Developing a Code of Conduct to Implement The Consumer Privacy Bill of Rights, Round 1

Earlier this year President Obama released the “Consumer Privacy Bill of Rights” as part of the “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” The Consumer Privacy Bill of Rights sets forth the rights and expectations individuals should have with regards to the use of personal data on internet and digital networks. The rights are:

1. Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.

2. Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.

3. Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.

4. Security: Consumers have a right to secure and responsible handling of personal data.

5. Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.

6. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.

7. Accountability: Consumers have a right to have a personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of rights.

In addition to setting forth the Consumer Privacy Bill of Rights, the Framework calls for the National Telecommunications & Information Administration (the “NTIA”) to convene stakeholders to develop codes of conducts which the Federal Trade Commission(the “FTC”) will be able to enforce.

Last week I attended the first of the meetings between stakeholders at the NTIA. Participants represented a wide range of organizations and companies. A show of hands indicated that 25% represented consumer and public interest organizations like the ACLU, CDT et al. The other participants represented corporate and business interests from companies like Facebook and Comcast to developers.

Ostensibly the purpose of the meeting was to begin the process of creating a code of conduct for the protection of privacy of personal data in mobile applications. However, the NTIA decided to focus on just one element of the code, transparency. The first order of business was to go through a directed exercise to identify the issues related to transparency most important to participants. Each attendee was given one minute to speak. Overall the issues highlighted related to consistency of disclosures, context of disclosures, standardizations of processes, conciseness and clarity of disclosures, and timeliness of disclosures.

While I appreciate the facilitated process the NTIA used to guide the conversation during the first meeting, I am unable to provide you any tangible results from the activity. I am hopeful that the stakeholders will have future opportunities to create a valuable code of conduct which the FTC can use as a framework for enforcement. For now, the NTIA has indicated that the next meeting of stakeholders will be in August. In the meantime, I look forward to working with clients and other stakeholders to help craft the code of conduct called for in the “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.”

About Nancy Prager

Nancy Prager is an attorney based in Washington, D.C. She represents a wide range of clients on matters from intellectual property to estate planning. Before starting her own practice, she practiced with firms in Memphis and Atlanta, as well as providing business development services to technology companies. She launched her practice to offer strategic legal services to clients at an affordable rate. Additionally, Nancy is a sought after speaker and writer on issues related to the convergence of intellectual property, technology and media. Nancy was asked to write a series of commentaries for on the emerging legal issues related to the transmission of content on the internet. She has spoken to organizations and conferences around the country on issues related to the convergence of technology, content and intellectual property, as well as strategic legal issues for companies, individuals and artists. Journalists often rely on Nancy as a resource for emerging legal issues. Nancy has a strong commitment to social justice. She has founded, or co-founded, a number of organizations and programs that provide tangible services to their constituencies. For example, while a student in law school she developed the Domestic Violence Advocacy Center that provides legal services to victims of domestic violence. Additionally, she has been involved with a number of organizations that provide services to children and their families, including serving on the boards of the Harwood Center and Porter Leath Children’s Services. She is a graduate of Wake Forest University School of Law and the University of Wisconsin, Madison. She is a member of the District of Columbia Bar, the State Bar of Georgia and the State Bar of Tennessee. She has been a member of a variety of legal organizations including the Copyright Society of the USA and the American Bar Association.
This entry was posted in privacy, privacy policy and tagged , , , . Bookmark the permalink.