The Commerce Department should have its own privacy office and develop voluntary, enforceable codes of conduct for data companies and advertisers that track people on the Internet, said a report by the department's Internet Policy Task Force.
The report issued on Thursday arrives as people express more concern about the ability that companies have to collect data on Internet users' personal Web habits and sell it to advertisers.
Commerce Secretary Gary Locke argued on Thursday that consumer distrust of the Internet could undermine people's use of the technology. Self-regulation without stronger enforcement is not enough, he said.
The report urged development of a privacy bill of rights to give Internet users more information about what data companies collect and how they use it. It also called for urgent steps to address privacy issues related to moving data to the cloud, powerful servers owned by private companies.
The idea of opening a Commerce Department privacy office, which officials said was underway, came under fire from the privacy group Consumer Watchdog, which said the office may not have enough of a consumer focus.
Privacy expert Peter Swire, a law professor at Ohio State University, applauded the report.
For the past decade, the executive branch has lacked a visible leader on Internet privacy. The many changes in the Internet and commercial practices in the past decade mean it is high time to have this sort of leadership position, he said.
Google said in a statement that it supported the Commerce Department's approach, and looked forward to working with the administration.
Senator John Rockefeller, chairman of the Commerce Committee, which has held hearings on privacy, said he believed that legislation was also needed to protect consumers.
The Federal Trade Commission, which put out its own privacy report earlier this month, would enforce the codes of conduct, officials said.
The FTC has called for the development of a do-not-track option for consumers skeptical of allowing companies to collect and perhaps sell their personal data.
The report did not endorse that approach, or criticize it. We think the goals behind do-not-track are very important, said Daniel Weitzner, an official at the Commerce Department's National Telecommunications and Information Administration.
Weitzner also said the department recommended strong consideration of strong security breach notification.
We think it's time for a strong national standard, he said.
The Commerce Department is seeking public comment on the report by late January.
(Reporting by Diane Bartz. Editing by Tim Dobbyn and Robert MacMillan)