Late last week, President Obama released a “discussion draft” of the Administration’s long awaited Consumer Privacy Bill of Rights Act. At first blush, the results are a mixed bag: some good, some not so good, much work among stakeholders left to be done.
It didn’t take long for consumer advocates, and even one FTC Commissioner, to say the draft legislation doesn’t go far enough. The Internet has been rife with posts this week about the bill’s problems and shortcomings. In summary, for most, the bill landed like a lead balloon.
Still, the Administration released the bill as a “discussion draft”—signaling the draft legislation is a just a step and an invitation for further conversation. For a measured perspective considering the bill through this lens, read former Obama Administration official Nicole Wong’s thoughtful article.
While it’s certainly far from perfect, my take is that the bill isn’t all bad. Here are just a few initial pros and cons to the bill that I’ve identified (in no particular order):
- Pro: many principles are based on fair information practices familiar from existing federal statutes, flexibility and consideration of measures that are reasonable in context, availability of safe harbor protections, exceptions for de-identified data, delayed enforcement to allow parties time to adjust to the law’s requirements.
- Con: loosely defined requirements, definitional uncertainty, preemption and enforcement concerns.
One item of note is that the security provisions in Section 105 (a) codify, at a very high level of generality, some of the principles that we’ve been advising our clients about: for example, taking steps to identify internal and external risks to privacy and security of personal data and implementing and regularly assessing safeguards to control risks. (Of course, it’s a separate thing all together to have recommendations take on the force of law.)
In the end, it may have been inevitable that this bill would be a disappointment to some. After all, the public has been waiting on it since 2012. During that time, there have been many, many high-profile breaches of consumer information. The appetite for more privacy and security protections has only grown over time. But it will take a delicate balance to provide desired protections while at the same time making legal requirements workable for both consumers and the businesses offering products and services consumers want.
To be sure, there will be more to come from the Consumer Privacy Bill of Rights—stay tuned.
Add a comment
Archives
- January 2022
- June 2021
- March 2020
- August 2019
- March 2019
- October 2018
- July 2016
- June 2016
- May 2016
- February 2016
- November 2015
- September 2015
- July 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- July 2014
- March 2014
- July 2013
- June 2013
- April 2013
- March 2013
- October 2012
- September 2012
- August 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- September 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2006
- February 2006
Recent Posts
- Rethinking Your Cyber Insurance Needs as Your Workplace Evolves
- Data Breach Defense for Educational Institutions
- COVID-19 and the Increased Cybersecurity Risk in a Work-From-Home World
- Like Incorporating Facebook into your Website? EU Decision Raises New Issues
- Lessons Learned: Key Takeaways for Every Business from the Capital One Data Breach
- Will Quick Talks to WRAL About Privacy Issues Related to Doorbell Cameras
- About Us
- Not in My House - California to Regulate IoT Device Security
- Ninth Circuit Says You’re Going to Jail for Visiting That Website without Permission
- Ninth Circuit Interprets “Without Authorization” under the Computer Fraud and Abuse Act
Topics
- Data Security
- Data Breach
- Privacy
- Cyberattack
- Defamation
- Public Records
- FCC Matters
- Reporters Privilege
- Digital Media and Data Privacy Law
- Political Advertising
- Newsroom Subpoenas
- Shield Laws
- Internet
- Miscellaneous
- Indecency
- First Amendment
- Anti-SLAPP Statutes
- Fair Report Privilege
- Education
- Prior Restraints
- Wiretapping
- Access to Courtrooms
- FOIA
- Privacy Policies
- HIPAA
- Drone Law
- Access to Search Warrants
- Access to Court Dockets
- Intrusion
- First Amendment Retaliation
- Mobile Privacy
- Newsroom Search Warrants
- About This Blog
- Disclaimer
- Services