White House drafts privacy bill
Washington — Amid “rapid growth” in the collection of data on Americans, the White House is proposing legislation that calls on businesses to do more to help consumers protect their personal information.
The draft bill, first obtained by The Associated Press, gives a nod to consumers fed up with how much of their private lives wind up in the hands of marketers. But the proposal also has angered privacy advocates who say the bill wouldn’t change much for consumers. They cite several loopholes that would give companies a way to opt out without consequence.
Consumers might be skeptical too about how much the White House values Americans’ privacy: President Barack Obama outlined similar goals in 2012 in his “consumer privacy bill of rights.” A year later, National Security Agency analyst Edward Snowden revealed that the government had collected the phone records and digital communications of millions of citizens not suspected of a crime.
“There is rapid growth in the volume and variety of personal data being generated, collected, stored and analyzed,” the draft bill states. “This growth has the potential for great benefits to human knowledge, technological innovation and economic growth, but also the potential to harm individual privacy and freedom. Laws must keep pace as technology and businesses practices evolve.”
According to a draft, the bill identifies seven principles for safeguarding personal data, including giving Americans the right to access information that companies collect. It says businesses should act in the spirit of transparency and take steps to protect that data from being leaked or misused.
The bill also encourages industries to draft “privacy codes of conduct.” The Federal Trade Commission could take action against a company if it violates its own code. But the regulatory agency, known for suing businesses for unfair and deceptive business practices, wouldn’t be given any rulemaking authority as many privacy advocates want.
“It’s a big victory for the tech industry because it really sidelines the FTC and removes it as an effective force,” said Jeffrey Chester, head of the Center for Digital Democracy.
The White House declined to comment on the pushback from critics. But a fact sheet later released said the bill was “offered in the spirit of bringing all stakeholders into a public dialogue to advance new privacy protections.”
Tech-savvy marketers have long been tracking people’s movements online as well as their location, pairing that information with such offline data as race, gender, salary, where they live and even how much they paid for their house. The result is a thriving industry of data brokers that make money from selling detailed — and somewhat creepy — profiles of every consumer.
Under the bill, any company that collects personal data would have to give consumers “reasonable access” to that information or provide an “accurate representation” of the data. Consumers also would be given the opportunity to ask to correct or delete their information. But the company could get out of those requirements under certain circumstances. For example, individuals can be denied access to their data if the request is found to be “frivolous or vexatious.” It can also be denied if it might compromise a law enforcement investigation.
Another major sticking point for privacy advocates is that the bill would pre-empt most state privacy laws. California, for example, passed several privacy bills last fall that would be considered much more stringent. The White House proposal, if enacted, would essentially make those protections null and void. One exception would be any privacy laws that apply to minors and students in grade school or high school.
In February 2012, Obama released a lengthy report on consumer privacy rights, calling on Congress to pass legislation that would give the FTC more authority and directing the Commerce Department to help industry draft voluntary privacy standards.
In summer 2013, a group of industry officials and privacy advocates agreed to standards aimed at helping people better understand the privacy policies of their mobile apps. But it’s unclear how many, if any, companies have bothered to implement the standards.