On February 27, 2015, the Obama Administration released its discussion draft of the Consumer Privacy Bill of Rights Act (‘‘Draft’’)1 (see WDPR, March 2015, page 30). Its stated purpose is to ‘‘establish baseline protections for individual privacy’’ and to implement and enforce those protections.
The Draft proposes to provide a single national standard replacing the patchwork of state laws now in place addressing consumer data protection. The proposal would expand some coverage currently offered by the states, mirror some current requirements and follow some current global trends in data protection. It would offer a ‘‘safe harbor’’ allowing companies to obtain Federal Trade Commission (‘‘FTC’’) approval of their privacy codes of conduct. Enforcement would be limited to the FTC and state attorneys general, with a substantial grace period before enforcement actions commenced.