Commerce Department Signals Support for Self-Regulation

The U.S. Department of Commerce today released its own report on commercial data privacy, yet another indication of increased government focus on online data usage. On the heels of a Federal Trade Commission report calling online ad industry self-regulators too slow and essentially ineffective, the DOC’s report indicates support for voluntary programs protecting commercial data privacy.

United States Department of Commercephoto © 2009 Steve Snodgrass | more info (via: Wylio)

It also calls for the establishment of a new division of the department to deal solely with commercial data privacy, and makes a push towards ensuring that privacy codes are feasible across the globe.

Some privacy advocates were not pleased with a DOC document, calling it vague and suggesting it does more to protect industry than consumers. Meanwhile industry responses were positive. The Direct Marketing Association, for instance, praised the report’s “strong support for industry self-regulation.”

Privacy advocate Jeff Chester, executive director of the Center for Digital Democracy, panned the report, stating it “illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online. The Commerce Department is focused on promoting the interests of industry and business – not consumers.”

The “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework” report, guided by the DOC’s Internet Policy Task Force, lays out a set of Fair Information Practice Principles for commercial data privacy. Key components are “accessible, clear, meaningful, salient, and comprehensible” transparency of data practices through “simple” notices, “use of robust audit systems to bolster accountability,” and “commitments to limit data uses.”

The report suggests that current notice-and-choice approaches don’t “appear to provide adequately transparent descriptions of personal data use, which may leave consumers with doubts (or even misunderstandings) about how companies handle personal data and inhibit their exercise of informed choices.” While the DOC distinctly refers to personally identifiable information or PII in its report, the FTC has all but dismissed the notion that PII should be considered as a separate case from all consumer data.

Throughout its report, the Commerce Department encourages development of voluntary, enforceable privacy codes of conduct for particular industries, and suggests that a new DOC division could serve as a hub for efforts among stakeholders and the FTC.

The proposed Privacy Policy Office would work with the FTC and other agencies, and focus only on commercial data privacy. The DOC suggested such a body “may be conducive” to enabling the FTC’s proposed do-not-track system.

A group convened by a Privacy Policy Office, “composed of leaders from key multi-stakeholder institutions and U.S. government officials,” notes the report, “could address new commercial data privacy challenges as they arise and develop guidelines for voluntary, enforceable commercial data privacy codes as needed to ensure that no harm occurs while expectations form around new technologies.”

In deference to the FTC, the DOC suggested “stepped up” FTC enforcement capabilities, and stressed it would only “coordinate with the FTC, which will continue to serve independent enforcement, rulemaking, agency policymaking, and education roles.” It also suggested the Obama Administration consider legislation establishing safe harbor for companies compliant with voluntary, enforceable codes of conduct.

Unlike most other commercial data privacy initiatives, the DOC wants the U.S. approach to have a worldwide footprint. The report states that, “the U.S. Government should work with our allies and trading partners to promote low-friction, cross-border data flow through increased global interoperability of privacy frameworks.”

Google weighed in on that idea, stating on its Public Policy blog, “We strongly support the Commerce Department engaging more actively internationally including the creation of a global framework for privacy to better address international data flows.”

Related reading