On February 23, 2012, the Obama Administration unveiled its “Consumer Privacy Bill of Rights”, which outlines its policy for protecting the privacy of Internet users in the absence of such legislation by Congress. This “Bill of Rights”, available here, is designed to promote policies that will give consumers more control over how their personal data is used and to help businesses, defined as both for-profit and non-profit entities, build trust with consumers. It outlines seven principles of online data management with which businesses should comply:

  • Individual Control – Consumers have a right to exercise control over the personal data that companies collect from them and how it is used.
  • Transparency – Companies’ privacy policies should be easily understandable to consumers.
  • Respect for Context – Companies should collect, use, and disclose personal data only for the purposes for which consumers agreed to provide that data.
  • Security – Personal data should be handled securely and responsibly.
  • Access and Accuracy – Consumers should be able to access and correct personal data.
  • Focused Collection – There should be reasonable limits on the personal data that companies collect and retain.
  • Accountability – Personal data should be handled by companies with appropriate measures to ensure that they adhere to the Consumer Privacy Bill of Rights.

The “Bill of Rights” also initiates a multi-stakeholder process to be led by the Commerce Department that will convene industry, privacy advocates, and other stakeholders to develop codes of conduct that will protect consumers’ privacy online consistent with the seven principles stated above. The Federal Trade Commission will have the authority to enforce the resulting voluntary commitments, thus giving the codes of conduct the force of law.

The Administration plans to continue to work with Congress to enact comprehensive privacy legislation that would codify the principles set forth in the “Bill of Rights”.