A senior Commerce Department official is expected Wednesday to call on Congress to enact baseline privacy legislation that would establish a "consumer privacy bill of rights."
In his written testimony for a Senate Commerce Committee hearing on online consumer privacy, National Telecommunications and Information Administration head Lawrence Strickling said Americans need stronger protections than are provided by the current self-regulatory-based approach.
Strickling said the department came to the conclusion that legislation was needed after reading the comments submitted on a draft privacy report it released in December.
"Having carefully reviewed all stakeholder comments to the Green Paper, the department has concluded that the U.S. consumer data privacy framework will benefit from legislation to establish a clearer set of rules for the road for businesses and consumers, while preserving the innovation and free flow of information that are hallmarks of the Internet," Strickling said in his prepared testimony.
"An overarching set of privacy principles on which consumers and businesses can rely could create a stronger foundation for consumer trust in the Internet by providing this broadly applicable framework."
Strickling said privacy legislation should include three key elements, including a "consumer privacy bill of rights," which would incorporate the Fair Information Practice Principles embraced by many countries. These include providing consumers with notice about the information being collected about them, choice, access to the information, and security to ensure the data is protected.
Commerce embraced the idea of a consumer privacy bill of rights in its December report but called for public input on whether legislation providing baseline privacy protections was needed.
Strickling also said legislation should grant the Federal Trade Commission authority to enforce the bill's baseline protections. Legislation also should provide incentives for industry to develop codes of conduct and other innovative solutions aimed at bolstering consumer privacy. Such incentives could include allowing the FTC to grant a safe harbor to companies that implement approved codes of conduct.
"This statutory framework is designed to be flexible, to keep its requirements well-tailored, and to provide a basis for greater interoperability with other countries' privacy laws," according to Strickling's testimony.
The legislative proposals called for by the department are similar to some of the provisions included in legislation introduced in the House by Rep. Bobby Rush, D-Ill., and in a draft privacy measure being crafted by Senate Commerce Communications Subcommittee Chairman John Kerry, D-Mass.