The Obama Administration asks some important questions about protecting the privacy of U.S. consumers. But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.  The time for questions has long passed.
Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder†process to help develop “enforceable codes of conduct.â€Â If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.   They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.  The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data. The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace. While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.
This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online. The Commerce Department is focused on promoting the interests of industry and business—not consumers. It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.  Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse. We call on the Administration and Congress to address this issue. A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.
The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free†zones. Under the cover of promoting “innovation†and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy). The Obama Administration appears to be promoting a kind of “separate, but equal†framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach. The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.
We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.