Last month, the White House released a “discussion draft” of its proposed Consumer Privacy Bill of Rights of 2015, and so far it has received a cool reception.
The bill recognizes that “[t]here is rapid growth in the volume and variety of personal data being generated, collected, stored, and analyzed[,]” and acknowledges the need to both “preserv[e] individuals’ trust and confidence that personal data will be protected appropriately, while supporting flexibility and the free flow of information [to] . . . promote continued innovation and economic growth[.]”
To that end, the bill calls on industries to develop their own privacy policies or codes of conduct for the handling of consumer information. It also charges the Federal Trade Commission (“FTC”) with enforcing those codes of conduct. The bill focuses its attention on mitigating “privacy risks” – defined narrowly to include “the potential for personal data . . . to cause emotional distress, or physical, financial, professional or other harm to an individual.”
Privacy advocates are criticizing the bill for not going far enough to protect consumers—even the FTC, issued a statement calling for a stronger proposal. Some are concerned that the bill would preempt state laws that give consumers more protection. Others worry about the logistics of the FTC reviewing and enforcing hundreds of different codes. There was also criticism that the bill did not adequately define what constitutes sensitive information.
Many were dismayed that the White House did not include key stakeholders in the development of the draft bill. Democratic leaders, too, are critical of the bill. The administration’s proposal needs a Congressional sponsor to be introduced as legislation, but this is unlikely in light of the reception the bill has received thus far. Senator Edward Markey (D. Mass) announced that he would soon introduce his own consumer privacy legislation.