Government Taking Steps to Address Companies’ Vast Collections of Private Consumer Data

WASHINGTON, November 3, 2010 – As consumers provide large amounts of private information to web services, the government is tuning into the fact that the use of this information by these companies is becoming increasingly important.

Last week, top members of the Committee on Energy and Commerce sent Facebook CEO Mark Zuckerberg a list of questions regarding the firm’s use of private user data. On Wednesday, the Federal Trade Commission completed an investigation of Google’s collection of information during its mapping efforts.

In an effort to organize the federal effort, the Obama administration has formed an Interagency Subcommittee on Privacy & Internet Policy. It includes representatives from the departments of State, Energy, Treasury and Commerce as well as the National Economic Council and others. The goal of the committee is to monitor and create policies that affect user privacy and access.

Assistant Secretary of Commerce for Communications and Information Larry Strickling recently spoke at the 32nd International Conference of Data Protection and Privacy Commissioners in Israel. Strickling highlighted a number of efforts being undertaken by te federal government to protect consumers. The most expansive of which is the Internet Policy 3.0. This policy position was announced in February and looks to update and improve overall internet policies including cyber security and copyright protection. In regards to privacy, the goal is to increase user privacy and simplify the privacy statements which sites and software use.

The NTIA has already formed the Internet Policy Task Force which combines the efforts of the NTIA, along with the Patent and Trademark Office, NIST and the International Trade Administration. The task force also works with key stakeholders to ensure that any policies proposed are achievable and pragmatic.

Strickling however lamented that there is still not a comprehensive set of guidelines such as the Fair Information Practice Principles which the FTC has proposed. These principles would offer a baseline from which new polices could be formulated and customized per industry; Strickling wants these rules to be a formal enforceable code.

“I envision a strong role for voluntary but enforceable codes of conduct, which must be developed through open, multi-stakeholder processes as a way to fuel this dynamism,” he said. “This approach recognizes that technologists and entrepreneurs, privacy and consumer advocates, business interests, and the government have to work together to develop a privacy policy. Launching such multi-stakeholder processes is, indeed, challenging, but we should have confidence in the process because similar global, multi-stakeholder efforts have been successful, for example, the creation of the underlying Internet standards.”

To achieve this level of consumer protection, Strickling proposed the establishment of a Privacy Policy Office which would act as an interagency center of expertise. This new office would not replace the FTC or NTIA but would offer a clearinghouse of information and work with stakeholders.

He also emphasized that these issues must be handled both at the national and international level, saying, “International cooperation on enforcement is very encouraging. Just about a month ago, privacy enforcement agencies from 13 countries formally announced the formation of the Global Privacy Enforcement Network. I’m pleased to say that the U.S.’s own FTC is among the thirteen.”

The FTC is also one of five signatories to the APEC Cross-border Privacy Enforcement Arrangement. The agreement creates a voluntary framework for cross-border cooperation on consumer privacy investigations and enforcement issues throughout the APEC region.