White House privacy plan includes strong FTC enforcement

The Obama administration’s recently released white paper outlines a consumer data privacy framework that would supplement existing laws and, as one of its four key elements, give the Federal Trade Commission a strengthened enforcement role.

The framework represents the administration’s proposal for providing additional consumer data privacy protections that it believes are necessary to preserve consumer trust “in the technologies and companies that drive the digital economy.” According to the white paper, the administration intends to implement the framework “without delay.”

The framework has four key elements:

A Consumer Privacy Bill of Rights

The administration has developed a “Consumer Privacy Bill of Rights” (CPBR) that, in the administration’s view, “provides a baseline of clear protection for consumers and greater certainty for companies.” The CPBR, which is similar to the privacy principles recognized by the European Union, would give consumers a right to: (1) individual control over personal data collected and its use, (2) transparency as to a company’s privacy and security practices, (3) respect for the context in which the consumer provides personal data (meaning that such data is collected, used and disclosed in ways that are consistent with such context), (4) security in the handling of personal data, (5) consumer access to data maintained on them and the ability to ensure the accuracy of such data, (6) focused collection (meaning reasonable limits on the data collected), and (7) accountability of a company and its employees for how personal data is handled.

Market and Industry Codes of Conduct

The administration seeks a “multistakeholder process” to develop codes of conduct that implement the general principles contained in the CPBR. The stakeholders would include individual companies, industry groups, privacy advocates, consumer groups, state attorneys general, and federal civil and state law enforcement officers. The stakeholders would be charged with identifying markets and industry sectors that involve significant consumer data privacy issues and may be appropriate for an enforceable code of conduct. If a company chooses to adopt a code of conduct for its market or industry (and possibly multiple codes for different business lines), the administration expects it could enforce the company’s public commitment to adhere to the code of conduct under Section 5 of the FTC Act.

FTC Enforcement

The FTC would be charged with enforcing the commitments of companies under the FTC’s jurisdiction to adhere to one or more codes of conduct. According to the administration, “in any investigation or enforcement related to the subject matter of one or more codes, the FTC should consider the company’s adherence to the codes favorably.”

International Cooperation

To address the challenge created by differences in national privacy laws for companies that transfer personal data across national borders, the United States would engage with other countries “to increase interoperability in privacy laws” through mutual recognition and enforcement cooperation.

In the white paper, the administration also outlines its desired approach to new privacy legislation. That approach includes the passage of legislation codifying the CPBR and granting enforcement authority to the FTC and state attorneys general. The administration believes such legislation should also (1) give the FTC authority to review and approve codes of conduct adopted by companies and determine if the codes sufficiently implement the CPBR, (2) grant companies who follow an FTC-approved code of conduct a safeharbor from enforcement of the statutory CPBR, and (3) preempt state laws that are inconsistent with the statutory CPBR.

The administration’s intent is to avoid creating duplicative regulatory burdens, so that financial institutions subject to the Gramm-Leach-Bliley Act and its implementing regulations and guidelines would largely be exempt from the new regime. In addition, the administration’s plan does not expressly envision a role for the Consumer Financial Protection Bureau (which has authority to enforce provisions of the GLBA.) Nevertheless, the administration’s actions in the privacy arena are likely to influence the CFPB’s approach to data privacy and security. In addition, the administration states its support for a national standard for security breach notifications that would preempt state notification laws and that purportedly would apply to all financial institutions.

Click here to sign up for Ballard Spahr e-communications in a variety of practice areas.

Copyright © 2012 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

Register Now As you are not an existing subscriber please register for your free daily legal newsfeed service.

White House privacy plan includes strong FTC enforcement

Tags

Related USA articles

White House releases online privacy paper *

The Obama Administration unveils new consumer data privacy framework for the digital economy *

White House report may have long-term effect on consumer privacy and how companies do business *

The White House introduces a Consumer Privacy Bill of Rights *

White House proposes a Consumer Privacy Bill of Rights: will a multi-stakeholder approach to developing enforceable codes of conduct allow the U.S. to preserve internet innovation (and perhaps avoid federal regulation)? *

Popular articles from this firm

Letters of intent and term sheets in the context of M&A transactions *

Closing and post-closing matters in M&A transactions *

Purchase price and post-closing adjustments *

Closing conditions and termination rights in M&A transactions *

Preparing your company for sale: due diligence from a seller's perspective *