Consumer’s Bill Of Rights As A Road Map For Future Legislation By Obama

In February 2015, President Obama announced the release of the Consumer Privacy Bill of Rights Act’s draft. The draft offers more comprehensive legislations that will help protect the rights of U.S. consumers better than the existing legislations do. Presently, the existing laws regulate privacy on sectorial basis such as financial privacy laws, health privacy legislations, and children’s privacy legislations among others. Each of these sector laws has a different definition of the protected data as well as the different protection types required (House, 2015). The 24-page proposed consumer protection bill is designed to codify the already established privacy principles. Additionally, the bill initiates new concepts that are anticipated to offer flexibility as well as help in keeping pace with the ever-changing technologies and business practices.

Read also What is a Bill of Rights? What is an Amendment? How are thy Different? 

The United States remains to be one of two developed countries that do not have personal data privacy protections (Computer and Internet Lawyer, 2012). Instead, the U.S. has a number of sector-specific laws that are only applicable to relatively narrow classes of personal information, and it also has general-purpose consumer protection laws, which are enforced by the Federal Trade Commission that does not map perfectly into privacy rights (Schwartz, 2012). Since 2012, when Obama administration put forth the consumer’s bill of rights as a road map for future legislation, the administration has continued to provide leadership on the consumer privacy issue (House, 2012).

Under the existing legislation, consumers are apprehensive about how sellers collect and use their personal information and with the ever-developing technologies; consumers have a prevalent sense that majority of those sellers have lost control of their privacy (Larose & Day, 2015).  In line with this, Obama administration’s legislative proposal has tried to address this issue.  Although the bill, just like the existing one has a number of significant flaws, it seems acknowledge this and explicitly labels this section of the bill as a discussion draft.  Several elements of this section will need to be modified if the proposed bill will offer consumers comprehensive privacy protection (Allocca, 2015). As a part of my analysis, I have compiled a number of current legislatives, their provisions and their proposed changes.

Read also Bill of Rights, Fourth Amendment Is the Most Significant – A Personal Analysis

The bill’s fundamental protections follow in the footsteps of the Fair Information Practice Principles. The core of the bill and one of its best feature is that the bill’s rations are deep-rooted on the Fair Information Practice Principle’ notions. The bill Focused Collection, demands Transparency, Access, Respect for Context, Accountability, Individual Control, security, Responsible Use, and Accuracy (Kang, 2010). However, a good number of the bill’s protections are founded on the harm of risk. Majority of the bill’s FIPPs-based protections are only applicable in proportion to the possessed data’s privacy risk(Schwartz, 2012).  The bill’s definition of privacy risk is rather narrow as, “The potential that data could “cause emotional distress, or physical, financial, professional or other harm to an individual” (House, 2015).  This is a notable shift from the other privacy legislations’ rights-based formulation.

Furthermore, the bill exempts several business records from numerous fundamental protections. Just like personal data, which does not pose a privacy harm risk, a good number of business records are similarly exempted from given protections including data minimization as well as individual control (Allocca, 2015). Certainly, majority of data records should be immune from individual control; nonetheless, the bill’s exceptions categories are exceedingly broad (Landau, 2015). . This is a shift from the existing legislations that have a little less broad exception categories.

The bill relates correspondingly to both companies and non-profits. Under the existing legislation, the Federal Trade Commission is only given the power to handle cases that relate to for-profit commercial firms (Landau, 2015). The new bill however expandsprivacy requirements substance as well as the range of organizations to which those requirements may be applicable. This means that under the proposed bill, CDT may start being subjected to extensive privacy requirements (House, 2015).  This is a practical change since non-profits, political campaigns included, are capable of collecting substantial amounts of sensitive personal information.

The proposed bill’s definition of personal information is relatively broader than the traditional definition, which is used in most current legislations. Due to this broad definition, the bill can apply to a wider range of information as compared tothe current sectoral legislations that define personal information as “personally identifiable information (Computer and Internet Lawyer, 2012).  As privacy analysts have documented in the past, consumers have developed an increased interest in pseudonymous identifiers including cookies and device IDs since they can be used to influence user’s experience. Identifiers that cannot belinkedto a particular individual may be realisticallyexcluded from personal information.

The collection of out-of-context data necessitates opt-in consent. This aspect makes the proposed bill rather complicated.  Although consumers are given certain rights in the event that the data poses a privacy risk, in the case of out-of-context data collection, the consumers have to be given a Heightened Transparency and Control over that data (House, 2015).  When data processing is considered unreasonable in the light of context, it is usually hard to analyzesince there is an eleven-factor test for determining “context” (House, 2015).  However, previous privacy bills and legislations, such as the Rush’s Best Practices Act and the Kerry-McCain Commercial Privacy Bill among others, have adopted a much easier approach, which involves opting-out most data’s controls, and opting-in sensitive data controls.  The traditionally applied approachis much more predictable and much easier to apply as compared to the approach used by the new bill.

Privacy policy retrospective revisions no longer require permission. Under the currently existing law, the Federal Trade Commission is responsible for bringingenforcement actions to all firms thatattempted to retroactively modify privacy policies or attempted tomodify the guidelines for data that was previously collected (Larose & Day, 2015). This is justified since one cannot collect consumer’s information and then change the original terms such as not sharing the information with third parties and then modify this rule later on to accommodate third party sharing. Surprisingly, the proposed bill reverses this principle’s course (Landau, 2015).  Under section 102(e) states that if a firm changes its policy, it is only required to inform its customers about the changes in advance and then proposition compensating controls in order to easethe privacy risks that may result from the change (House, 2015).  This shift will result to a weaker law than the existing one, which will be bad for consumer privacy. This provision should therefore be removed from the bill.

The Obama administration is committed to working together with the American people in order to get a strong privacy standard bill that will cover all consumer privacy issues. The proposed bill shows remarkable progress in the achievement of that goal. Although the proposed bill is far from flawless, it is an important aspect of achieving this objective. The President and FTC calling for comprehensive privacy legislation were important steps toward that goal.  And this draft bill is an important step along the way.

Scroll to Top