The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

GAO Data Broker Report Calls for Comprehensive Privacy Law

Leave a comment

On November 15, 2013, the U.S. Government Accountability Office released a report on the statutory legal protections for consumers with regard to the use of data for marketing purposes by data brokers.

The GAO report canvasses the existing federal consumer legal protections applicable to information resellers and finds them wanting with regard to the use of the data for marketing purposes.  Specifically, the GAO concluded the following:

– “[I]nformation about an individual’s physical and mental health, income and assets, mobile telephone numbers, shopping habits, personal interests, political affiliations, and sexual habits and orientation,” can legally be collected, shared, and used for marketing purposes.  The report notes limits on HIPAA’s applicability to health-related marketing lists used by e-health websites.

– Although some industry participants have stated that current privacy laws are adequate – particularly in light of self-regulatory measures – there are gaps in the current statutory privacy framework that do not fully address “changes in technology and marketplace practices that fundamentally have altered the nature and extent to which personal information is being shared with third parties.”

– Current law is often out of step with the fair information practice principles.

According to the GAO, Congress should therefore consider strengthening the current consumer privacy framework in relation to consumer data used for marketing while not unduly inhibiting the benefits to industry and consumers from data sharing.  In doing so, Congress should consider:

– the adequacy of consumers’ ability to access, correct, and control their personal information in circumstances beyond those currently accorded under FCRA;

– whether there should be additional controls on the types of personal or sensitive information that may be collected and shared;

– changes needed, if any, in the permitted sources and methods for data collection; and

– privacy controls related to new technologies, such as web tracking and mobile devices.

GAO Report at 19, 46-47.

The GAO Report is the most recent expression of support for comprehensive privacy legislation from within the federal government.  In this regard, the report echoes the Obama Administration’s 2012 Privacy Blueprint and the FTC’s 2012 Privacy Report, both of which called for baseline privacy legislation.  The FTC Privacy Report also reiterated the agency’s support for a privacy law targeted to data brokers.  The GAO Report, by contrast, implies that a general privacy law could suffice to address the issues raised by data brokers.

Advertisements

Author: Janis Kestenbaum

Senior legal advisor on privacy, data security, and other consumer protection issues to Federal Trade Commission Chair Edith Ramirez. All views expressed are my own.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s