Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Obama's Consumer Privacy Bill of Rights: 9 Facts

Here's what you need to know about the White House's new proposed consumer privacy framework--and its limits.

The Obama administration Thursday announced its proposal for a Consumer Privacy Bill of Rights, and called on Congress to pass legislation that will allow the Federal Trade Commission and state attorneys general to enforce the framework.

The Internet-focused bill of rights would provide consumers with a say in how their personal information gets collected and used online, require businesses to be transparent about their related data usage practices, and also compel businesses to appropriately secure people's personal data.

How exactly might the framework improve consumers' privacy online, and what are its limits? Here are nine related facts:

1. White House Now Wants Consumer Privacy Laws

The White House's push for an online consumer privacy law is new. "They've been working on this for a couple of years now," said Justin Brookman, the director for the non-profit civil liberties group Center for Democracy and Technology's Project on Consumer Privacy, via phone. "The biggest change is that they recognize that there should be legislation to make this happen, and that was our main criticism of the proposal before--that there may not be enough stick to get industry to the table without a law to make them follow certain rules."

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Fault. ]

2. Passing Related Law A Long Shot

But instead of waiting for a law, the White House has proposed a code of conduct with which key industry groups will agree to abide, backed by industry and government "co-regulation." Why doesn't the White House simply press for the law? "They recognize that it's a tough legislative cycle in an election year," said Brookman.

3. FTC Could Enforce Consumer Privacy

If getting a related law passed soon is a long shot, the proposed code of conduct is an innovative alternative. Notably, any business that says it will comply with the code of conduct will then have to do so. "Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC," according to the White House.

4. Privacy Laws Can Have Downsides

While Brookman said a law would be the most effective online consumer privacy enforcement mechanism, he said the absence of such legislation isn't a deal-breaker. "There are issues that a law can't cover anyway," he said, such as regulating new technologies or techniques for tracking consumers. There's also the open question of whether it's better to trust Congress to craft new laws involving technology, or if the specifics might be better worked out by industry groups and regulators.

5. Framework Avoids European Privacy Issues

Another issue with laws can be the difficulty of translating them into detailed rules and regulations, as Europe has discovered with its privacy directive. "They have this very high-level, broad law that says, 'protect people's privacy.' And what does that mean in practice? No one is exactly sure. And that's the difficulty that you always face when you try to translate high-level laws into rules," said Brookman.

6. "Do Not Track" Moves Forward

The Consumer Privacy Bill of Rights announcement included the news that the Digital Advertising Alliance had reversed its opposition to having a "do not track" feature in browsers that would enable consumers to easily opt out of being tracked by advertisers and marketers and served customized advertisements. The industry association has also announced that it's hoping to reach related agreements with browser makers by the end of the year.

7. Consumers May Still Be Tracked

But the White House's proposal stops short of allowing people to easily escape all tracking. Notably, consumers with preexisting relationships--for example, current users of Facebook or Google--could still be tracked across websites when they click a "like" or "#1" button.

8. Privacy Improvement Work Ongoing

The White House's privacy proposals aren't the only efforts underway to strengthen privacy protections for consumers. Notably, the World Wide Web Consortium (W3C) is crafting its own do not track standard. White House officials said that rather than their proposal competing with the W3C standard, they hoped the W3C might build on their framework.

9. California Targets Mobile App Privacy

Similarly, California's attorney general, Kamala D. Harris, said Wednesday that the state had received assurances from the six technology companies with the largest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--that they'd abide by new privacy principles. In part that's to bring them in line with a California law that requires all mobile apps that collect consumer information to have a privacy policy. Consumers will also be able to report apps that violate the privacy guidelines.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
2/24/2012 | 2:28:20 AM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Will be interesting to see how the do not track mechanism gets implemented.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
2/23/2012 | 6:45:32 PM
re: Obama's Consumer Privacy Bill of Rights: 9 Facts
Thank you for breaking this down for us and presenting it so prominently on your site!
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2319
PUBLISHED: 2019-12-12
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM84...
CVE-2019-2320
PUBLISHED: 2019-12-12
Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ805...
CVE-2019-2321
PUBLISHED: 2019-12-12
Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra...
CVE-2019-2337
PUBLISHED: 2019-12-12
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ809...
CVE-2019-2338
PUBLISHED: 2019-12-12
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastruc...