Jon Leibowitz, chairman of the Federal Trade Commission, and Cameron Kerry, general counsel of the Department of Commerce, spoke today about the need for industry codes of conduct to address emerging privacy issues.  They were the featured speakers at an event held by the Brookings Institution on strategies to protect consumer privacy while ensuring continued innovation on the Internet.

As we previously discussed, the Commerce Department has called for baseline consumer privacy protections that would serve as the basis for codes of conduct that specify how the baseline principles apply in particular contexts.  At today’s event, Kerry provided more detail about the Department’s proposal.

According to Kerry, it is clear that more than self-regulation is needed, and that the government should provide a nudge by convening a multistakeholder process to discuss the development of industry codes of conduct.  The Commerce Department plans to initiate the process by identifying specific areas where practices are unclear, asking for written submissions or draft codes, setting dates and places for meetings, allowing remote participation to ensure that the process is visible and accessible to all, and enabling people to submit comments.  The FTC would be charged with deciding whether a given code sufficiently implements the baseline principles.  Kerry stressed that the Department does not intend to (1) be the gatekeeper in deciding who can participate, (2) hold the pen, or (3) force anybody to adopt a code of conduct.  The Department also will not wait for privacy legislation to pass:  it will move forward in convening multistakeholder discussions, and it will continue its ongoing dialogue with the FTC.

Leibowitz noted that self-regulatory efforts have led to a series of positive steps to protect consumer privacy, even though these initiatives have not yet been fully implemented.  He called industry codes of conduct a promising development, and he made four observations about the multistakeholder process:  (1) it must be driven by clear standards, (2) it needs to be transparent and involve all stakeholders, (3) it should result in enforceable standards, and (4) the resulting standards need to be strong – and non-regulatory standards that can be easily implemented by businesses would be even better.  Leibowitz also mentioned that the FTC is still in the process of reviewing the 450+ comments submitted about its Dec. 2010 preliminary staff report on protecting consumer privacy, and that it expects to issue a final report later this year. 

The event was well-attended, drawing representatives from industry, academia, consumer advocacy groups, other government institutions, and the press.