Posted by Yan-Li Ho ● Partner: Charles Alexander
The White House has released a paper setting out a framework for the protection of online consumer privacy adapting existing privacy principles
The paper is designed as a guide for the US Administration to work with Congress to eventually introduce legislation. It will not be mandatory. However, private sector companies that are not subject to existing data privacy laws will be encouraged to participate through codes of conduct that, once publicly and affirmatively adopted by companies subject to the jurisdiction of the US Federal Trade Commission (FTC), will be legally enforceable by the FTC.
The Bill of Rights will apply to commercial uses of personal information. This could potentially include any data, including aggregations of data, which is linkable to an individual. It could also potentially include data linked to a specific computer or other device. It gives seven key rights to users:
Individual control: a right to exercise control over what personal data companies collect from them and how they use it;
Transparency: a right to easily understandable and accessible information about privacy and security practices;
Respect for context: a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data;
Security: a right to secure and responsible handling of personal data;
Access and accuracy: a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate;
Focused collection: a right to reasonable limits on the personal data that companies collect and retain; and
Accountability: a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Bill of Rights.
While being a welcome step forward, enforcement by the FTC and a clear complaints process for consumers will be critical to ensuring that companies can be held accountable for adhering to their privacy codes of conduct. We understand the Obama Administration is encouraging the US Congress to provide the FTC with specific authority to enforce the Bill of Rights. In this area, striking the right balance involves sufficiently protecting consumers' privacy expectations while providing companies with the certainty they need to continue to grow online.
It is worth noting that the Bill of Rights does not cover any rights with regards to trans-border data flows. Currently, the US relies primarily on the FTC's case-by-case enforcement of general prohibitions on unfair or deceptive acts and practices. However, the increasing expansion of online businesses across borders arguably makes this approach unsustainable in the long-term. To this end, the White House's paper focuses on principles of enforcement cooperation between countries. It has been suggested the US Administration could jointly develop codes of conduct that support mutual recognition of legal regimes or perhaps adopt a voluntary system of cross border privacy rules, based on the existing APEC Privacy Framework.
In the coming months, we understand the US Administration will consult with various stakeholders, including other countries, to develop enforceable privacy codes of conduct that build on the draft Privacy Bill of Rights. A copy of the White House paper is available here.
0 comments:
Post a Comment