By Alexei Alexis
March 5 --A U.S. consumer privacy “bill of rights,” as outlined by the White House, might not be sufficient on its own to address the emerging world of big data, Federal Trade Commissioner Julie Brill said March 5.
Although the proposal would represent an important step forward, it might need to be supplemented by data broker legislation and other solutions, Brill said at an event hosted by Microsoft Corp.
In February 2012, the White House called on Congress to pass a Consumer Privacy Bill of Rights for the digital age . Under the proposal, the Federal Trade Commission would have new authority to write and enforce general privacy rules for the first time.
Fred H. Cate, distinguished professor and C. Ben Dutton professor of law at Indiana University Maurer School of Law, said the White House proposal is rooted in the unrealistic premise that consumers should be given the right to exercise full control over the collection of their personal data, both online and offline.
“With this massive amount of data flowing around us, it's simply not going to be conceivable,” Cate, who is a member of the advisory board for Bloomberg BNA's Privacy & Security Law Report, said.
He said the proposal would build on a failed approach under the Health Insurance Portability and Accountability Act and other laws that place the onus on consumers to read and respond to lengthy privacy notices.
Similar concerns were raised by Peter Cullen, general manager of trustworthy computing governance at Microsoft.
Cate and Cullen collaborated on a December 2013 white paper calling for a new U.S. privacy model that shifts responsibility for data protection to businesses and away from individuals. It also focuses on data use rather than data collection.
Chris Calabrese, legislative counsel for the American Civil Liberties Union, said that such a model has the potential to undermine the importance of consumer control. He also differed with Cate and Cullen over the value of the White House proposal.
The proposal “would be a dramatic step forward,” Calabrese said. “The administration should release the legislative language.”
The ACLU and other public interest groups recently urged the White House to renew its push for legislation to update U.S. consumer privacy laws (13 PVLR 372, 3/3/14).
There is no single federal law in the U.S. governing consumer privacy. Instead, there is a patchwork of federal and state privacy regulations and industry best practices and self-regulatory standards.
The FTC has urged the enactment of both a general privacy bill and legislation addressing specific concerns around “data brokers,” which collect and compile consumer information and sell it to third parties.
The White House is in the process of conducting a related review of big data use within the government and private sector (see related report).
On March 4, the Office of Science and Technology published a request for public comment on the adequacy of consumer protection laws in addressing big data issues (see related report).
To contact the reporter on this story: Alexei Alexis in Washington at email@example.com
To contact the editor responsible for this story: Heather Rothman at firstname.lastname@example.org
Full text of the white paper by Cullen and Cate, Data Protection Principles for the 21st Century, is available at http://op.bna.com/pl.nsf/r?Open=dapn-9gyjvw .
To view additional stories from Privacy & Security Law Report® register for a free trial now