Groups, firms weigh in on privacy report

Happy Data Privacy Day! It is a day celebrated in Canada, most of Europe and the United States to raise awareness and discussion about data privacy and protection. Whether it was meant to coincide with Data Privacy Day or not, Friday was also the deadline for comments on the Commerce Department's draft privacy report.

"Data privacy day provides an opportunity to reflect on the importance of privacy policies that promote online trust and broadband use," Lawrence Strickling , administrator of Commerce's National Telecommunications and Information Administration, wrote in a blog post Friday. In discussing Commerce's privacy report, he noted it "proposes an approach to privacy that can promote innovation while increasing consumer trust, including committing to baseline privacy principles and convening stakeholders to craft enforceable codes of conduct to implement those principles."

Several groups and companies have weighed in on the report released in December, which calls for the implementation of "Fair Information Privacy Principles" that would provide baseline privacy protections, proposes creation of a Privacy Policy Office within the department, and requests comment on whether Congress should implement baseline privacy legislation. The comments will be used to help craft the Obama administration's approach to privacy.

For the most part, the Commerce report was more favorably received by industry than a staff privacy report also released in December from the Federal Trade Commission, which called for more aggressive measures to protect consumer privacy online.

In responding to the Commerce report, the credit information firm Experian voiced concern about rules that might limit the sharing of information and argued in favor of self-regulation over legislation, saying such an approach is better able to evolve and respond quickly to developing technologies.

"Any privacy framework should carefully balance restrictions on the collection and sharing of third-party information with the significant benefits that these uses of information provide to consumers, businesses, and the economy at large," Experian wrote.

The Interactive Advertising Bureau echoed Experian's view on self-regulation and noted the work advertisers have done to implement a self-regulatory program including the creation of an "Advertising Option Icon" that provides consumers with more information and choices related to targeted ads.

"Unlike formal regulations, which can become quickly outdated in the face of evolving technologies, voluntary codes developed through self-regulation provides industry with a nimble way of responding to new challenges presented by the evolving Internet ecosystem," according to the IAB's comments.

The giant retailer Wal-Mart, which also operates a major e-commerce site, for the most part offered praise for the Commerce report as written.

"We applaud the department's focus on privacy principles as the bedrock for protecting consumers, preserving innovation, and supporting the global economy," the company said in its comments. "We believe that a focus on underlying principles, rather than potential distinctions in regulatory schemes, would provide considerable impetus for a more robust and flexible method for protecting consumer privacy."

In its comments, Intel said it favors privacy legislation, saying that "well-crafted legislation can actually enable small business e-commerce growth." In the last Congress, Intel joined eBay and Microsoft in largely endorsing privacy legislation offered by Rep. Bobby Rush , D-Ill., with the exception of a provision allowing consumers to sue companies for privacy violations. The company also voiced support for using the Fair Information practices as the base for privacy legislation.

Intel also said it supports the creation of a privacy office at Commerce, but said the FTC should continue to serve as the primary privacy enforcement body and as the U.S. representative internationally including at the annual international data privacy commissioner's conference.

Intel Global Privacy Officer David Hoffman told Tech Daily Dose during a briefing Thursday on privacy that for the first time the FTC was recognized at the data privacy commissioner's conference this fall as a voting member. "It was hugely important," he said, for the FTC to be seen as "sufficiently independent to be on par" with the privacy commissioners from other countries.

Privacy advocates were much more critical of the report. They complained that the department did not meaningfully engage the input of privacy advocates and would be the wrong entity to house a privacy office given the agency's focus on promoting the interests of U.S. business.

"It is disconcerting, to say the least that this green paper neglects to raise and meaningfully discuss the range of online consumer data collection practices that threaten privacy," the Center for Digital Democracy and U.S. PIRG wrote in their comments with the department.

The groups instead favor the recommendations included in the FTC's staff privacy report. The deadline for comments on that report were originally due Monday but have been extended until Feb. 18.

Chris Hoofnagle , director of the Berkeley Center for Law & Technology's information privacy programs, argued that if the FTC is going to take on the role of enforcer of privacy violations as Commerce has recommended, the commission needs greater authority to levy fines and implement rules as well as more resources.

Noting that FTC Chairman Jon Leibowitz has pushed Congress to provide the FTC with greater rulemaking authority, Hoofnagle said in his comments that, "The Department of Commerce should support these initiatives in order to bolster its narrative surrounding FTC enforcement."