On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who ...25 May 2016
US Department of Commerce Releases Draft Privacy Green Paper, Adding to Federal Examination of Privacy Protections
Preserving consumer privacy online and thereby bolstering consumer trust in the Internet is essential for businesses to succeed online according to the just-released Department of Commerce Green Paper entitled “Privacy and Information Innovation: A Dynamic Privacy Framework for the Internet Age.”
The Green Paper was authored by the Internet Policy Task Force at Commerce – a joint effort of the Office of Commerce Secretary Gary Locke, the National Telecommunications and Information Administration, the International Trade Administration, and the National Institute of Standards and Technology. The paper follows a Notice of Inquiry to which many stakeholders responded, and a symposium last May. It also follows the December 1st release of the preliminary FTC Staff Report on Privacy.
The Green Paper says there is a “compelling need to provide additional guidance to businesses, to establish a baseline privacy framework to afford protection for consumers, and to clarify the U.S. approach to privacy to our trading partners – all without compromising the current framework’s ability to accommodate new technologies.”
Like the FTC Report, the Commerce Green Paper proposes an expanded set of Fair Information Practice Principles (FIPPs), yet it is stronger than the FTC Report in raising the prospect of baseline privacy legislation, and it directly raises the question of whether the FTC should be given rulemaking authority to implement privacy principles (which it now lacks under Section 5 of the FTC Act). The Green Paper also suggests a safe harbor provision in any legislation, for companies that adhere to "voluntary, enforceable codes of conduct.”
The paper cautions that any new laws should not preempt the strong sectoral laws that already provide important protections, but rather should act in concert. The paper also recognizes the important role state law has played in building the privacy and data security framework in the U.S., and it cautions against impairing the states’ role as privacy law incubators. In addition, the role state Attorneys General can play in enforcing privacy rights is expressly recognized in the Green Paper.
With respect to full implementation of the FIPPs, the paper specifically has in mind enhancing transparency, encouraging greater detail in purpose specifications and use limitations, and fostering the development of verifiable auditing and accountability programs. The idea of Privacy Impact Assessments also is discussed.
The Green Paper also calls for a federal data security breach notification law for electronic data.
The Commerce paper also calls to reforming the opaque and outmoded Electronic Communications Privacy Act (ECPA), paying particular attention to assuring strong privacy protection in cloud computing and location-based services. The goal of this effort is to ensure that, as technology and market conditions change, ECPA continues to provide a fair balance between individuals’ expectations of privacy and the legitimate needs of law enforcement to gather the information it needs for security.
In his October 27th speech at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem, NTIA Administrator Lawrence E. Strickling explained that the PPO “would complement, not supplant, the Federal Trade Commission or the other institutions of the Federal Government, such as the professional cadre of Chief Privacy Officers we now have in multiple agencies. A key role for the new Privacy Office would be to bring together the many different parties that are necessary to help develop privacy practices.”
Mutual international recognition of and respect for privacy frameworks also is mentioned in the Green Paper, a reference to the EU’s persistent finding that the U.S. lacks “adequate protection” of personal data, thus requiring cumbersome legal mechanisms for the cross-border transfer of data.
The Green Paper is being published in the Federal Register with a period for public comment and input.
The French Data Protection Authority (CNIL) has announced its inspections program topics for 2016, with health data, flight passengers’ data, and data used for marketing and Internet...20 May 2016