit civil liberties group Center for Democracy and Technology's Project on Consumer Privacy, via phone. "The biggest change is that they recognize that there should be legislation to make this happen, and that was our main criticism of the proposal before--that there may not be enough stick to get industry to the table without a law to make them follow certain rules."

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Fault. ]

2. Passing Related Law A Long Shot

But instead of waiting for a law, the White House has proposed a code of conduct with which key industry groups will agree to abide, backed by industry and government "co-regulation." Why doesn't the White House simply press for the law? "They recognize that it's a tough legislative cycle in an election year," said Brookman.

3. FTC Could Enforce Consumer Privacy

If getting a related law passed soon is a long shot, the proposed code of conduct is an innovative alternative. Notably, any business that says it will comply with the code of conduct will then have to do so. "Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC," according to the White House.

4. Privacy Laws Can Have Downsides

While Brookman said a law would be the most effective online consumer privacy enforcement mechanism, he said the absence of such legislation isn't a deal-breaker. "There are issues that a law can't cover anyway," he said, such as regulating new technologies or techniques for tracking consumers. There's also the open question of whether it's better to trust Congress to craft new laws involving technology, or if the specifics might be better worked out by industry groups and regulators.

5. Framework Avoids European Privacy Issues

Another issue with laws can be the difficulty of translating them into detailed rules and regulations, as Europe has discovered with its privacy directive. "They have this very high-level, broad law that says, 'protect people's privacy.' And what does that mean in practice? No one is exactly sure. And that's the difficulty that you always face when you try to translate high-level laws into rules," said Brookman.

6. "Do Not Track" Moves Forward

The Consumer Privacy Bill of Rights announcement included the news that the Digital Advertising Alliance had reversed its opposition to having a "do not track" feature in browsers that would enable consumers to easily opt out of being tracked by advertisers and marketers and served customized advertisements. The industry association has also announced that it's hoping to reach related agreements with browser makers by the end of the year.

7. Consumers May Still Be Tracked

But the White House's proposal stops short of allowing people to easily escape all tracking. Notably, consumers with preexisting relationships--for example, current users of Facebook or Google--could still be tracked across websites when they click a "like" or "#1" button.

8. Privacy Improvement Work Ongoing

The White House's privacy proposals aren't the only efforts underway to strengthen privacy protections for consumers. Notably, the World Wide Web Consortium (W3C) is crafting its own do not track standard. White House officials said that rather than their proposal competing with the W3C standard, they hoped the W3C might build on their framework.

9. California Targets Mobile App Privacy

Similarly, California's attorney general, Kamala D. Harris, said Wednesday that the state had received assurances from the six technology companies with the largest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--that they'd abide by new privacy principles. In part that's to bring them in line with a California law that requires all mobile apps that collect consumer information to have a privacy policy. Consumers will also be able to report apps that violate the privacy guidelines.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
2/23/2012 | 6:45:32 PM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Thank you for breaking this down for us and presenting it so prominently on your site!
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/24/2012 | 2:28:20 AM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Will be interesting to see how the do not track mechanism gets implemented.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

Best of the Web
Dark Reading Radio