Speaking at today’s Senate Commerce Committee hearing on “The State of Online Consumer Privacy,” Assistant Secretary of Commerce Lawrence E. Strickling stated that the Obama administration supports comprehensive privacy legislation. As we noted in yesterday’s post, this announcement represents a shift in Administration policy. Although in its December 2010 “Green Paper,” Commerce recommended that consumers’ online activities be subject to greater protections, the Department stopped short of embracing baseline legislation as the way to ensure such protections. Strickling explained today that after reviewing the dozens of comments submitted in response to the Green Paper, the Department concluded that privacy legislation should be the foundation of the U.S. privacy framework.
Strickling explained that any privacy legislation should include three elements:
- First, the legislation should include a “consumer privacy bill of rights,” which would provide baseline consumer protections. The bill of rights would be based on a set of Fair Information Practice Principles (“FIPPs”), meaning widely-accepted principles for the handling of consumer information. Strickling suggested that baseline legislation would not only benefit consumers, but would also make the U.S. privacy framework more interoperable with international frameworks, many of which provide FIPPs-type protections. He stated that greater interoperability would benefit businesses by, for example, facilitating cross-border data transfers.
- Second, Strickling suggested that the legislation grant the FTC authority to enforce any baseline protections. Currently, a company that acts inconsistently with its privacy policy is subject to a potential enforcement action by the FTC for engaging in an unfair or deceptive trade practice under Section 5 of the FTC Act. According to Strickling, new legislation should explicitly grant the FTC additional authority to enforce the obligations the new legislation would create.
- Third, Strickling said the legislation should create a framework that would encourage the adoption of voluntary codes of conduct. This encouragement might come in the form of giving the FTC the authority to offer a safe harbor for companies that adhere to codes of conduct that are consistent with the baseline legislation. Codes of conduct are important, he explained, because they are quickly and easily adaptable to changing circumstances. He noted that codes of conduct can swiftly be amended to accommodate new technologies and consumers’ evolving expectations of privacy.
Strickling stated that the Department is still in the process of reviewing comments to the Green Paper and is continuing to work toward a more precise statement of Administration policy on consumer privacy. Although he did not provide a timeline for when we can expect such a statement, his testimony made it clear that the Executive Branch is more engaged on privacy issues that ever before. Coupled with the growing momentum behind privacy legislation in Congress, it is looking more and more likely that this could be a watershed year for privacy law.