Skip to main content

Executive Summary: Commerce Department Issues Privacy "Green Paper"

Written by Anagha Prasad

Introduction

In an effort to reexamine and improve upon commercial data privacy, the Internet Policy Task Force (IPTF) released a green paper entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” Based on consultations, written submissions, and extensive research, the document makes various policy recommendations regarding the future of commercial data privacy. At the center of the task force’s proposals is the Dynamic Policy Framework, designed to promote efficiency and while minimizing regulatory barriers.   The full paper can be downloaded here:  IPTF Privacy Green Paper

What is the Dynamic Policy Framework?

The Dynamic Privacy Framework is intended to address emerging commercial data privacy challenges while enhancing customer service and entrepreneurial innovation, especially given the dynamic nature of markets and technologies. In the private sector, the only regulatory measure currently in place is the “notice-and-choice” method of disclosure, in which websites list their individual privacy policy, leaving consumers to choose whether to use them.

The goals of the Dynamic Policy Framework can be grouped into four general categories: 1) The implementation of Fair Information Practice Principles (FIPPs); 2) Public-private sector collaboration; 3) Global interoperability; and 4) National standardization for Security Breach Notification (SBN).

 1) Fair Information Practice Principles (FIPPs)

FIPPs emphasize increased privacy without procedural or bureaucratic hurdles. The primary purpose of FIPPs is to increase transparency across industries, making it easier for consumers to understand their choices and for industries to create sector-specific regulations. FIPPs demand greater purpose specification for corporations requesting personally identifiable information. Similarly, these principles encourage data minimization to protect consumers. Finally auditing is a crucial way to increasing transparency and accountability across industries.

2) Collaboration between the public and private Sectors

Partnering stakeholders with governmental organizations such as the FTC and Department of Commerce would not only increase the efficiency of commercial data privacy protection, but it would also encourage the voluntary implementation of codes of conduct. With the endorsement of the Executive branch and the FTC, private companies are more likely to consider seriously the benefits of voluntary codes of conduct for their business. A system of carrots and sticks—i.e., creating a safe harbor for companies who commit to and maintain a voluntary code of conduct, and stricture regulations for violations of privacy laws—would also optimize privacy protection across industries. In order to facilitate this communication between the government and stakeholders, the task force recommends the creation of a Privacy Policy Office within the Department of Commerce, which would focus uniquely on commercial data privacy.

3) Global interoperability

The role of commercial data privacy in cross-border transactions highlights the importance of understanding regulatory differences between countries. Collaborating with multinational economic organizations like OECD and APEC to identify the similarities and differences in national data security regulations would facilitate international trade. Similarly, an enhanced U.S. privacy framework would reduce regulatory barriers and compliance costs in cross-border transactions in the long run.

4) National standardization for Security Breach Notification (SBN)

A national standard for SBN would enable states to build upon the existing framework while having a common baseline for protecting commercial data privacy. This provision would enhance the existing sector-specific regulations, like HIPAA and GLBA, while permitting states to customize or add to the national standard (in limited ways). Part of this initiative would be to ensure the continued effectiveness of the Electronic Communications and Privacy Act (ECPA).

Conclusion

 Under these four broad categories, the Dynamic Policy Framework seeks to enhance individual privacy and increase awareness regarding consumer choice. It also aims to promote entrepreneurship and reduce barriers to trade, especially in cross-border transactions. Promoting consistency and efficiency across industry sectors is another important part of the proposal, especially through collaboration between stakeholders and government.

For further reading:

Tech Daily Dose

National Journal

NTIA Website

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.