Skip Links

US Dept. of Commerce: New online privacy rules needed

The Obama administration recommends an online privacy code of conduct, enforced by the Federal Trade Commission

By , IDG News Service
December 16, 2010 12:51 PM ET

Page 3 of 3

The report recommends that Congress pass a federal data breach notification law, requiring companies to tell affected consumers when their personal data has been compromised. Several lawmakers have proposed national breach notification laws since 2005, without success, although many states have passed similar laws.

The Obama administration should also look into ways to protect privacy in cloud computing environments, the report recommends. The administration should examine whether changes to the Electronic Communications Privacy Act (ECPA), which allows law enforcement access to electronic communication, are needed, the report said.

Privacy groups gave the Commerce paper mixed reviews. The paper "lays out a creative and flexible approach to develop enforceable privacy protections for consumers," said Justin Brookman, director of Center for Democracy and Technology's Privacy Project, in a statement.

Brookman called on Congress to pass a baseline consumer privacy law.

But the report makes a number of proposals and asks a number of questions instead of taking more concrete action, said Jeffrey Chester, executive director of the Center for Digital Democracy.

"Given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu," he said in an e-mail. "The time for questions has long passed."

The report offers a "vague multistakeholder process" to develop codes of conduct instead of real laws to protect consumers, Chester added.

"If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy," he said. "They should have been able to clearly say what practices are right and wrong -- such as the extensive system of online behavioral tracking that stealthily shadows consumers -- whether on their personal computer or a mobile phone."

The report should have also "rejected outright any role for self-regulation, given its failures in the online data collection marketplace," Chester added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News