For the past two years, the Obama administration has been developing a framework for a Bill of Rights that would protect American citizens from misuse of their personal information on the Internet.  The President intends these rights to allow Americans to have more control over how information about them will be used and offers new legal and technical tools to enable Americans to defend their privacy.

Through three vehicles – the Consumer Privacy Bill of Rights, codes of conduct, and strong enforcement – the Administration intends to “increase interoperability between the U.S. consumer data privacy framework and those of [its] international partners.”  The Administration believes it is responsible for protecting Americans who use the Internet; and it expects its flexible approach will allow these protections to continually evolve and accommodate the ever-changing advances in technology. 

Objectives

Some of the goals advanced by this Bill of Rights include:

• To help ensure continued economic prosperity
• To help increase openness among global business partners
• To coordinate efforts to pass comprehensive privacy legislation

The Bill of Rights applies to “personal data, which means any data, including aggregations of data, that is linkable to a specific individual.  Personal data may include data that is linked to a specific computer or other device.”

The Bill of Rights sets forth seven general principles to guide future rule-making and legislation:

1. INDIVIDUAL CONTROL:  Consumers have a right to exercise control over what personal data companies collect from them and how they use it. 
2. TRANSPARENCY:  Consumers have a right to easily understandable and accessible information about privacy and security practices. 
3. RESPECT FOR CONTEXT:  Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. 
4. SECURITY:  Consumers have a right to secure and responsible handling of personal data. 
5. ACCESS AND ACCURACY:  Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate. 
6. FOCUSED COLLECTION:  Consumers have a right to reasonable limits on the personal data that companies collect and retain. 
7. ACCOUNTABILITY:  Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights. 

Steps to Implement 

Back in 2011, the President decided to establish a board of overseers to monitor the government’s use of personal information in law enforcement.  That very May, he released his “International Strategy for Cyberspace” which has influenced international relations between companies.  In order to ensure dynamic laws, the National Telecommunications and Information Administration (NTIA) called on stakeholders, such as commercial and privacy advocates, to develop a code for specific industry sectors.  The Administration plans to give specific authority to the Federal Trade Commission and State Attorneys General to enforce the Consumer Privacy Bill of Rights.  The codes outline how companies can respect the principles the Administration believes should be enforced through FTC-approved methods.  From a global standpoint, the Bill of Rights recognizes the need for a separate, international code of conduct – one that recognizes existing privacy frameworks in other countries – and cooperative global enforcement.

Who is Impacted?

The primary reason for establishing the Bill of Rights is to protect the American consumer.  Americans should have control over how personal information is used on the Internet.

Some Internet companies already have responded to FTC concerns and implemented the use of “Do Not Track” technology so users can more easily control online tracking.

As for global traders and business partners, the Bill of Rights intends to foster more openness across global internet networks and companies by allowing for the free flow of information from network to network.

What’s to Come

Currently, the Bill of Rights is a blueprint and does not include enforceable rules. However, the Administration intends to implement its stated objectives through legislation and a multi-stakeholder rule-making process.

Sources:

White House Fact Sheet: Plan to Protect Privacy in the Internet Age by Adopting a Consumer Privacy Bill of Rights

Consumer Data Privacy Framework Report