- transparent privacy and data security practices;
- expect that companies will collect, use and disclose data in a manner consistent with the context in which it was collected;
- have their data handled in a secure manner;
- access and correct personal data;
- set reasonable limits on the personal data that companies collect and retain; and
- have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
In a press release, the Administration stated its intention to work with Congress to draft legislation based on the Consumer Privacy Bill of Rights. According to the report, “enacting the Consumer Privacy Bill of Rights through Federal legislation would increase legal certainty for companies, strengthen consumer trust, and bolster the United States’ ability to lead consumer data privacy engagements with our international partners.”
As reported in BNA’s Privacy Law Watch, Lisa J. Sotto, partner and head of Hunton & Williams’ Global Privacy and Data Security practice, said “Members of Congress will certainly see this as an influential document when considering new legislation. Privacy is a bipartisan issue that everyone can agree on, but of course the devil is in the details, and where it goes from here remains to be seen.”
The report also describes an open forum in which stakeholders will work toward consensus on codes of conduct that would implement the provisions of the Consumer Privacy Bill of Rights. Although their adoption by organizations is voluntary, the codes will be enforceable. The report emphasizes the critical role of the FTC in privacy enforcement and encourages Congress to provide the FTC and state attorneys general with specific authority to enforce the Consumer Privacy Bill of Rights.
Finally, the report underscores the Administration’s goal of global interoperability of privacy protections facilitated by effective enforcement and accountability mechanisms.
The report builds on the recommendations of the Department of Commerce Internet Policy Task Force’s “Green Paper” on privacy, entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”