In March 16, 2011 testimony before the Senate Committee on Commerce, Science, and Transportation, the Obama Administration formally asked Congress to pass a "consumer privacy bill of rights" enforced by the FTC:

Legislation to provide a stronger statutory framework to protect consumers’ online privacy interests should contain three key elements. First, the Administration recommends that legislation set forth baseline consumer data privacy protections—that is, a “consumer privacy bill of rights.” Second, legislation should provide the FTC with the authority to enforce any baseline protections. Third, legislation should create a framework that provides incentives for the development of codes of conduct as well as continued innovation around privacy protections, which could include providing the FTC with the authority to offer a safe harbor for companies that implement codes of conduct that are consistent with the baseline protections.

This testimony was presented by a Commerce Department official, Lawrence E. Strickling, Assistant Secretary for Communications and Information, National Telecommunications and Information Administration.

As we have observed previously, Congress is very interested in such legislation. Now that the legislative battle is fully joined, it's time to start thinking about who the potential winners and losers might be if such legislation is adopted:

  • Will the legislation hurt the big internet companies like Google and Facebook?
    • Small players might actually find compliance with new laws more difficult than these industry giants.
  • Can "do not track" legislation still be avoided through voluntary industry efforts?
    • Might voluntary efforts be enough to change the requirement to an mandatory right to "opt out" of tracking, as opposed to an outright ban?
  • Just how will any U.S. privacy regime meld with the EU's scheme?
    • Could U.S. rules actually smooth the road to U.S.-EU data sharing the way HIPAA did across the 50 states for health data exchange?