This paper briefly discusses the Obama Administration's proposals for consumer privacy legislation, which should have the following elements:
|“|| First, the bill should include the concept of a "consumer privacy bill of rights" based on comprehensive, widely accepted Fair Information Practice Principles. These consumer data privacy protections should be legally enforceable and broad and flexible enough to allow consumer privacy protection and business practices to adapt as new technologies and services emerge. Any legislation should avoid duplicating or conflicting with the requirements of existing sector-specific data privacy laws and regulations.
Second, any legislation should recognize that the Federal Trade Commission (FTC) plays a vital role as the nation’s independent consumer privacy enforcement authority. The Administration recommends granting the FTC explicit authority to enforce any consumer privacy bill of rights with an eye towards appreciating that any standards should evolve and adapt to a rapidly evolving digital marketplace.
Third, the Administration will work to promote global interoperability with our allies and trading partners. The legislative approach that we recommend could help to reduce the multiple compliance burdens that companies currently face and provide consumers with more consistent cross-border data protections.
And finally, consistent with existing Federal requirements and ongoing Administration policy development in this area, the Administration recommends adoption of a Federal consumer data security breach notification law that sets national standards, reconciles inconsistent State laws, and authorizes enforcement by State authorities.