skip to main content

Does the US Need the Privacy Bill of Rights Enacted into Law?

AcxiomAugust 18, 2014

Last month the NTIA (the Department of Commerce’s National Telecommunications and Information Administration) requested public comments on their Consumer Privacy Bill of Rights, first proposed in their 2012 report, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.  This feedback was one of the recommendations in the May 2014 White House’s report on big data.

Specifically, NTIA asked for comments on:

  • How the principles in the Consumer Privacy Bill of Rights support innovations related to big data, while also responding to potential privacy risks;
  • Whether the Consumer Privacy Bill of Rights should be clarified or modified to better accommodate the benefits or risks of big data;
  • Whether a responsible use framework should be used to address the challenges posed by big data; and,
  • Mechanisms to best address the limits of the “notice and consent” model for privacy protection noted in the White House Big Data report.

In general, the feedback provided by industry questions whether now is the right time for broad based privacy legislation in the U.S., regardless of how the Europeans feel, and instead endorses strong self-regulation as the best way to curtail big data practices that are harmful to individuals while preserving the benefits that robust use of data bring.  A number of trade associations specifically call out the benefits to consumers and our economy that come from the collection and sharing of data for marketing purposes.  They point out that that the President’s own working group on big data recognized in its May 2014 report, the collection, use, and sharing of data have fueled economic growth and provided tremendous benefits for consumers and businesses alike.  Big data, in particular, has unleashed exciting new innovations that increase consumer welfare in a myriad of ways.  Consumers have only begun to benefit from big data’s contributions to the development of new products and services and to job creation in a wide range of industry sectors.

They collectively defend that now is not the right time for legislation because there is no evidence of harm to individuals that would justify new legal requirements.  Furthermore, the current sector-specific regulatory approach coupled with self-regulation is adequately addressing current issues with data collection and use.  They point to the DMA’s Guidelines for Ethical Business Practice and the DAA’s (Digital Advertising Alliance) code of conduct as successful examples of self-regulation in the offline, online and mobile marketing space.  Furthermore, the speed at which Congress reacts to new and innovative technology and business models is too slow to keep up with the pace of change.

NTIA specifically included questions related to the potential for discrimination, which has been a recurring area of concern at the FTC for several years.  Also discussed in the White House Big Data Report, industry takes the position that existing laws, which are vigorously enforced, already address discrimination against certain individuals and groups.  Comments to NTIA further note that market segmentation for advertising and marketing purposes does not equate to discrimination and that, to the extent marketing data could be misused for discriminatory purposes, such activities are already addressed by existing law.

The administration was also encouraged by industry to defend and promote the merits and effectiveness of the U.S. approach to protecting consumer privacy in a data rich environment, and to continue to seek ways to reduce the barriers to cross-border data flows.

It is unclear at this writing what the next steps from NTIA will be.  We can be sure that Congress will not pass broad based privacy legislation this year, and it is questionable whether the next Congress will make it a priority either.