The Commerce Department Weighs In On Privacy
I guess it was inevitable. The FTC released their report a few weeks ago and this was the Commerce Departments opposing viewpoint. In summary, they noted that consumer were losing trust in online commerce providers and that their main objective was to address this issue while preserving innovation. This is always the excuse companies use when being threatened by ANY law or regulation. It goes as far back as the late 1950′s when car companies claimed that if they were forced to put seat belts in their cars, innovation in the automotive industry would stop.
The basic problem is that regulation causes increased costs. Costs to implement, costs to regulate and costs to litigate violations. And as consumers those costs get passed on to us so we don’t want them either. So what did the Commerce Department propose?
1. Enhance Consumer Trust Online Through Recognition of Revitalized Fair Information Practice Principles (FIPPs).
In other words, publish better guidelines and ask companies to abide by them. Several companies in the study argued that this is what they already do today and that it is working well. But we know this isn’t totally true or there would be no discussion going on. Clearly, improved guidelines and policy transparency could help.
2. Encourage the development of voluntary, enforceable privacy codes of conduct in specific industries through the collaborative efforts of multi-stakeholder groups, the Federal Trade Commission, and a Privacy Policy Office within the Department of Commerce.
I had to read this section several times. Only in a government agency could you promote a ‘voluntary’ effort that was ‘enforceable.’ Doesn’t the word ‘voluntary’ mean that you can’t require someone to comply? In this case, no. the report is suggesting that guidelines will be established and they will leave it up to you to follow them but if you don’t, they reserve the right to come after you. I can just see some semantically-obsessed lawyers fighting this one out in court.
3. Encourage Global Interoperability.
I suppose this is consistent with our other policies of trying to lead the world in regulation. I am not sure how well it will work when they ask China and Russia if they wouldn’t mind following our privacy guidelines. This is an admirable goal, but don’t look for results any time soon. It is a critical issue since so much commerce does span borders, but I don’t expect that the world will take our lead at this time.
4. Ensure Nationally Consistent Security Breach Notification Rules.
This seems pointless on the surface but it is actually the most significant item on the list. The first three talk about setting guidelines and trying to get people to follow them and even taking those guidelines international. But in my mind, the biggest problems consumers face is that they don’t understand the complexities of the industry and they cannot do much about it. The key word in this objective is ‘Consistent.’ Consistency can mean a simplified approach to privacy policies, enforcement of guidelines and challenge of same. Consistency helps privacy protection span borders (state and local as well as international) and leads us down the path of all consumers having the same rights of privacy protection and enforcement. It lessens the effort that it takes to provide transparency and more easily exposes offenders.
Success in personal privacy management lies in providing the consumer with the power and control needed for self-protection. Openness and consistency are the keys to making that goal attainable. it will be interesting to see how both organizations (FTC and Commerce Department) mature their proposals into actionable policy.
