White House's Online Privacy Plan Gets Mixed Reaction
The Obama administration's recent call for new codes of conduct for handling private consumer data on the Internet has evoked sharply different, if somewhat predictable, responses from rights groups and industry stakeholders.
In comments filed with the National Telecommunications and Information Administration (NTIA) over the past few weeks, privacy groups expressed hope that the proposed codes will result in meaningful privacy protections for consumers.
Meanwhile, Internet marketers and industry stakeholders expressed concern that the codes are duplicative to current voluntary codes and would be burdensome to businesses.
Over the next few months, the NTIA and other stakeholders will use the comments as a basis for developing legally enforceable online privacy codes of conduct for the Internet.
The Obama administration in February released a 60-page Consumer Privacy Bill of Rights that contained a set of high-level privacy principles for Internet personal data of consumers.
The codes of conduct being developed by the NTIA will be enforceable by the U.S. Federal Trade Commission.
The NTIA document will spell out exactly how the Obama privacy bill of rights will apply for Internet businesses.
The NTIA has said it will work with Internet companies, privacy and consumer advocacy groups, state attorneys general, law enforcement agencies and academicians to jointly develop the codes of conduct.
Organizations and individuals in recent weeks have submitted comments to the NTIA on how the rules should be developed and what the government should address.
The main focus of comments by organizations such as the Digital Advertising Alliance (DAA), the Interactive Advertising Bureau (IAB), and the Direct Marketers Association (DMA) appeared to be on maintaining current privacy rules whenever possible.
Each of those organizations, which between them represent thousands of online entities, agreed to cooperate with the NTIA in developing the codes of conduct. Each also expressed concern that the process would lead to rules that would duplicate industry efforts at self-regulation over the past few years.
The DAA noted that the Self-Regulatory Principles for Multi-Site Data was developed by leading trade associations in the advertising and marketing industries and has worked effectively over the past year. More than 90 percent of online behavioral advertising firms agreed to abide by the industry-created principles.
"Duplication of existing efforts would create confusion for companies and consumers, and would undermine the business community's incentives to participate in self-regulation," the DAA said in its comments to the NTIA.
The IAB urged the NTIA to survey "existing and emerging self-regulatory codes of conduct" before embarking on a mission to develop new ones.
"The business community has invested significant resources to develop effective codes of conduct and accountability mechanisms to address specific privacy concerns," the IAB said, adding that the industry codes were developed without government input or funding.
"It is important that NTIA avoid disrupting existing industry codes or create duplicative or conflicting obligations on businesses in any process that is convened," it added.
Meanwhile. privacy and consumer rights organizations, which have long complained that self-regulatory approaches don't adequately protect consumer privacy, offered different advice to the NTIA.
"The reliance on multi-stakeholder negotiations to effectively protect consumer welfare, including privacy, is a flawed approach," the Center for Digital Democracy (CDD) noted in its comments. The non-profit suggested that legislation is needed to strengthen online privacy.
The CDD urged that the NTIA reject suggestions to maintain the self-regulatory programs.
"The administration should reject such a self-serving suggestion, which would deprive U.S. consumers of having fairly negotiated codes of conduct," the CDD said.
In a joint statement, the Consumers Union, Consumer Federation of America, Privacy Times and The Benton Foundation stressed the importance of having an open and transparent process for developing the codes of conduct.
The group said that robust consumer participation is vital to the process.
It added that the topics the NTIA should consider include privacy codes for mobile applications, facial recognition and facial detection software and the collection and use of data about children and teens.
The World Privacy Forum raised doubts about the wisdom of leaving enforcement solely in the hands of the FTC.
"Tying the MultiStakeholder Process solely to FTC enforcement is theoretically possible, but we see that the role of the FTC would need to be enhanced through legislation," it said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.