The Department of Commerce has just issued its much-anticipated “green paper” on online privacy. The paper, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework” [PDF], reflects Commerce’s stepped-up focus on privacy issues coming out the formation of its Internet Policy Task Force this past April.
In its report, Commerce asks for feedback from industry on a range of questions regarding its approach. A full list of questions, and Covington’s detailed analysis of the report, is included in our just-released e-alert.
Like the FTC privacy report from earlier this month, the Commerce paper reflects a general belief that the federal government should take on a greater role in the area of privacy. In a slight shift from the FTC’s approach, however, Commerce takes a broad view of privacy, arguing that consumer trust is important to the economic vitality of the Internet. While neither the FTC nor Commerce specifically advocates for mandatory regulation — instead seeking comment on the best ways to implement their principles — Commerce’s report has a greater emphasis on voluntary industry self-regulation. That approach — which reflects a shift from the rumor that the Commerce report would endorse baseline privacy legislation — is consistent with the view that regulations that are too burdensome could stifle, rather than promote, economic growth.
In its report, Commerce recommends adoption of a comprehensive national framework for commercial data privacy that would be built around a set of Fair Information Practice Principles (FIPPs), which the report refers to as “a privacy bill of rights.” The report also calls for the development of voluntary industry privacy codes, the creation of a Privacy Policy Office within Commerce and consideration of data breach legislation and reform of the Electronic Communications Privacy Act.
Notably, while the approach proposed in the FTC report earlier this month emphasizes “privacy by design” and a “do-not-track” mechanism in connection with online behavioral advertising, the Commerce report does not recommend architectural changes, instead urging companies to improve disclosures and abide by self-created limitations on data collection and use.
The deadline for comments has not yet been established, but we expect that it will be in mid-February, shortly after the FTC comment deadline.
UPDATE: The Department of Commerce has now announced that comments will be due by January 28, 2011.