recommended reading

Privacy code of conduct initiative off to a messy start

Tatiana Popova/

The Obama administration on Thursday kicked off an effort to develop voluntary industry codes of conduct to improve online privacy for consumers and immediately faced disagreement over the process set up by the Commerce Department.

Thursday’s session focused narrowly on providing consumers with more transparency around the information collected by mobile applications. It’s the first issue being addressed as part of the administration’s effort to encourage industry and other privacy stakeholders to work together to develop voluntary codes of conduct based on the White House’s proposed privacy “bill of rights” unveiled in February.

The administration is pushing the voluntary approach even as it has called on Congress to pass legislation to implement its privacy bill of rights to provide consumers with some baseline privacy protections, such as requiring entities that collect personal data to adequately secure the information and to notify users about what data is being collected.

Although companies can choose whether they want to abide by whatever codes of conduct are developed, those that do sign on could be open to action by the Federal Trade Commission if they don’t abide by their promises.

Much of the day-long session was spent focusing on process and how to get to the work of actually drafting industry guidelines. At the end of the session, an official with Commerce's National Telecommunications and Information Administration announced the agency would host another one in Washington in August to try to move the process forward. But Commerce officials stressed several times throughout the day that the department would only serve as a facilitator and that the heavy lifting would be left to industry, privacy advocates, and others who choose to participate.

From the start, privacy advocates signaled that focusing only on mobile-apps transparency was too narrow and that the issue needs to be examined in the context of the other principles included in the proposed privacy bill of rights.

“Discussion of mobile transparency is simply not sufficient,” Chris Calabrese, legislative counsel for the American Civil Liberties Union, said during the initial public comment period. "Transparency only describes what the system is.… [I]f the system is unfair, a description of the system is valueless.”

Privacy advocates found some agreement for their call to look at the issue more broadly from an unlikely source. Morgan Reed, executive director of the Association for Competitive Technology, which represents some app developers, said in an interview that “there is some common ground in the reality that you can’t keep it narrowly defined just around mobile uses.”

But other industry officials voiced resistance to expanding the process beyond the initial topic, which NTIA picked based on comments filed with the agency prior to Thursday’s meeting.

“We had to start somewhere, and we took the input that we received in our public comment process to select the starting point of this process but it’s a starting point,” NTIA Director Larry Strickling said in his opening remarks. “At this point going forward, this process as quickly as possible needs to become your process. So as to where this takes us, in terms of what topics and what elements of the bill of rights will really be determined by all of you acting as a group to resolve these issues.”

NetChoice executive director Steve DelBianco, whose group represents online companies such as eBay, Facebook, and Yahoo, argued that transparency about what information an app collects from users such as location data has “inherent significant value” and allows consumers to make choices.

The administration has much at stake in ensuring the process can succeed, given the emphasis it has put on pursuing self-regulation first. In fact, even though administration officials have continued to say they want to see Congress pass privacy legislation, the administration has yet to develop a legislative proposal to send to Capitol Hill, NTIA's Strickling told National Journal.

The importance of the success of the process wasn’t lost on some of the participants, who said they were optimistic that the effort would yield results.

“What we do here around this particular issue really sets the stage not just for mobile-app transparency but other issues we want to run through the stakeholder process,” Microsoft's Frank Torres told the group.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.