Commerce Department Seeks Comments on Outcome-Based Privacy Protections

The Commerce Department released a broad call for public feedback Tuesday focused on how companies should protect citizens’ privacy and what role the government should play.

The request for comments is focused on a series of desired outcomes that the government wants to achieve for data privacy rather than specific privacy practices companies should adhere to.

The request’s starting premise is that companies will and should adopt different privacy practices depending on the company’s core service, the sensitivity and volume of the data it collects and other factors.

The proposed outcomes include that consumers should be able to understand how companies are using their data without reading a lengthy and lawyerly privacy policy and that consumers should be able to “exercise reasonable control over the collection, use, storage, and disclosure of the personal information they provide to organizations.”

Other outcomes include that companies should minimize the amount of data they collect from consumers and take reasonable actions to secure that data at all points.

That outcome-based approach stands in contrast to a more stringent privacy mandate recently passed in California and the European Union’s General Data Protection Regulation, which was implemented in May.

This patchwork of different privacy requirements in different jurisdictions can be onerous for companies and stifle innovation, the Commerce Department argues.

“We are actively witnessing the production of a patchwork of competing and contradictory baseline laws,” the request states. “This emerging patchwork harms the American economy and fails to improve privacy outcomes for individuals, who may be unaware of what their privacy protections are, and who may not have equal protections, depending on where the user lives.”

The request for comment won quick praise from industry groups, including USTelecom and The Software Alliance and the Information Technology Industry Council.

“What we need most is clear and consistent privacy rules that apply equally to all companies that interact with consumers through the internet,” USTelecom CEO Jonathan Spalter said in a statement.

The request for comment will be formally published Wednesday in the Federal Register.