The Executive Office of the President today released a 52-page framework document setting out the Obama Administration’s policies "for protecting privacy and promoting innovation in the global digital economy." The policy framework includes four principal elements: A Consumer Privacy Bill of Rights, a multistakeholder process to agree how the principles in the Consumer Privacy Bill of Rights apply in particular business contexts, effective enforcement, and a commitment to increase interoperability with the privacy frameworks of international partners.
The Administration acknowledges that existing United States privacy law and policy "effectively address some privacy issues" but adds that "additional protections are necessary to preserve consumer trust" in the online environment. The framework therefore calls for consumer data privacy legislation, under which the FTC and State Attorneys General would have authority to enforce the Consumer Privacy Bill of Rights.
The baseline protections – described as "privacy principles recognized throughout the world" – established in the Consumer Privacy Bill of Rights are:
Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how it is used.
Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which they provide the data.
Security: Consumers have a right to secure and responsible handling of personal data.
Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is accurate.
Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure that they adhere to the Consumer Privacy Bill of Rights.
Going forward, the Administration encourages privacy stakeholders, including the private sector, to implement the Consumer Privacy Bill of Rights through the auspices of the Commerce Department; it also commits to work with Congress to "write these flexible, general principles into law."