“American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online. As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. That’s why an online privacy Bill of Rights is so important. For businesses to succeed online, consumers must feel secure. By following this blueprint, companies, consumer advocates and policymakers can help protect consumers and ensure the Internet remains a platform for innovation and economic growth.” – President Obama
A year ago, the Obama Administration released a Consumer Privacy Bill of Rights, seeking to strengthen data privacy protections within the United States. American citizens are increasingly relying on wireless technologies, and thus have been increasingly providing personal data on those platforms (i.e., social networking, online purchases like Amazon or eBay, email accounts, automatic bill pay, and online banking).
What is the Consumer Bill of Rights?
The Consumer Privacy Bill of Rights provides a standard of protections for consumers and allows greater certainty of expectations for businesses.
Is it law? And who enforces these rights?
The Bill of Rights is not law, but rather ‘standards’ encouraged by the Obama Administration. Currently, the Administration is urging Congress to pass legislation that adopts the Consumer Bill of Rights in order to give these rights a legal effect. Additionally, the Administration encourages Congress to grant the Federal Trade Commission (FTC) authority to enforce these rights.
Notably, several state governments enforce their own Consumer Bill of Rights, such as Massachusetts and Texas. If this is something you are interested in, write a letter of interest or concern to your local representative or Attorney General’s Office.
What are the rights? And what are there practical effects?
There are six explicit rights declared:
1. Transparency. “Consumers have a right to easily understandable information about privacy and security practices.”
Practical effect: This right places pressure on businesses to take on the responsibility in providing transparent privacy and security practices to consumers.
2. Respect for Context. “Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.”
Practical effect: This places some responsibility of consumers to acknowledge that organizations will disclose their data; however, this more so places responsibility on organizations to only collect, use, or disclose personal data within the context in which consumers had provided that data. This theoretically limits the ability to organizations to disclose personal data in unreasonable ways.
3. Security. “Consumers have a right to secure and responsible handing of personal data.”
Practical effect: This places pressure on organizations to treat personal data with special care. For example, if an online retailer receives your credit card information, the consumer has the right to expect that retailer will handle his personal data securely and responsibly. This may encourage more organizations to practice enhanced safeguarding practices. Theoretically, this will prevent personal data from being discarded carelessly.
4. Access and Accuracy. “Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.”
Practical effect: This right encourages organizations to consider their current practices in regards to a consumers’ ability to access or correct existing personal data. Some organizations do not allow this and thus are pressured to implement a new policy, which provide additional access to consumers of their own personal data.
5. Focused Collection. “Consumers have a right to reasonable limits on the personal data that companies collect and retain.”
Practical effect: Ideally, organizations will only seek necessary data for transactional purposes and will eventually discard the personal data carefully after a given length of time; however this has not been the case. This right places pressure on organizations to create policies in which the data collected is limited and that data cannot be store for indefinite periods of time.
6. Accountability. “Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.”
Overall, these rights place a (much needed) emphasis on the role of online organizations to create ‘consumer-centric’ policies concerning personal data and ensure privacy concerns are adequately acknowledged. Nevertheless, it is up to the consumers to ensure they engage with the privacy policies of online organizations and become actively involved in protecting the information they release over the internet.
More information is available at:
White House Press Release, “We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill or Rights” to Protect Consumers Online, (Feb. 23, 2012).
Consumer Bill of Rights, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” (Feb, 2012).