Obama Administration Proposes Consumer Privacy Bill of Rights

by Zack Kaldveer, CFC Communications Director, Privacy Revolt

By now most anyone that has come to this blog knows, at least in general terms, what is called behavioral targeting. This massive, growing multi-billion dollar industry is built on the tracking of you on the internet – and EVERYTHING you do on it…and then compiling, storing and selling that data to third party advertisers (while being accessed by government when requested…which we know is a lot)

This rise in behavioral tracking has made it possible for consumer information to be potentially misused, increases the threat of identity theft, and is a fundamental violation of privacy. Often times, such behavioral tracking is particularly targeted at vulnerable consumers for high-price loans, bogus health cures and other potentially harmful products and services. To date, to what extent "Do Not Track" rights exist, it has been a voluntary request from industry – which borders on pointless.

Now to my cautious optimism regarding the Obama Administration’s announcement last week that it supported a Consumer Privacy Bill of Rights. The proposal lays out seven principles of privacy protections, including the right to exercise control over the dissemination of one’s data and the right to transparent privacy policies. The bill of rights is not legislation, acting more as a framework and statement of principles, but it does at least sound like the Administration "gets it" in a way we haven’t heard before.

Consumers deserve the kinds of broad rights to protect their own information online the President is advocating – particularly that fundamental right to control how how personal data is used and that we deserve the right to avoid having our information collected and used for multiple unknown purposes. We also DESERVE the right to make sure our information is held securely, and not KEPT for long periods of time. And of course, we must have the right to hold those who are handling or misusing their personal data accountable when things go wrong.

To be sure, its an outline, and it still needs to make it through the legislative process (though the administration has threatened to bypass them…which is also a good sign) – meaning a GOP controlled House will have an opportunity to destroy, as it does with all public policy, anything it gets its hands on if it serves the profit motives of big business.

Clearly, when you talk about companies like Google, Apple, Facebook and Microsoft…we’re talking some big time heavy hitters with LARGE check books and hordes of high priced lobbyists. In other words, the devil will be in the details…and what will matter most might just be whether there are real, enforceable rules that punish these giants for breaking them.

But before I go into more of why tough legislation is needed – and privacy on the web is better protected, let’s get to some of the details released.

From the New York Times:

Companies responsible for the delivery of nearly 90 percent of online behavioral advertisements ‘ ads that appear on a user’s screen based on browsing and buying habits ‘ have agreed to comply when consumers choose to control online tracking, the consortium said on Wednesday.

But even if a click of a mouse or a touch of a button can thwart Internet tracking devices, there is no guarantee that companies won’t still manage to gather data on Web behavior. Compliance is voluntary on the part of consumers, Internet advertisers and commerce sites.

"The real question is how much influence companies like Google, Microsoft, Yahoo and Facebook will have in their inevitable attempt to water down the rules that are implemented and render them essentially meaningless,’ John M. Simpson, privacy project director for Consumer Watchdog, said in response to the administration’s plan. "A concern is that the administration’s privacy effort is being run out of the Commerce Department.’

It’s critical that government enact strong privacy regulations whose protections will remain with consumers as they interact on their home computer, cell phones, PDAs or even at the store down the street. Clear rules will help consumers understand how their information is used, obtained and tracked,’ said Amina Fazlullah of U.S. Public Interest Research Group. ‘In the event of abuse of consumer information, this legislation could provide consumers a clear pathway for assistance from government agencies or redress in the courts.’

The new privacy outline brings together several efforts to develop and enforce privacy standards that have been progressing for the last couple of years on parallel tracks, under the direction of advertisers, Internet commerce sites and software companies.

The next step will be for the Commerce Department to gather Internet companies and consumer advocates to develop enforceable codes of conduct aligned with a ‘Consumer Privacy Bill of Rights’ released as part of the administration’s plan on Wednesday. The bill of rights sets standards for the use of personal data, including individual control, transparency, security, access, accuracy and accountability.

Read more here.

Limiting commercial tracking of our online activities, not just in the commercial sphere, but protecting it from government that increasingly demands this information from private companies, is a critical challenge. Similarly, there’s a long, clear record that self regulation doesn’t work – so creating rules and laws to protect people’s privacy on the internet is not only necessary, but now possible.

In principle, the proposal does look good…so what I’ll be watching for is just how watered down this legislation becomes over time…and that we don’t forget some of the key protections necessary, as recently outlined by a coalition of consumer groups, including: