Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy

8/3/2019 Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the

1/62

2011 U.S. INTELLECTUAL PROPERTY

ENFORCEMENT COORDINATOR

ANNUAL REPORT ON

INTELLECTUAL PROPERTY

ENFORCEMENT

COVER TITLE HERE

F E B R U A R Y 2 0 1 2

2011 U.S. INTELLECTUAL PROPERTY

ENFORCEMENT COORDINATOR

ANNUAL REPORT ON

INTELLECTUAL PROPERTY

ENFORCEMENT

CONSUMER DATA PRIVACY

IN A NETWORKED WORLD:

A FRAMEWORK FOR PROTECTING

PRIVACY AND PROMOTING INNOVATION

IN THE GLOBAL DIGITAL ECONOMY


2/62


3/62

February ,

Americans have always cherished our privacy. From the birth o our republic, we assured ourselves protection against

unlawul intrusion into our homes and our personal papers. At the same time, we set up a postal system to enable

citizens all over the new nation to engage in commerce and political discourse. Soon ater, Congress made it a crime

to invade the privacy o the mails. And later we extended privacy protections to new modes o communications

such as the telephone, the computer, and eventually email.

Justice Brandeis taught us that privacy is the right to be let alone, but we also know that privacy is about much

more than just solitude or secrecy. Citizens who eel protected rom misuse o their personal inormation eel reeto engage in commerce, to participate in the political process, or to seek needed health care. This is why we have

laws that protect nancial privacy and health privacy, and that protect consumers against unair and deceptive

uses o their inormation. This is why the Supreme Court has protected anonymous political speech, the same right

exercised by the pamphleteers o the early Republic and todays bloggers.

Never has privacy been more important than today, in the age o the Internet, the World Wide Web and smart phones.

In just the last decade, the Internet has enabled a renewal o direct political engagement by citizens around the

globe and an explosion o commerce and innovation creating jobs o the uture. Much o this innovation is enabled

by novel uses o personal inormation. So, it is incumbent on us to do what we have done throughout history: apply

our timeless privacy values to the new technologies and circumstances o our times.

I am pleased to present this new Consumer Privacy Bill o Rights as a blueprint or privacy in the inormation age.These rights give consumers clear guidance on what they should expect rom those who handle their personal

inormation, and set expectations or companies that use personal data. I call on these companies to begin immedi-

ately working with privacy advocates, consumer protection enorcement agencies, and others to implement these

principles in enorceable codes o conduct. My Administration will work to advance these principles and work with

Congress to put them into law. With this Consumer Privacy Bill o Rights, we oer to the world a dynamic model o

how to oer strong privacy protection and enable ongoing innovation in new inormation technologies.

One thing should be clear, even though we live in a world in which we share personal inormation more reely than in

the past, we must reject the conclusion that privacy is an outmoded value. It has been at the heart o our democracy

rom its inception, and we need it now more than ever.

THE WHITE HOUSE

WASHINGTON


4/62


5/62

i

Foreword

Trust is essential to maintaining the social and economic benets that networked technologies bring tothe United States and the rest o the world. With the condence that companies will handle inormation

about them airly and responsibly, consumers have turned to the Internet to express their creativity,

join political movements, orm and maintain riendships, and engage in commerce. The Internets

global connectivity means that a single innovators idea can grow rapidly into a product or service that

becomes a daily necessity or hundreds o millions o consumers. American companies lead the way in

providing these technologies, and the United States benets through job creation and economic growth

as a result. Our continuing leadership in this area depends on American companies ability to earn and

maintain the trust o consumers in a global marketplace.

Privacy protections are critical to maintaining consumer trust in networked technologies. When con-

sumers provide inormation about themselveswhether it is in the context o an online social networkthat is open to public view or a transaction involving sensitive personal datathey reasonably expect

companies to use this inormation in ways that are consistent with the surrounding context. Many

companies live up to these expectations, but some do not. Neither consumers nor companies have a

clear set o ground rules to apply in the commercial arena. As a result, it is dicult today or consumers

to assess whether a companys privacy practices warrant their trust.

The consumer data privacy ramework in the United States is, in act, strong. This ramework rests on

undamental privacy values, exible and adaptable common law protections and consumer protection

statutes, Federal Trade Commission (FTC) enorcement, and policy development that involves a broad

array o stakeholders. This ramework has encouraged not only social and economic innovations based

on the Internet but also vibrant discussions o how to protect privacy in a networked society involvingcivil society, industry, academia, and the government. The current ramework, however, lacks two ele-

ments: a clear statement o basic privacy principles that apply to the commercial world, and a sustained

commitment o all stakeholders to address consumer data privacy issues as they arise rom advances

in technologies and business models.

To address these issues, the Administration oers Consumer Data Privacy in a Networked World. At the

center o this ramework is a Consumer Privacy Bill o Rights, which embraces privacy principles recog-

nized throughout the world and adapts them to the dynamic environment o the commercial Internet.

The Administration has called or Congress to pass legislation that applies the Consumer Privacy Bill

o Rights to commercial sectors that are not subject to existing Federal data privacy laws. The Federal

Government will play a role in convening discussions among stakeholderscompanies, privacy and

consumer advocates, international partners, State Attorneys General, Federal criminal and civil law

enorcement representatives, and academicswho will then develop codes o conduct that imple-

ment the Consumer Privacy Bill o Rights. Such practices, when publicly and armatively adopted by

companies subject to Federal Trade Commission jurisdiction, will be legally enorceable by the FTC. The

United States will engage with our international partners to create greater interoperability among our


6/62

CO NSU MER DAA P R IVACY IN A NEWO R KED WO R LD: A FR AMEWO R K FO R P R O ECING

P R IVACY AND P R O MO ING INNO VAIO N IN HE GLO BAL DIGIAL ECO NO MY

ii

respective privacy rameworks. This will provide more consistent protections or consumers and lower

compliance burdens or companies.

O course, this ramework is just a beginning. Starting now, the Administration will work with and

encourage stakeholders, including the private sector, to implement the Consumer Privacy Bill o Rights.

The Administration will also work with Congress to write these exible, general principles into law.The Administration is ready to do its part as a convener to achieve privacy protections that preserve

consumer trust and promote innovation.


7/62

iii

able o Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

I. Introduction: Building on the Strength o the U.S. Consumer Data Privacy Framework . . . . 5

II. Dening a Consumer Privacy Bill o Rights . . . . . . . . . . . . . . . . . . . . . 9

III. Implementing the Consumer Privacy Bill o Rights: Multistakeholder Processes to

Develop Enorceable Codes o Conduct . . . . . . . . . . . . . . . . . . . . . 23

A. Building on the Successes o Internet Policymaking . . . . . . . . . . . . . . . 25

B. Dening the Multistakeholder Process or Consumer Data Privacy . . . . . . . . . 26

III. Building on the FTCs Enorcement Expertise. . . . . . . . . . . . . . . . . . . . 29

A. Protecting Consumers Through Strong Enorcement . . . . . . . . . . . . . . . 29

B. Providing Incentives to Develop Enorceable Codes o Conduct . . . . . . . . . . 29

III. Promoting International Interoperability . . . . . . . . . . . . . . . . . . . . . 31

A. Mutual Recognition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

B. An International Role or Multistakeholder Processes and Codes o Conduct . . . . . 33

C. Enorcement Cooperation . . . . . . . . . . . . . . . . . . . . . . . . . 33

IV. Enacting Consumer Data Privacy Legislation. . . . . . . . . . . . . . . . . . . . 35

A. Codiy the Consumer Privacy Bill o Rights . . . . . . . . . . . . . . . . . . . 35

B. Grant the FTC Direct Enorcement Authority . . . . . . . . . . . . . . . . . . 36

C. Provide Legal Certainty Through an Enorcement Sae Harbor . . . . . . . . . . . 37

D. Balance Federal and State Roles in Consumer Data Privacy Protection . . . . . . . . 37

E. Preserve Eective Protections in Existing Federal Data Privacy Laws . . . . . . . . . 38

F. Set a National Standard or Security Breach Notication . . . . . . . . . . . . . 39

VII. Federal Government Leadership in Improving Individual Privacy Protections . . . . . . . 41

A. Enabling New Services . . . . . . . . . . . . . . . . . . . . . . . . . . 41

B. Protecting Privacy Through Eective Enorcement. . . . . . . . . . . . . . . . 42

C. Guidance or Protecting Privacy . . . . . . . . . . . . . . . . . . . . . . . 43

D. Integrating Privacy Into the Structure o Federal Agencies . . . . . . . . . . . . . 44


8/62



iv

VIII. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

IX. Appendix A: The Consumer Privacy Bill o Rights . . . . . . . . . . . . . . . . . . 47

X. Appendix B: Comparison o the Consumer Privacy Bill o Rights to Other Statements o the

Fair Inormation Practice Principles (FIPPs). . . . . . . . . . . . . . . . . . . . . 49


9/62

Eecutive Summary

Strong consumer data privacy protections are essential to maintaining consumers trust in the tech-nologies and companies that drive the digital economy. The existing ramework in the United States

eectively addresses some privacy issues in our increasingly networked society, but additional protec-

tions are necessary to preserve consumer trust. The ramework set orth in this document will provide

these protections while promoting innovation.

The Administrations ramework consists o our key elements: A Consumer Privacy Bill o Rights, a

multistakeholder process to speciy how the principles in the Consumer Privacy Bill o Rights apply in

particular business contexts, eective enorcement, and a commitment to increase interoperability with

the privacy rameworks o our international partners.

A Consumer Privacy Bill o Rights

This document sets orth a Consumer Privacy Bill o Rights that, in the Administrations view,

provides a baseline o clear protections or consumers and greater certainty or companies. The

Administration will encourage stakeholders to implement the Consumer Privacy Bill o Rights

through codes o conduct and will work with Congress to enact these rights through legislation.

The Consumer Privacy Bill o Rights applies comprehensive, globally recognized Fair Inormation

Practice Principles (FIPPs) to the interactive and highly interconnected environment in which

we live and work today. Specically, it provides or:

Individual Control: Consumers have a right to exercise control over what personal data

companies collect rom them and how they use it.

Transparency: Consumers have a right to easily understandable and accessible inormation

about privacy and security practices.

Respect or Context: Consumers have a right to expect that companies will collect, use, and

disclose personal data in ways that are consistent with the context in which consumers

provide the data.

Security: Consumers have a right to secure and responsible handling o personal data.

Access and Accuracy: Consumers have a right to access and correct personal data in usable

ormats, in a manner that is appropriate to the sensitivity o the data and the risk o adverse

consequences to consumers i the data is inaccurate.

Focused Collection: Consumers have a right to reasonable limits on the personal data that

companies collect and retain.

Accountability: Consumers have a right to have personal data handled by companies with

appropriate measures in place to assure they adhere to the Consumer Privacy Bill o Rights.


10/62



The Consumer Privacy Bill o Rights provides general principles that aord companies discre-

tion in how they implement them. This exibility will help promote innovation. Flexibility will

also encourage eective privacy protections by allowing companies, inormed by input rom

consumers and other stakeholders, to address the privacy issues that are likely to be most

important to their customers and users, rather than requiring companies to adhere to a single,

rigid set o requirements.

Enacting the Consumer Privacy Bill o Rights through Federal legislation would increase legal

certainty or companies, strengthen consumer trust, and bolster the United States ability to

lead consumer data privacy engagements with our international partners. Even i Congress

does not pass legislation, the Consumer Privacy Bill o Rights will serve as a template or privacy

protections that increase consumer trust on the Internet and promote innovation.

Fostering Multistakeholder Processes to Develop Enorceable Codes o Conduct

The Administrations ramework outlines a multistakeholder process to produce enorceable

codes o conduct that implement the Consumer Privacy Bill o Rights. The Administration will

convene open, transparent orums in which stakeholders who share an interest in specic

markets or business contexts will work toward consensus on appropriate, legally enorceable

codes o conduct. Private sector participation will be voluntary and companies ultimately will

choose whether to adopt a given code o conduct. The participation o a broad group o stake-

holders, including consumer groups and privacy advocates, will help to ensure that codes o

conduct lead to privacy solutions that consumers can easily use and understand. A single code

o conduct or a given market or business context will provide consumers with more consistent

privacy protections than is common today, when privacy practices and the inormation that

consumers receive about them varies signicantly rom company to company.

Strengthening FTC EnorcementFTC enorcement is critical to ensuring that companies are accountable or adhering to their

privacy commitments. Enorcement is also critical to ensuring that responsible companies are

not disadvantaged by competitors who would play by dierent rules. As part o consumer

data privacy legislation, the Administration encourages Congress to provide the FTC (and State

Attorneys General) with specic authority to enorce the Consumer Privacy Bill o Rights.

Improving Global Interoperability

The Administrations ramework embraces the goal o increased international interoperability

as a means to provide consistent, low-barrier rules or personal data in the user-driven and

decentralized Internet environment. The two principles that underlie our approach to interoper-ability are mutual recognition and enorcement cooperation. Mutual recognition depends on

eective enorcement and well-dened accountability mechanisms. Multistakeholder processes

can provide scalable, exible means o developing codes o conduct that simpliy companies

compliance obligations. Enorcement cooperation helps to ensure that countries are able to

protect their citizens rights when personal data crosses national boundaries. These approaches


11/62

E x E C U I V E S U M M A R Y

will guide United States eorts to clariy data protections globally while ensuring the exibility

that is critical to innovation in the commercial world.

The Administration will implement this ramework without delay. In the coming months, the Department

o Commerce will work with other Federal agencies to convene stakeholders, including our international

partners, to develop enorceable codes o conduct that build on the Consumer Privacy Bill o Rights.


12/62


13/62

I. Introduction: Building on the Strength othe U.S. Consumer Data Privacy Framework

The Internet is integral to economic and social lie in the United States and throughout the world.Networked technologies oer individuals nearly limitless ways to express themselves, orm social

connections, transact business, and organize politically. Networked technologies also spur innovation,

enable new business models, and acilitate consumers and companies access to inormation, products,

and services markets across the world.

An abundance o data, inexpensive processing power, and increasingly sophisticated analytical tech-

niques drive innovation in our increasingly networked society. Political organizations and candidates

or public oce build powerul campaigns on data that individuals share about themselves and their

political preerences. Data rom social networks allows journalists and individuals to report and ollow

newsworthy events around the world as they unold. Data plays a key role in the ability o government

to stop identity thieves and protect public saety. Researchers use sets o medical data to identiy public

health issues and probe the causes o human diseases. Network operators use data rom communica-

tions networks to identiy events ranging rom a severed ber optic cable to power outages and the

acts o malicious intruders. In addition, personal data uels an advertising marketplace that brings many

online services and sources o content to consumers or ree.

Strengthening consumer data privacy protections in the United States is an important Administration

priority.1 Americans value privacy and expect protection rom intrusions by both private and govern-

mental actors. Strong privacy protections also are critical to sustaining the trust that nurtures Internet

commerce and uels innovation. Trust means the companies and technical systems on which we depend

meet our expectations or privacy, security, and reliability.2 In addition, United States leadership inconsumer data privacy can help establish more exible, innovation-enhancing privacy models among

our international partners.3

. This ramework is concerned solely with how private-sector entities handle personal data in commercialsettings. A separate set o constitutional and statutory protections apply to the governments access to data that is in thepossession o private parties. In addition, the Privacy Act o , Pub. L. No. - ( U.S.C. a), and implementingguidance rom the Oce o Management and Budget, available athttp://www.whitehouse.gov/omb/privacy_general,govern the Federal governments handling o personally identiable inormation. Both o these areas are beyond thescope o this document.

. Throughout this document, company means any organization, corporation, trust, partnership, soleproprietorship, unincorporated association, or venture established to make a prot, or nonprot entity, that collects,uses, discloses, stores, or transers personal data in interstate commerce, to the extent such organizations are not subjectto existing Federal data privacy laws.

. See, e.g., Remarks o Secretary o State Hillary Rodham Clinton, Release o Administrations International Strategyor Cyberspace (May ) (Many o you representing the governments o other countries, as well as the private sectoror oundations or civil society groups, share our commitment to ensuring that the Internet remains open, secure, ree,not only or the billion people who are now ofine, but or the billions more who will be online in the years ahead.).


14/62



Preserving trust in the Internet economy protects and enhances substantial economic activity.4 Online

retail sales in the United States total $ billion annually.5 New uses o personal data in location

services, protected by appropriate privacy and security saeguards, could create important business

opportunities.6 Moreover, the United States is a world leader in exporting cloud computing, location-

based services, and other innovative services. To preserve these economic benets, consumers must

continue to trust networked technologies. Strengthening consumer data privacy protections will help

to achieve this goal.

Preserving trust also is necessary to realize the ull social and cultural benets o networked technolo-

gies. When companies use personal data in ways that are inconsistent with the circumstances under

which consumers disclosed the data, however, they may undermine trust. For example, individuals who

actively share inormation with their riends, amily, colleagues, and the general public through websites

and online social networking sites may not be aware o the ways those services, third parties, and their

own associates may use inormation about them. Unauthorized disclosure o sensitive inormation can

violate individual rights, cause injury or discrimination based on sensitive personal attributes, lead to

actions and decisions taken in response to misleading or inaccurate inormation, and contribute to costlyand potentially lie-disrupting identity thet.7 Protecting Americans privacy by preventing identity thet

and prosecuting identity thieves is an important ocus or the Administration.

The existing consumer data privacy ramework in the United States is exible and eectively addresses

some consumer data privacy challenges in the digital age. This ramework consists o industry best

practices, FTC enorcement, and a network o chie privacy ocers and other privacy proessionals

who develop privacy practices that adapt to changes in technology and business models and create

a growing culture o privacy awareness within companies. Much o the personal data used on the

Internet, however, is not subject to comprehensive Federal statutory protection, because most Federal

data privacy statutes apply only to specic sectors, such as healthcare, education, communications,

and nancial services or, in the case o online data collection, to children. The Administration believesthat lling gaps in the existing ramework will promote more consistent responses to privacy concerns

across the wide range o environments in which individuals have access to networked technologies and

in which a broad array o companies collect and use personal data. The Administration, however, does

not recommend modiying the existing Federal statutes that apply to specic sectors unless they set

inconsistent standards or related technologies. Instead, the Administration supports legislation that

would supplement the existing ramework and extend baseline protections to the sectors that existing

Federal statutes do not cover.

. President Barack Obama, International Strategy for Cyberspace, at , May ,http://www.whitehouse.gov/sites/deault/les/rss_viewer/international_strategy_or_cyberspace.pd.

. U.S. Census Bureau, E-Stats, May , , http://www.census.gov/econ/estats//reportnal.pd, at .

. McKinsey Global Institute, Big Data: The Next Frontier for Innovation, Competition, and Productivity, at -, May, http://www.mckinsey.com/mgi/publications/big_data/pds/MGI_big_data_ull_report.pd. The National Instituteo Standards and Technology (NIST) has identied ve essential characteristics o cloud computing: on-demand sel-service, broad network access, resource pooling, rapid elasticity, and measured service. Peter Mell and Tim Gance, TheNIST Denition o Cloud Computing, version , Oct. , ,http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-de-v.doc.

. Recently, identity thet alone was estimated to cause economic losses o more than $ billion in a single year.Fed. Trade Commn, Identity Thet Survey Report (), available athttp://www.tc.gov/os///SynovateFinalReportIDThet.pd.


15/62

I. INRODUCION: BUILDING ON HE SRENGH OF HE U.S. CONSUMER DAA PRIVACY FRAMEWORK

The comprehensive consumer data privacy ramework set orth here will provide clearer protections

or consumers. It will also provide greater certainty or companies while promoting innovation and

minimizing compliance costs (consistent with the goals o Executive Order , Improving Regulation

and Regulatory Review). The ramework provides consumers who want to understand and control

how personal data ows in the digital economy with better tools to do so. The proposal ensures that

companies striving to meet consumers expectations have more eective ways o engaging consumers

and policymakers. This will help companies to determine which personal data practices consumers nd

unobjectionable and which ones they nd invasive. Finally, the Administrations consumer data privacy

ramework improves our global competitiveness by promoting international policy rameworks that

reect how consumers and companies actually use networked technologies.

As a world leader in Internet innovation, the United States has both the responsibility and incentive to

help establish orward-looking privacy policy models that oster innovation and preserve basic privacy

rights. The Administrations ramework or consumer data privacy oers a path toward achieving these

goals. It is based on the ollowing key elements:

A Consumer Privacy Bill o Rights, setting orth individual rights and corresponding obliga-tions o companies in connection with personal data. These consumer rights are based on

U.S.-developed and globally recognized Fair Inormation Practice Principles (FIPPs), articulated

in terms that apply to the dynamic environment o the Internet age;

Enorceable codes o conduct, developed through multistakeholder processes, to orm

the basis or speciying what the Consumer Privacy Bill o Rights requires in particular business

contexts;

Federal Trade Commission (FTC) enorcement o consumers data privacy rights through its

authority to prohibit unair or deceptive acts or practices; and

Increasing global interoperability between the U.S. consumer data privacy ramework and

other countries rameworks, through mutual recognition, the development o codes o conductthrough multistakeholder processes, and enorcement cooperation can reduce barriers to the

ow o inormation.

Consumer Data Privacy in a Networked Worldbuilds on the recommendations o the Department o

Commerce Internet Policy Task Forces December report, Commercial Data Privacy and Innovation

in the Internet Economy: A Dynamic Policy Framework(Privacy and Innovation Green Paper).8 The

Internet Policy Task Force developed the recommendations in the Privacy and Innovation Green Paper by

engaging with stakeholderscompanies, trade groups, privacy advocates, academics, State Attorneys

General, Federal civil and criminal law enorcement representatives, and international partnersthrough

a public symposium, written comments, public speeches and presentations, and inormal meetings.

More than stakeholders subsequently submitted written comments on the Privacy and Innovation

Green Paper. These comments provided the Administration with invaluable eedback during the devel-

opment oConsumer Data Privacy in a Networked World. The Administration grateully acknowledges

the time and resources stakeholders devoted to this issue. Their ongoing engagement will be critical

to implementing the ramework successully.

. Department o Commerce, Commercial Data Privacy and Innovation in the Internet Economy: Dynamic PolicyFramework, Dec. , available at http://www.ntia.doc.gov/report//commercial-data-privacy-and-innovation-internet-economy-dynamic-policy-ramework.


16/62


17/62

II. Defning a ConsumerPrivacy Bill o Rights

Strengthening consumer data privacy protections and promoting innovation require privacy protec-tions that are comprehensive, actionable, and exible. The United States pioneered the FIPPs in the

s, and they have become the globally recognized oundations or privacy protection. The United

States has embraced FIPPs by incorporating them into sector-specic privacy laws and applying them to

personal data that Federal agencies collect. FIPPs also are a oundation or numerous international data

privacy rameworks.9 These principles continue to provide a solid oundation or consumer data privacy

protection, despite ar-reaching changes in companies ability to collect, store, and analyze personal data.

The Consumer Privacy Bill o Rights applies FIPPs to an environment in which processing o data about

individuals is ar more decentralized and pervasive than it was when FIPPs were initially developed.

Large corporations and government agencies collecting inormation or relatively static databases are

no longer typical o personal data collectors and processors. The world is ar more varied and dynamic.

Companies process increasing quantities o personal data or a widening array o purposes. Consumers

increasingly exchange personal data in active ways through channels such as online social networks and

personal blogs. The reuse o personal data can be an important source o innovation that brings benets

to consumers but also raises dicult questions about privacy. The central challenge in this environment

is to protect consumers privacy expectations while providing companies with the certainty they need

to continue to innovate.10

To meet this challenge, the Consumer Privacy Bill o Rights carries FIPPs orward in two ways. First, it

arms a set o consumer rights that inorm consumers o what they should expect o companies that

handle personal data. The Consumer Privacy Bill o Rights also recognizes that consumers have certainresponsibilities to protect their privacy as they engage in an increasingly networked society. Second, the

Consumer Privacy Bill o Rights reects the FIPPs in a way that emphasizes the importance o context in

their application.11 Key elements o context include the goals or purposes that consumers can expect

. As noted in the Privacy and Innovation Green Paper (p. ):

In , the Department o Health, Education, and Welare (HEW) released its report, Records,Computers, and the Rights of Citizens, which outlined a Code o Fair Inormation Practicesthat would create saeguard requirements or certain automated personal data systemsmaintained by the Federal Government. This Code o Fair Inormation Practices, nowcommonly reerred to as air inormation practice principles (FIPPs), established the rameworkon which much privacy policy would be built.

Examples o FIPPs-based international rameworks include the Organisation or Economic Co-operation andDevelopment Guidelines on the Protection of Privacy and Transborder Flows of Personal Data and the Asia-Pacic EconomicCooperation Privacy Framework. The Privacy and Innovation Green Paper proposed or consideration the ollowing set oFIPPs: transparency, individual participation, purpose specication, data minimization, use limitation, data quality andintegrity, security, and accountability and auditing.

. As the Privacy and Innovation Green Paper noted, New devices and applications allow the collection and useo personal inormation in ways that, at times, can be contrary to many consumers privacy expectations. Department oCommerce, Privacy and Innovation Green Paper, at i (statement o Commerce Secretary Gary Locke).

. For a comparison o the Consumer Privacy Bill o Rights to other statements o the FIPPs, see Appendix B.


18/62



to achieve by using a companys products or services, the services that the companies actually provide,

the personal data exchanges that are necessary to provide these services, and whether a companys

customers include children and adolescents. Context should shape the balance and relative emphasis

o particular principles in the Consumer Privacy Bill o Rights.

The Consumer Privacy Bill o Rights advances these objectives by holding that consumers have a right to: Individual Control

Transparency

Respect or Context

Security

Access and Accuracy

Focused Collection

Accountability

The Consumer Privacy Bill o Rights applies to commercial uses o personal data. This term reers to any

data, including aggregations o data, which is linkable to a specic individual.12 Personal data may include

data that is linked to a specic computer or other device. For example, an identier on a smartphone

or amily computer that is used to build a usage prole is personal data. This denition provides the

exibility that is necessary to capture the many kinds o data about consumers that commercial entities

collect, use, and disclose.

The remainder o this section provides the ull statement o the Consumer Privacy Bill o Rights and

explains the rationale or the rights and obligations under each principle.

. This denition is similar to the Federal Governments denition o personally identiable inormation:[I]normation that can be used to distinguish or trace an individuals identity, either alone orwhen combined with other personal or identiying inormation that is linked or linkable to aspecic individual. The denition o PII is not anchored to any single category o inormation ortechnology. Rather, it requires a case-by-case assessment o the specic risk that an individualcan be identied.

Peter R. Orszag, Memorandum or the Heads o Executive Departments and Agencies, Guidance or Agency Use oThird-Party Websites and Applications, at (Appendix), June , ,http://www.whitehouse.gov/sites/deault/les/omb/assets/memoranda_/m-.pd.


19/62

II . DEFINING A CO NSU MER P R IVACY BILL O F R IGHS

1. Individual Control: Consumers have a right to exercise control over what personal

data companies collect rom them and how they use it. Companies should provide

consumers appropriate control over the personal data that consumers share with oth-

ers and over how companies collect, use, or disclose personal data. Companies should

enable these choices by providing consumers with easily used and accessible mechanismsthat reect the scale, scope, and sensitivity o the personal data that they collect, use,

or disclose, as well as the sensitivity o the uses they make o personal data. Companies

should oer consumers clear and simple choices, presented at times and in ways that

enable consumers to make meaningul decisions about personal data collection, use, and

disclosure. Companies should oer consumers means to withdraw or limit consent that

are as accessible and easily used as the methods or granting consent in the rst place.

The Individual Control principle has two dimensions. First, at the time o collection, companies shouldpresent choices about data sharing, collection, use, and disclosure that are appropriate or the scale,

scope, and sensitivity o personal data in question. For example, companies that have access to signi-

cant portions o individuals Internet usage histories, such as search engines, ad networks, and online

social networks, can build detailed proles o individual behavior over time. These proles may be

broad in scope and large in scale, and they may contain sensitive inormation, such as personal health

or nancial data.13 In these cases, choice mechanisms that are simple and prominent and oer ne-

grained control o personal data use and disclosure may be appropriate. By contrast, services that do

not collect inormation that is reasonably linkable to individuals may oer accordingly limited choices.

In any event, a company that deals directly with consumers should give them appropriate choices about

what personal data the company collects, irrespective o whether the company uses the data itsel ordiscloses it to third parties. When consumer-acing companies contract with third parties that gather

personal data directly rom consumers (as is the case with much online advertising), they should be

diligent in inquiring about how those third parties use personal data and whether they provide consum-

ers with appropriate choices about collection, use, and disclosure. The Administration also encourages

consumer-acing companies to act as stewards o personal data that they and their business partners

collect rom consumers. Consumer-acing companies should seek ways to recognize consumer choices

through mechanisms that are simple, persistent, and scalable rom the consumers perspective.

Third parties should also oer choices about personal data collection that are appropriate or the scale,

scope, and sensitivity o data they collect. The ocal point or much o the debate about third-party

personal data collection in recent years is online behavioral advertisingthe practice o collecting

. Scope reers to the range o activities or interests as well as the time period that is reected in a dataset.Scale reers to the number o individuals whose activities are in a dataset.


20/62



inormation about consumers online interests in order to deliver targeted advertising to them.14 This

system o advertising revolves around ad networks that can track individual consumersor at least

their devicesacross dierent websites. When organized according to unique identiers, this data can

provide a potentially wide-ranging view o individual use o the Internet. These individual behavioral

proles allow advertisers to target ads based on inerences about individual interests, as revealed by

Internet use. Targeted ads are generally more valuable and ecient than purely contextual ads and

provide revenue that supports an array o ree online content and services.15 However, many consumers

and privacy advocates nd tracking and the advertising practices that it enables invade their expecta-

tions o privacy.16

The Administration recognizes that the ultimate uses o personal data that third parties, such as ad

networks, collect aect the privacy interests at stake. As a result, these uses o personal data should

help to shape the range o appropriate individual control options. For example, a company that uses

personal data only to calculate statistics about how consumers use its services may not implicate sig-

nicant consumer privacy interests and may not need to provide consumers with ways to prevent data

collection or this purpose. Even i the company collects and stores some personal data or some uses,it may not need to provide consumers with a sophisticated array o choices about collection. In the case

o online advertising, or instance, veriying ad delivery and preventing a consumer rom seeing the

same ad many times over may require some personal data collection. But personal data collected only

or these statistical purposes may not require the assembly o extensive, long-lived individual proles

and may not require extensive options or control.

Innovative technology can help to expand the range o user control. It is increasingly common or

Internet companies that have direct relationships with consumers to oer detailed privacy settings that

allow individuals to exercise greater control over what personal data the companies collect, and when.

In addition, privacy-enhancing technologies such as the Do Not Track mechanism allow consumers

to exercise some control over how third parties use personal data or whether they receive it at all. Forexample, prompted by the FTC,17 members o the online advertising industry developed sel-regulatory

principles based on the FIPPs, a common interace to alert consumers o the presence o third party ads

and to direct them to more inormation about the relevant ad network, and a common mechanism to

. See FTC, Self-Regulatory Principles for Online Behavioral Advertising (sta report), at , Feb. (statingthat online behavioral advertising involves the tracking o consumers online activities in order to deliver tailoredadvertising).

. According to one study, behaviorally targeted ads are worth signicantly more than non-targeted ads. SeeHoward Beales, The Value of Behavioral Targeting, at , Mar. , (nding, based on data provided by ad networks,that behaviorally targeted ad rates in were . times greater than non-targeted ad rates),http://www.networkadvertising.org/pds/Beales_NAI_Study.pd; FTC, Protecting Consumer Privacy in an Era of RapidChange: A Proposed Framework for Businesses and Policymakers (preliminary sta report), at , Dec. (reporting thatFTC privacy roundtable participants discussed that the more inormation that is known about a consumer, the more acompany will pay to deliver a precisely-targeted advertisement to him) (FTC Sta Report).

. See Aleecia M. McDonald and Lorrie Faith Cranor,Americans Attitudes About Internet Behavioral AdvertisingPractices, Proceedings o the th Annual ACM Workshop on Privacy in the Electronic Society (WPES) ().

. See generallyFTC, Self-Regulatory Principles for Online Behavioral Advertising (sta report), Feb. .


21/62


allow consumers to opt out o targeted advertising by individual ad networks.18 A variety o other actors,

including browser vendors, sotware developers, and standards-setting organizations, are developing

Do Not Track mechanisms that allow consumers to exercise some control over whether third parties

receive personal data. All o these mechanisms show promise. However, they require urther develop-

ment to ensure they are easy to use, strike a balance with innovative uses o personal data, take public

saety interests into account, and present consumers with a clear picture o the potential costs and

benets o limiting personal data collection.

As third parties become urther removed rom direct interactions with consumers, it may be more

dicult or them to provide consumers with meaningul control over data collection. Data brokers, or

example, aggregate personal data rom multiple sources, oten without interacting with consumers at

all. Such companies ace a challenge in providing eective mechanisms or individual control because

consumers might not know that these third parties exist. Moreover, some data brokers collect court

records, news reports, property records, and other data that is in the public record. The rights o ree-

dom o speech and reedom o the press involved in the collection and use o these documents must

be balanced with the need or transparency to individuals about how data about them is collected,used, and disseminated and the opportunity or individuals to access and correct data that has been

collected about them.

Still, data brokers and other companies that collect personal data without direct consumer interactions or

a reasonably detectable presence in consumer-acing activities should seek innovative ways to provide

consumers with eective Individual Control. I it is impractical to provide Individual Control, these com-

panies should ensure that they implement other elements o the Consumer Privacy Bill o Rights in ways

that adequately protect consumers privacy. For example, to provide sucient privacy protections, such

companies may need to go to extra lengths to implement other principles such as Transparencyby

providing clear, public explanations o the roles they play in commercial uses o personal dataas well

as providing appropriate use controls once inormation is collected under the Access and Accuracy andAccountability principles to compensate or the lack o a direct consumer relationship.

The second dimension o Individual Control is consumer responsibility. In a growing number o cases,

such as online social networks, the use o personal data begins with individuals decisions to choose

privacy settings and to share personal data with others. In such contexts, consumers should evaluate

their choices and take responsibility or the ones that they make. Control over the initial act o sharing

is critical. Consumers should take responsibility or those decisions, just as companies that participate in

and benet rom this sharing should provide usable tools and clear explanations to enable consumers

to make meaningul choices.

The Individual Control principle also recognizes that consumers privacy interests in personal data persist

throughout their relationships with a company. Accordingly, this principle includes a right to withdraw

consent to use personal data that the company controls. Companies should provide means o with-

. See AboutAds.ino, Self-Regulatory Principles for Online Behavioral Advertising,http://www.aboutads.ino/resource/download/seven-principles---.pd(July ); Interactive Advertising Bureau,Comment on the Privacy and Innovation Green Paper (Attachment B) (explaining online advertisers system or directingusers to ad networks privacy policies and opt-outs).


22/62



drawing consent that are on equal ooting with ways they obtain consent. For example, i consumers

grant consent through a single action on their computers, they should be able to withdraw consent in

a similar ashion.19

There are three practical limits to the right to withdraw consent. First, it presumes that consumers

have an ongoing relationship with a company. This relationship could be minimal, such as a consumerestablishing an account or a single transaction; or it may be as extensive as many nancial transactions

spanning many years. Nonetheless, the company must have a way to eect a withdrawal o consent

to the extent the company has associated and retained data with an individual. Conversely, data that a

company cannot reasonably associate with an individual is not subject to the right to withdraw consent.

Second, the obligation to respect a consumers withdrawal o consent only extends to data that the

company has under its control. Third, the Individual Control principle does not call or companies to

permit withdrawal o consent or personal data that they collected beore implementing the Consumer

Privacy Bill o Rights, unless they made such a commitment at the time o collection.

2. TRANSPARENCY: Consumers have a right to easily understandable and accessible

inormation about privacy and security practices. At times and in places that are most

useul to enabling consumers to gain a meaningul understanding o privacy risks and

the ability to exercise Individual Control, companies should provide clear descriptions o

what personal data they collect, why they need the data, how they will use it, when they

will delete the data or de-identiy it rom consumers, and whether and or what purposes

they may share personal data with third parties.

Plain language statements about personal data collection, use, disclosure, and retention help consumersunderstand the terms surrounding commercial interactions. Companies should make these statements

visible to consumers when they are most relevant to understanding privacy risks and easily accessible

when called or.

Personal data uses that are not consistent with the context o a company-to-consumer transaction or

relationship deserve more prominent disclosure than uses that are integral to or commonly accepted

in that context. Privacy notices that distinguish personal data uses along these lines will better inorm

consumers o personal data uses that they have not anticipated, compared to many current privacy

notices that generally give equal emphasis to all potential personal data uses.20 Such notices will give

privacy-conscious consumers easy access to inormation that is relevant to them. They may also promote

greater consistency in disclosures by companies in a given market and attract the attention o consumerswho ordinarily would ignore privacy notices, potentially making privacy practices a more salient point

o competition among dierent products and services.

. The obligation to provide these choices should be read in conjunction with the Access and Accuracy principlediscussed below.

. See Assistant Secretary or Communications and Inormation Lawrence E. Strickling, Testimony Beore theSenate Committee on Commerce, Science, and Transportation, Mar. , , at -.


23/62


In addition, companies should provide notice in a orm that is easy to read on the devices that consumers

actually use to access their services. In particular, mobile devices have small screens that make reading

ull privacy notices eectively impossible. Companies should thereore strive to present mobile consum-

ers with the most relevant inormation in a manner that takes into account mobile device characteristics,

such as small display sizes and privacy risks that are specic to mobile devices.

Finally, companies that do not interact directly with consumerssuch as the data brokers discussed

aboveneed to make available explicit explanations o how they acquire, use, and disclose personal

data. These companies may need to compensate or the lack o a direct relationship when making

these explanations available, or example by posting them on their websites or other publicly acces-

sible locations. Moreover, companies that have rst-party relationships with consumers should disclose

specically the purpose(s) or which they provide personal data to third parties, help consumers to

understand the nature o those third parties activities, and whether those third parties are bound to

limit their use o the data to achieving those purposes. This gives consumers a more tractable task o

assessing whether to engage with a single entity, rather than trying to understand what personal data

third partiespotentially dozens, or even hundredsreceive and how they use it. Similarly, rst partiescould create greater transparency by disclosing what kinds o personal data they obtain rom third par-

ties, who the third parties are, and how they use this data. This level o transparency may also acilitate

the development within the private sector o innovative privacy-enhancing technologies and guidance

that consumers can use to protect their privacy.

3. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will col-

lect, use, and disclose personal data in ways that are consistent with the context in

which consumers provide the data. Companies should limit their use and disclosure o

personal data to those purposes that are consistent with both the relationship that they

have with consumers and the context in which consumers originally disclosed the data,

unless required by law to do otherwise. I companies will use or disclose personal data or

other purposes, they should provide heightened Transparency and Individual Choice by

disclosing these other purposes in a manner that is prominent and easily actionable by

consumers at the time o data collection. I, subsequent to collection, companies decide

to use or disclose personal data or purposes that are inconsistent with the context in

which the data was disclosed, they must provide heightened measures o Transparency

and Individual Choice. Finally, the age and amiliarity with technology o consumers who

engage with a company are important elements o context. Companies should ulll the

obligations under this principle in ways that are appropriate or the age and sophistication

o consumers. In particular, the principles in the Consumer Privacy Bill o Rights may requiregreater protections or personal data obtained rom children and teenagers than or adults.


24/62



Respect or Context distinguishes personal data uses on the basis o how closely they relate to the

purposes or which consumers use a service or application as well as the business processes necessary

to provide the service or application.21 The Respect or Context principle calls on companies that collect

data to act as stewards o data in ways that respect their consumers. This principle derives rom two

principles commonly ound in statements o the FIPPs. The rst principle, purpose specication, states

that companies should speciy at the time o collection the purposes or which they collect personal

data. Second, the use limitation principle holds that companies should use personal data only to ulll

those specic purposes.

The Respect or Context principle adapts these well-established principles in two ways. First, Respect

or Context provides a substantive standard to guide companies decisions about their basic personal

data practices. Generally speaking, companies should limit personal data uses to ullling purposes

that are consistent with the context in which consumers disclose personal data. Second, while this

principle emphasizes the importance o the relationship between a consumer and a company at the

time consumers disclose data, it also recognizes that this relationship may change over time in ways not

oreseeable at the time o collection. Such adaptive uses o personal data may be the source o innova-tions that benet consumers. However, companies must provide appropriate levels o transparency and

individual choicewhich may be more stringent than was necessary at the time o collectionbeore

reusing personal data.

Applying the Consumer Privacy Bill o Rights in a context-specic manner provides companies exibility

but also requires them to consider careully what consumers are likely to understand about their data

practices based on the products and services they oer, how the companies themselves explain the

roles o personal data in delivering them, research on consumers attitudes and understandings, and

eedback rom consumers. Context should help to determine which personal data uses are likely to raise

the greatest consumer privacy concerns. The company-to-consumer relationship should guide compa-

nies decisions about which uses o personal data they will make most prominent in privacy notices. For

. Several commenters on the Privacy and Innovation Green Paper emphasized the importance o contextin applying FIPPs. See, e.g., AT&T Comment on the Privacy and Innovation Green Paper, at , Jan. , (FIPPs areuseully expressed as generalized policy guides that should shape the multi-stakeholder collaborative processes todevelop exible and contextualized codes o practice or particular industries.); Centre or Inormation Policy LeadershipComment on the Privacy and Innovation Green Paper, at , Jan. , (Principles o air inormation practices shouldbe applied within a contextual ramework, and not in a rigid or xed way.); Google Comment on the Privacy andInnovation Green Paper, at , Jan. , (In particular, FIPPs must be exible enough to take account o the spectrumo identiability, linkability, and sensitivity o various data in various contexts.); Intel Comment on the Privacy andInnovation Green Paper, at ([M]any o the issues present in a privacy regulatory scheme are highly contextual.); IntuitComment on the Privacy and Innovation Green Paper, at (It is the use o the inormation as well as its characteristics

that should inorm our treatment o it. Context is crucial.); Helen Nissenbaum, Kenneth Farrall, and Finn Brunton,Comment on the Privacy and Innovation Green Paper, at - (recommending consideration o context as a source obaseline substantive constraints on data practices ollowing the model o current US sectoral privacy regulation);Online Publishers Association Comment on the Privacy and Innovation Green Paper, at (Online publishers share adirect and trusted relationship with visitors to their sites. In the context o this relationship, OPA members sometimescollect and use inormation to target and deliver the online advertising that subsidizes production o quality digitalcontent.); TRUSTe Comment on the Privacy and Innovation Green Paper, at (We view privacy as inherently contextual;disclosure obligations will dier depending on the context o the interaction.). Current scholarship also emphasizesthe importance o the relationship between context and privacy. See Helen Nissenbaum, Privacy in Context: Technology,Policy, and the Integrity of Social Life ().


25/62


example, online retailers need to disclose consumers names and home addresses to shippers in order to

ulll customers orders. This disclosure is obvious rom the context o the consumer-retailer relationship.

Retailers do not need to provide prominent notice o the practice (though they should disclose it in their

ull privacy notices); companies may iner that consumers have agreed to the disclosure based on the

consumers actions in placing the order and a widespread understanding o the product delivery process.

Several categories o data practices are both common to many contexts and integral to companies

operations. The example above alls into the more general category o product and service ulllment;

companies may iner consent to use and disclose personal data to achieve objectives that consumers

have specically requested, as long as there is a common understanding o the service. Similarly, com-

panies may iner consent to use personal data to conduct marketing in the context o most rst-party

relationships, given the amiliarity o this activity in digital and in-person commerce, the visibility o

this kind o marketing, the presence o an easily identiable party to contact to provide eedback, and

consumers opportunity to end their relationship with a company i they are dissatised with it. In addi-

tion, companies collect and use personal data or purposes that are common, even i they may not be

well known to consumers. For example, analyzing how consumers use a service in order to improve it,preventing raud, complying with law enorcement orders and other legal obligations, and protecting

intellectual property all have been basic elements o doing business and meeting companies legal

obligations.22 Companies should be able to iner consumer consent to collect personal data or these

limited purposes, consistent with the other principles in the Consumer Privacy Bill o Rights.

In other cases, context should guide decisions about which opportunities or consumer control are

reasonable or companies to provide and also meaningul to consumers. Inormation and choices that

are meaningul to consumers in one context may be largely irrelevant in others. For example, consider

a hypothetical game application or a mobile device that allows consumers to save the games state, so

that they can resume playing ater a break. The hypothetical company that provides this game collects

the unique identier o each users mobile device in order to provide this save unction. Collectingthe mobile devices unique identier or this purpose may be consistent with the save unction and

consumers decisions to use it, particularly i the company uses identiers only or this purpose. I the

company provides consumers unique device identiers to third parties or purposes such as online

behavioral advertising, however, the company should notiy consumers and allow them to prevent the

disclosure o personal data.

The sophistication o a companys consumers is also a critical element o context. In particular, the privacy

ramework may require a dierent degree o protection or childrens and teenagers privacy interests

rom the protections aorded to adults due to the unique characteristics o these age groups. Children

may be particularly susceptible to privacy harms. Currently, the Childrens Online Privacy Protection

Act (COPPA) and the FTCs implementing regulations provide strong protections by requiring online

. This list o practices that are common to many contexts is similar to the commonly accepted practices thatFTC sta identied in its report. See FTC Sta Report at -. In the Administrations view, protecting intellectualproperty is so widespread and necessary to many companies that they should be able to iner consent to achieve thisobjective. Several commenters on the Department o Commerces Privacy and Inormation Green Paper encouraged theAdministration to recognize such practices in order to provide certainty or companies and to give greater prominenceto choices that consumers are more likely to nd meaningul.


26/62



services that are directed to children, or that know that they are collecting personal data rom children,

to obtain veriable parental consent beore they collect such data.23 Online services that are directed to

children must meet this same standard. The Administration looks orward to exploring with stakehold-

ers whether more stringent applications o the Consumer Privacy Bill o Rightssuch as an agreement

not to create individual proles about children, even i online services obtain the necessary consent to

collect personal dataare appropriate to protect childrens privacy.

The terms governing a company-to-consumer relationship are another key element o context. In par-

ticular, advertising supports innovative new services and helps to provide consumers with ree access

to a broad array o online services and applications. The Respect or Context principle does not oreclose

any particular ad-based business models. Rather, the Respect or Context principle requires companies

to recognize that dierent business models based on dierent personal data raise dierent privacy

risks. A company should clearly inorm consumers o what they are getting in exchange or the personal

data they provide. The Administration also encourages companies engaged in online advertising to

rerain rom collecting, using, or disclosing personal data that may be used to make decisions regard-

ing employment, credit, and insurance eligibility or similar matters that may have signicant adverseconsequences to consumers. Collecting data or such sensitive uses is at odds with the contextually

well-dened purposes o generating revenue and providing consumers with ads that they are more

likely to nd relevant. Such practices also may be at odds with the norm o responsible data stewardship

that the Respect or Context principle encourages.

Consider, or example, an online social networking service whose users disclose biographical inormation

when creating an account and provide inormation about their social contacts and interests by includ-

ing riends, business associates, and companies in their networks. As consumers use the service, they

may generate large amounts o inormation that is associated with their identity on the online social

network, including written updates, photos, videos, and location inormation. Consumers make arma-

tive choices to share this inormation with members o their online social networks. These disclosuresare all integral to the company providing its social networking service. Furthermore, it is reasonable or

the company to reveal at least some o these details to other members in order to help them orm new

connections.

Whether the online social networking service provider will use this inormation, and or what purposes,

may be less clear rom the context that consumers experience. The personal data that consumers gener-

ate may be valuable or improving the service, selling online advertising, or assembling individual proles

that the company provides to third parties. These uses all along a continuum that starts at the core

context o consumers engaging online with a group o associates. Consumers expect the company to

improve its services. The company does not need to seek armative consent each time it uses existing

data to improve a service, or even creates a new service, provided that these new uses o personal dataare consistent with what users come to expect in a social networking context.

Suppose that the company leases individual prole inormation to third parties, such as inormation

brokers. Respect or Context may not require the company to speciy each use that a recipient might

. See Childrens Online Privacy Protection Act, Pub. L. - (codied at U.S.C. -) andFTC,Childrens Online Protection Rule, C.F.R. Part . COPPA denes child to mean an individual under the age o . U.S.C. ().


27/62


make o this data, but, at a minimum, it may require the company to state prominently and explicitly

that it discloses personal data to third parties who may urther aggregate and use this data or other

purposes. The Respect or Context principle, in combination with other principles in the Consumer

Privacy Bill o Rights, also calls on the company to provide consumers with meaningul opportunities

to prevent these disclosures.

4. SECURITY: Consumers have a right to secure and responsible handling o personal

data. Companies should assess the privacy and security risks associated with their per-

sonal data practices and maintain reasonable saeguards to control risks such as loss;

unauthorized access, use, destruction, or modication; and improper disclosure.

Technologies and procedures that keep personal data secure are essential to protecting consumer

privacy. Security ailures involving personal data, whether resulting rom accidents or deliberate attacks,

can cause harms that range rom embarrassment to nancial loss and physical harm. Companies thatlose control o personal data may suer reputational harm as well as nancial losses i business partners

or consumers end their relationships ater a security breach. These consequences provide companies

with signicant incentives to keep personal data secure. The security precautions that are appropriate

or a given company will depend on its lines o business, the kinds o personal data it collects, the likeli-

hood o harm to consumers, and many other actors.

The Security principle recognizes these needs. It gives companies the discretion to choose technologies

and procedures that best t the scale and scope o the personal data that they maintain, subject to their

obligations under any applicable data security statutes, including their duties to notiy consumers and

law enorcement agencies i the security o data about them is breached, and their commitments toadopt reasonable security practices.

5. ACCESS AND ACCURACY: Consumers have a right to access and correct personal

data in usable ormats, in a manner that is appropriate to the sensitivity o the

data and the risk o adverse consequences to consumers i the data is inaccurate.

Companies should use reasonable measures to ensure they maintain accurate personal

data. Companies also should provide consumers with reasonable access to personal data

that they collect or maintain about them, as well as the appropriate means and oppor-

tunity to correct inaccurate data or request its deletion or use limitation. Companies that

handle personal data should construe this principle in a manner consistent with reedom

o expression and reedom o the press. In determining what measures they may use to

maintain accuracy and to provide access, correction, deletion, or suppression capabilities

to consumers, companies may also consider the scale, scope, and sensitivity o the personal

data that they collect or maintain and the likelihood that its use may expose consumers

to nancial, physical, or other material harm.


28/62



An increasingly diverse array o entities uses personal data to make decisions that aect consumers in

ways ranging rom the ads they see online to their candidacy or employment. Outside o sectors covered

by specic Federal privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA)

and the Fair Credit Reporting Act, consumers do not currently have the right to access and correct this

data. The Administration is committed to publishing data on the Internet in machine-readable ormats

to advance the goals o innovation, transparency, participation, and collaboration. For example, to

promote innovation and eciency in the delivery o electricity, the Administration supports providing

consumers with timely access to energy usage data in standardized, machine-readable ormats over

the Internet.24 Similarly, the expanded use o health IT, including patients access to health data through

electronic health records, is a key element o the Administrations innovation strategy.25 Comprehensive

privacy and security saeguards, tailored or both contexts, are undamental to both strategies.

Providing consumers with access to inormation about them in usable ormats holds similar promise in

the commercial arena. To help consumers make more inormed choices, the Administration encourages

companies to make personal data available in useul ormats to the properly authenticated individuals

over the Internet.26The Access and Accuracy principle recognizes that the use o inaccurate personal data may lead to a

range o harms. The risk o these harms, in addition to the scale, scope, and sensitivity o personal data

that a company retains, help to determine what kinds o access and correction acilities may be reason-

able in a given context. As a result, this principle does not distinguish between companies that are

consumer-acing and those that are not. In all cases, however, the mechanisms that companies use to

provide consumers with access to data about them should not create additional privacy or security risks.

United States Constitutional law has long recognized that privacy interests co-exist alongside unda-

mental First Amendment rights to reedom o speech, reedom o the press, and reedom o association.

Individuals and members o the press exercising their ree speech rights may well speak about other

individuals and include personal inormation in their speech. The Access and Accuracy principle shouldthereore be interpreted with ull respect or First Amendment values, especially or non-commercial

speakers and individuals exercising reedom o the press.

. National Science and Technology Council, A Policy Framework for the 21st Century Grid: Enabling Our SecureEnergy Future, at , , June , available at http://www.whitehouse.gov/sites/deault/les/microsites/ostp/nstc-smart-grid-june.pd.

. See The White House,A Strategy for American Innovation: A Strategy for American Innovation: Securing OurEconomic Growth and Prosperity, Feb. , http://www.whitehouse.gov/innovation/strategy; Department o Health andHuman Services, Final Rule on Electronic Health Record Incentive Program, Fed. Reg. , July , .

. See Memorandum or the Heads o Executive Departments and Agencies, Inorming Consumers ThroughSmart Disclosure, available athttp://www.whitehouse.gov/sites/deault/les/omb/inoreg/or-agencies/inorming-consumers-through-smart-disclosure.pd(To the extent practicable and subject to valid restrictions, agenciesshould publish inormation online in an open ormat that can be retrieved, downloaded, indexed, and searched bycommonly used Web search applications. An open ormat is one that is platorm independent, machine readable,and made available to the public without restriction that would impede the re-use o that inormation.); M--,Memorandum or the Heads o Executive Departments and Agencies, Open Government Directive, available athttp://www.whitehouse.gov/sites/deault/les/omb/assets/memoranda_/m-.pd(Machine readable data are digitalinormation stored in a ormat enabling the inormation to be processed and analyzed by computer. These ormats allowelectronic data to be as usable as possible.).


29/62


6. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal

data that companies collect and retain. Companies should collect only as much per-

sonal data as they need to accomplish purposes specied under the Respect or Context

principle. Companies should securely dispose o or de-identiy personal data once they

no longer need it, unless they are under a legal obligation to do otherwise.

The Focused Collection principle holds that companies should engage in considered decisions about the

kinds o data they need to collect to accomplish specic purposes. For example, the hypothetical game

company reerenced above that collects the unique identier o each users mobile device in order to

provide a save unction should consider whether it must use the mobile device identier or whether

a less broadly linkable identier would work as well. Nevertheless, as discussed under the Respect or

Context principle, companies may nd new uses or personal data ater they collect it, provided they

take appropriate measures o transparency and individual choice. The Focused Collection principle

does not relieve companies o any independent legal obligations, including law enorcement orders,that require them to retain personal data.

Wide-ranging data collection may be essential or some amiliar and socially benecial Internet services

and applications. Search engines are one example. Search engines gather detailed data about the

contents and structure o the World Wide Web. Consumers understand and depend on search engines

to collect this broad range o data and make it available or a wide range o end uses. Search engines

also log search queries to improve their services. Search engines may collect such data, which includes

personal data, in a manner that is consistent with the Focused Collection principle, so long as their

purposes or collecting personal data are clear, and they do not retain personal data beyond the time

they need it to achieve any o these purposes.

7. ACCOUNTABILITY: Consumers have a right to have personal data handled by com-

panies with appropriate measures in place to assure they adhere to the Consumer

Privacy Bill o Rights. Companies should be accountable to enorcement authorities

and consumers or adhering to these principles. Companies also should hold employees

responsible or adhering to these principles. To achieve this end, companies should train

their employees as appropriate to handle personal data consistently with these principles

and regularly evaluate their perormance in this regard. Where appropriate, companies

should conduct ull audits. Companies that disclose personal data to third parties should

at a minimum ensure that the recipients are under enorceable contractual obligations to

adhere to these principles, unless they are required by law to do otherwise.


30/62



Privacy protection depends on companies being accountable to consumers as well as to agencies that

enorce consumer data privacy protections. The Accountability principle, however, goes beyond external

accountability to encompass practices through which companies prevent lapses in their privacy com-

mitments or detect and remedy any lapses that may occur. Companies that can demonstrate that they

live up to their privacy commitments have powerul means o maintaining and strengthening consumer

trust. A companys own evaluation can prove invaluable to this process. The appropriate evaluation

technique, which could be a sel-assessment and need not necessarily be a ull audit, will depend on

the size, complexity, and nature o a companys business, as well as the sensitivity o the data involved.

In recent years, chie privacy ocersexperts who raise awareness o privacy issues in companies that

ace rapid changes in technologies, consumer expectations, and regulationshave emerged as a valu-

able source o guidance and internal evaluation. Chie privacy ocers are likely to provide a continuing

source o guidance within companies throughout the development o products and services.

To be ully eective, however, companies should link evaluations to the enorcement o pre-established

internal expectations; evaluations are not an end in themselves. Auditswhether conducted by the

company or by an independent third partymay be appropriate under some circumstances, but theyare not always necessary to ulll the Accountability principle.

Moreover, accountability must attach to data transerred rom one company to another. From the

perspective o the Consumer Privacy Bill o Rights, the emphasis is not on the disclosures themselves,

but on whether a disclosure leads to a use o personal data that is inconsistent within the context o its

collection or a consumers expressed desire to control the data. Thus, i a company transers personal

data to a third party, it remains accountable and thus should hold the recipient accountablethrough

contracts or other legally enorceable instrumentsor using and disclosing the data in ways that are

consistent with the Consumer Privacy Bill o Rights.


31/62

III. Implementing theConsumer Privacy Bill o Rights:

Multistakeholder Processes to DevelopEnorceable Codes o Conduct

Implementing the general principles in the Consumer Privacy Bill o Rights across the wide range o inno-

vative uses o personal data requires a process to establish more specic practices. The Administration

encourages individual companies, industry groups, privacy advocates, consumer groups, crime victims,

academics, international partners, State Attorneys General, Federal civil and criminal law enorcement

representatives, and other relevant groups to participate in multistakeholder processes to develop codes

o conduct that implement these general principles.

In consumer data privacy, as in other areas aecting Internet policy, the Administration believes that

multistakeholder processes underlie many o the institutions responsible or the Internets success. This

reects the Administrations abiding commitment to preserving the Internet as anopen, decentralized,

user-driven platorm or communication, innovation, and economic growth.27

The Administration supports open, transparent multistakeholder processes because, when appro-

priately structured, they can provide the exibility, speed, and decentralization necessary to address

Internet policy challenges. A process that is open to a broad range o participants and acilitates their

ull participation will allow technical experts, companies, advocates, civil and criminal law enorcement

representatives responsible or enorcing consumer privacy laws, and academics to work together to nd

creative solutions to problems. Flexibility in the deliberative process is critical to allowing stakeholdersto explore the technical and policy dimensionswhich are oten intertwinedo Internet policy issues.

Moreover, the United States will need to conront a broad, complex, and global set o consumer data

privacy issues or decades to come. A process that works eciently and on a global scale is thereore

essential.

Another key advantage o multistakeholder processes is that they can produce solutions in a more timely

ashion than regulatory processes and treaty-based organizations. In the Internet standards world, or

example, working groups requently orm around a specic problem and make signicant progress

toward a solution within months, rather than years. These groups requently unction on the basis o

consensus and are amenable to the participation o individuals and groups with limited resources. These

characteristics lend legitimacy to the groups and their solutions, which in turn can encourage rapid andeective implementation.

. The United States recently joined the other members o the Organisation or Economic Co-operation andDevelopment (OECD) in recognizing the economic and social importance o the Internet. See OECD, Communiqu onPrinciples or Internet Policy-Making, OECD High-Level Meeting on The Internet Economy: Generating Innovation andGrowth, June -, , http://www.ntia.doc.gov/legacy/ntiahome/privwhitepaper.html.


32/62

2011 U .S. INELLECU AL P R O P ER Y ENFO R CEMEN CO O R DINAO R

Finally, multistakeholder processes do not rely on a single, centralized authority to solve problems.

Specic multistakeholder institutions address specic kinds o Internet policy challenges. This kind o

specialization not only speeds up the development o solutions but also helps to avoid the duplication

o stakeholders eorts.

Due in part to its reliance on multistakeholder processes, United States Internet policy has generallyavoided ragmented, prescriptive, and unpredictable rules that rustrate innovation and undermine

consumer

Documents

Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy