The Department of Commerce has unveiled its recommendations for improving online privacy practices, and has called for a privacy bill of rights that would help regulate the way personal data is used.
The report marks a departure from the laissez-faire policy that has dominated the way government regulators have approached the Internet. Previous privacy efforts had focused largely on government, rather than private entities.
Earlier this month the Federal Trade Commission issued its own report, backing the passage of Do Not Track legislation.
The Commerce Department outlines four other basic recommendations in its 88-page report.
First is developing enforceable privacy codes of conduct and creating a privacy office within the department of Commerce. A privacy office, the report says, could develop a set of codes of conduct, which could then be enforced through Federal Trade Commission rules.
In this respect the approach bears some similarity to that of Canada, which has an Office of Privacy charged with protecting the privacy rights of individuals. That office reports to parliament.
Second is encouraging global interoperability, which means bringing U.S. laws and rules in closer harmony with those of the rest of the world. Differences in form and substance between U.S. and other national privacy laws make it increasingly complicated for companies to provide goods and services in global markets, the report says.
Third, the report recommends establishing federal standards for security breach notification rules. Several states have laws in place, but the differences between them are a cost to business. A comprehensive national approach to commercial data breach would provide clarity to individuals regarding the protection of their information throughout the United States, streamline industry compliance, and allow businesses to develop a strong, nationwide data management strategy, the report says.
Fourth, the report says a review of the Electronic Communications Privacy Act is necessary to update it, as more data is stored in the cloud - on the distributed networks of the Internet. The original EPCA assumed information was stored on discrete networks.
One issue the report raises is that consumers need to be able to trust that their information is safe. One part of the bill of rights concept is called Fair Information Practice Principles, which means that people should be told clearly and concisely what data is being gathered and how it is being used.
Google, which has come under increasing scrutiny for its privacy practices, expressed cautious support in its public policy blog. The post, written by the company's director of public policy Pablo Chavez, says, We strongly support the Commerce Department engaging more actively internationally including the creation of a global framework for privacy to better address international data flows.
In the post, Chavez adds that Google supports updating the ECPA, which it notes dates to 1986. We're on board with that, since the outdated law simply has not kept pace with evolving technologies.