HomestoryConsumer Privacy Bill of Rights › White House Proposes Consumer Privacy Bill of Rights

News Story

White House Proposes Consumer Privacy Bill of Rights

THE WALL STREET JOURNAL - DIGITS BLOG
http://blogs.wsj.com/digits/2015/02/27/white-house-proposes-consumer-privacy-bill-of-rights/

The Obama administration released a draft of new data privacy legislation on Friday, renewing a debate over how to regulate companies that collect consumer data from sensors, apps and web clicks.

The draft of a so-called Consumer Privacy Bill of Rights called on companies to explain their privacy and security practices in “concise and easily understandable language;” let consumers see, correct, and delete information that companies hold about them; and not resell or reuse data in ways that would cause consumers fear or surprise.

The bill would require industries to establish codes of conduct around data and would call on companies to create privacy review boards overseen by the Federal Trade Commission. It would require companies to consider the so-called “disparate impact” of big data algorithms – whether data mining, particularly from new online data sources, could result in discrimination against certain groups of people. For example, an algorithm which screened for certain criteria could end up denying loans to people with disabilities, even if the software developers who created it didn’t intend to discriminate.

In recent years, consumers have voiced concerns about privacy. Many people believe that technology companies have too much access to intimate details of people’s lives and that data collection is rampant, said Ryan Calo, an Assistant Professor at the University of Washington School of Law. Over 90% of consumer believe they have lost control over how information about them is collected or shared by tech companies and the government, according to a 2014 Pew Research Center survey.

The draft bill attempted to address such concerns. But a fellow Democrat said it gave too much power to technology companies. “Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally-enforceable rules that companies must abide by and consumers can rely upon,” Senator Ed Markey (D-Mass.) said in an email.

Consumer advocacy groups also complained that the draft legislation gave the data collectors too much power. John M. Simpson, Consumer Watchdog’s director of the privacy project said the codes of conduct required by the draft legislation were tantamount to allowing the industry to police itself. “The bill is full of loopholes and gives consumers no meaningful control of their data,” he said.

Consumer advocates also said the administration did not seek to limit the types of data companies collected, only what they could do after the fact.

In some ways, the draft bill would afford consumers more privacy rights than they currently have, Calo said. Consumers are allowed to see information about them held by credit reporting agencies, but do not have the right to see, correct, or delete data that is collected about them for other purposes. The draft legislation would extend credit-reporting protections to more categories of consumer data, such as that held by advertisers or makers of wearable devices. The Federal Trade Commission can prosecute a company for “unfair or deceptive trade practices” but does not require the companies share data with consumers or submit to government audits of their software.

Calo said that, in creating a federal standard for data collection, the bill could take disempower individual states, particularly California, which has been at the forefront of digital privacy legislation.

The Information Technology Industry Council, a group supported by Microsoft , Oracle , Facebook , Google and other technology companies, struck a cautionary note. “The U.S. has a robust legal framework of privacy protections that protect consumers’ information while enabling industry to continue to innovate and offer the services that consumers rely on and expect,” the group said in a statement. “Any efforts to modify this framework must be carefully considered with a meaningful opportunity for all relevant stakeholders to participate in the process.”

Currently, industry practices tend to run counter to the goals of the legislation. By and large, companies offer densely-worded privacy policies that reserve rights to collect users’ data in perpetuity and explain very little about how data may be used.

A recent study by the Privacy Rights Clearinghouse, an advocacy group, found that fewer than half of mobile apps that collected health and fitness information provided a privacy policy, and 43% of free apps tested by the group shared personal information with advertisers. When privacy regulators from over a dozen countries tested 1,211 popular  mobile apps last year, they found that over 60% of the apps forced users to make agreements prior to downloading that raised privacy concerns.