The White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (Jan. 2012) (full-text).
At the center of this Framework is a Consumer Privacy Bill of Rights, which embraces privacy principles recognized throughout the world and adapts them to the dynamic environment of the commercial Internet. The Report calls on Congress to pass legislation that applies the Consumer Privacy Bill of Rights to commercial sectors that are not subject to existing Federal data privacy laws.
Stakeholders — companies, privacy and consumer advocates, international partners, State Attorneys General, Federal criminal and civil law enforcement representatives, and academics — will be asked to develop codes of conduct that implement the Consumer Privacy Bill of Rights. Such practices, when expressly and affirmatively adopted by companies subject to Federal Trade Commission (FTC) jurisdiction, will be legally enforceable by the FTC. The United States international partners will be asked to create greater interoperability among their respective privacy frameworks. This will provide more consistent protections for consumers and lower compliance burdens for companies.
Seven core principles Edit
The Framework centers on "The Consumer Privacy Bill of Rights," which contains seven core principles relating to personal data.
The seven principles set forth in The Consumer Privacy Bill of Rights are as follows.
1. Consumer Control: granting consumers the right to exercise control over the personal data companies collect and how companies use that personal data.
2. Transparency: calling for consumers to have the right to easily understandable and accessible information about a company’s privacy and security practices.
3. Respect for Context: providing that companies should only collect, use, and disclose personal data in ways that are consistent with the context in which the consumers provided the personal data, unless the law requires otherwise or additional transparency and choice are provided.
4. Security: giving consumers the right to secure and responsible handling of personal data and requiring companies to provide “reasonable safeguards” to control risks.
5. Access and Accuracy: providing that consumers have the right to access and correct personal data, in usable formats, but further providing that the right is subject to what is appropriate given the sensitivity of the data and the risk of adverse consequences – also referred to as “material harm” --to consumers if the data is inaccurate.
6. Focused Collection: relating to the Context Principle (#3) and calling for consumers to have the right to set reasonable limits on the personal data that companies collect and retain, and calling on companies to securely dispose or de-identify the personal data collected once it is no longer needed, unless the company is under a legal obligation to keep it in its identified form.
7. Accountability: setting forth that companies must handle personal data with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights and that companies should be accountable to both enforcement authorities and consumers for following the principles in the Framework.