Risk
2/23/2012
12:08 PM
50%
50%

Obama's Consumer Privacy Bill of Rights: 9 Facts

Here's what you need to know about the White House's new proposed consumer privacy framework--and its limits.

The Obama administration Thursday announced its proposal for a Consumer Privacy Bill of Rights, and called on Congress to pass legislation that will allow the Federal Trade Commission and state attorneys general to enforce the framework.

The Internet-focused bill of rights would provide consumers with a say in how their personal information gets collected and used online, require businesses to be transparent about their related data usage practices, and also compel businesses to appropriately secure people's personal data.

How exactly might the framework improve consumers' privacy online, and what are its limits? Here are nine related facts:

1. White House Now Wants Consumer Privacy Laws

The White House's push for an online consumer privacy law is new. "They've been working on this for a couple of years now," said Justin Brookman, the director for the non-profit civil liberties group Center for Democracy and Technology's Project on Consumer Privacy, via phone. "The biggest change is that they recognize that there should be legislation to make this happen, and that was our main criticism of the proposal before--that there may not be enough stick to get industry to the table without a law to make them follow certain rules."

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Fault. ]

2. Passing Related Law A Long Shot

But instead of waiting for a law, the White House has proposed a code of conduct with which key industry groups will agree to abide, backed by industry and government "co-regulation." Why doesn't the White House simply press for the law? "They recognize that it's a tough legislative cycle in an election year," said Brookman.

3. FTC Could Enforce Consumer Privacy

If getting a related law passed soon is a long shot, the proposed code of conduct is an innovative alternative. Notably, any business that says it will comply with the code of conduct will then have to do so. "Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC," according to the White House.

4. Privacy Laws Can Have Downsides

While Brookman said a law would be the most effective online consumer privacy enforcement mechanism, he said the absence of such legislation isn't a deal-breaker. "There are issues that a law can't cover anyway," he said, such as regulating new technologies or techniques for tracking consumers. There's also the open question of whether it's better to trust Congress to craft new laws involving technology, or if the specifics might be better worked out by industry groups and regulators.

5. Framework Avoids European Privacy Issues

Another issue with laws can be the difficulty of translating them into detailed rules and regulations, as Europe has discovered with its privacy directive. "They have this very high-level, broad law that says, 'protect people's privacy.' And what does that mean in practice? No one is exactly sure. And that's the difficulty that you always face when you try to translate high-level laws into rules," said Brookman.

6. "Do Not Track" Moves Forward

The Consumer Privacy Bill of Rights announcement included the news that the Digital Advertising Alliance had reversed its opposition to having a "do not track" feature in browsers that would enable consumers to easily opt out of being tracked by advertisers and marketers and served customized advertisements. The industry association has also announced that it's hoping to reach related agreements with browser makers by the end of the year.

7. Consumers May Still Be Tracked

But the White House's proposal stops short of allowing people to easily escape all tracking. Notably, consumers with preexisting relationships--for example, current users of Facebook or Google--could still be tracked across websites when they click a "like" or "#1" button.

8. Privacy Improvement Work Ongoing

The White House's privacy proposals aren't the only efforts underway to strengthen privacy protections for consumers. Notably, the World Wide Web Consortium (W3C) is crafting its own do not track standard. White House officials said that rather than their proposal competing with the W3C standard, they hoped the W3C might build on their framework.

9. California Targets Mobile App Privacy

Similarly, California's attorney general, Kamala D. Harris, said Wednesday that the state had received assurances from the six technology companies with the largest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--that they'd abide by new privacy principles. In part that's to bring them in line with a California law that requires all mobile apps that collect consumer information to have a privacy policy. Consumers will also be able to report apps that violate the privacy guidelines.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
2/23/2012 | 6:45:32 PM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Thank you for breaking this down for us and presenting it so prominently on your site!
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/24/2012 | 2:28:20 AM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Will be interesting to see how the do not track mechanism gets implemented.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5314
Published: 2014-11-23
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

CVE-2014-5325
Published: 2014-11-23
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity refe...

CVE-2014-5326
Published: 2014-11-23
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?