Written by Anagha Prasad
In an effort to reexamine and improve upon commercial data privacy, the Internet Policy Task Force (IPTF) released a green paper entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” Based on consultations, written submissions, and extensive research, the document makes various policy recommendations regarding the future of commercial data privacy. At the center of the task force’s proposals is the Dynamic Policy Framework, designed to promote efficiency and while minimizing regulatory barriers. The full paper can be downloaded here: IPTF Privacy Green Paper
What is the Dynamic Policy Framework?
The goals of the Dynamic Policy Framework can be grouped into four general categories: 1) The implementation of Fair Information Practice Principles (FIPPs); 2) Public-private sector collaboration; 3) Global interoperability; and 4) National standardization for Security Breach Notification (SBN).
1) Fair Information Practice Principles (FIPPs)
FIPPs emphasize increased privacy without procedural or bureaucratic hurdles. The primary purpose of FIPPs is to increase transparency across industries, making it easier for consumers to understand their choices and for industries to create sector-specific regulations. FIPPs demand greater purpose specification for corporations requesting personally identifiable information. Similarly, these principles encourage data minimization to protect consumers. Finally auditing is a crucial way to increasing transparency and accountability across industries.
2) Collaboration between the public and private Sectors
3) Global interoperability
The role of commercial data privacy in cross-border transactions highlights the importance of understanding regulatory differences between countries. Collaborating with multinational economic organizations like OECD and APEC to identify the similarities and differences in national data security regulations would facilitate international trade. Similarly, an enhanced U.S. privacy framework would reduce regulatory barriers and compliance costs in cross-border transactions in the long run.
4) National standardization for Security Breach Notification (SBN)
A national standard for SBN would enable states to build upon the existing framework while having a common baseline for protecting commercial data privacy. This provision would enhance the existing sector-specific regulations, like HIPAA and GLBA, while permitting states to customize or add to the national standard (in limited ways). Part of this initiative would be to ensure the continued effectiveness of the Electronic Communications and Privacy Act (ECPA).
Under these four broad categories, the Dynamic Policy Framework seeks to enhance individual privacy and increase awareness regarding consumer choice. It also aims to promote entrepreneurship and reduce barriers to trade, especially in cross-border transactions. Promoting consistency and efficiency across industry sectors is another important part of the proposal, especially through collaboration between stakeholders and government.
For further reading:
Tech Daily Dose