Senators Kerry & McCain to FTC and Commerce: Get Moving on Final Reports

By Cynthia J. Larose

Senators John Kerry and John McCain today requested that the Department of Commerce and the Federal Trade Commission issue their final reports on consumer privacy protections. Both agencies released draft reports identifying large holes in current privacy protections in December 2010, but have not yet issued final reports. Senators Kerry and McCain introduced legislation aimed to safeguard consumer privacy, the Commercial Privacy Bill of Rights, in April 2011.

In their letter to the agencies, the Senators wrote “Consumers are confused and concerned about how their information is collected and distributed, and firms collecting information on people are not bound to any common set of practices and are making them up as they go along.   Congress and the public could use the guidance of the expert agencies in the form of final reports to help make sense of current practices and how to best protect innovation without sacrificing people’s privacy.”

The full text of the letter is after the jump.

The full text of the letter is below:

November 8, 2011

The Honorable John Edgar Bryson                               The Honorable Jonathan D. Leibowitz

Secretary                                                                       Chairman

Department of Commerce                                            Federal Trade Commission

1401 Constitution Avenue, NW                                   600 Pennsylvania Avenue, NW, Room 338

Washington, DC 20230                                                Washington, DC 20580

Dear Secretary Bryson and Chairman Leibowitz:

In December 2010, the U.S. Department of Commerce and the Federal Trade Commission each issued strong draft reports on the state of consumer privacy protections in the marketplace.  Both agencies concluded that self regulation had failed to provide for a baseline level of protection for people’s personally identifiable information.  And both reports presented what the expert staff at your agencies considered would constitute a better framework for addressing privacy issues in commerce.   We leaned heavily on those frameworks to construct S.799, the Commercial Privacy Bill of Rights.

Close to a year later, and many months after the comment period on those reports closed, we still await a final draft of your conclusions and recommendations.  We respectfully request that you complete and issue those reports as soon as possible and let us know exactly when that will be.

Changes to data collection practices in the marketplace and multiple hearings in the Congress have raised awareness about the scope and scale at which people’s information is being collected, dissected, and distributed.   And awareness has led to calls for action.

A survey that TRUSTe conducted of mobile phone users found that only 36% feel they have a choice regarding the collection and use of their location information and less than one-third of those surveyed say their smartphone alerts them when location information is being collected.   When Sony was hacked in May, among the information disclosed was 12,700 non-U.S. accounts and 10,700 bank account numbers from an “outdated database from 2007.”  That constitutes both a problem with security standards and data retention standards.

Facebook’s introduction of facial recognition and automated online image identification led consumer groups to file a complaint with the FTC and letters from members of Congress in support of the complaint.  In July, a Stanford University study found that over half of the tested sites left tracking cookies in place even after a visitor to that site opted out of tracking.  In September, OnStar set off a firestorm of concern when it proposed changes to its terms and conditions that would have allowed the company to continue to receive data from former subscribers’ vehicles unless they specifically opted out of the practice.  After lawmakers and the press shone a light on this change, OnStar reversed its position.  And in late September, there was renewed focus on the use of “supercookies,” technology that some online actors are using to thwart people’s attempts to prevent online tracking.

These examples all indicate clearly that consumers are confused and concerned about how their information is collected and distributed, and firms collecting information on people are not bound to any common set of practices and are making them up as they go along.   Congress and the public could use the guidance of the expert agencies in the form of final reports to help make sense of current practices and how to best protect innovation without sacrificing people’s privacy.  We look forward to your response.

Sincerely,

John F. Kerry                                                                           John McCain

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.