March 2, 2015
The Obama administration has proposed new legislation, the Consumer Privacy Bill of Rights Act that intends to fill in the gaps between current federal laws such as the Fair Credit Reporting Act and the Video Privacy Protection Act to provide consumers with added control over how companies use the personal data they collect about individuals. However, some privacy advocates are already arguing that the proposed legislation does not go far enough and provides too much control to companies.
The proposed bill “applies common-sense protections to personal data collected online or offline, regardless of how data is shared,” explained the Obama administration on Friday, “and promotes responsible practices that can maximize the benefits of data analysis while taking important steps to minimize risks.”
“The proposal, at its core, calls on industries to develop their own codes of conduct on the handling of consumer information,” reports The New York Times. “It also charges the Federal Trade Commission with making sure those codes of conduct satisfy certain requirements — like providing consumers with clear notices about how their personal details will be collected, used and shared.”
The proposal requires congressional sponsorship to be officially introduced, although it could face an uphill battle with a Republican Congress. In addition, some legislators and privacy scholars claim the proposal does not provide consumers with clear rights regarding who collects the info and how it is used.
“Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally enforceable rules that companies must abide by and consumers can rely upon,” suggested Senator Edward J. Markey, a Massachusetts Democrat who has been investigating data brokers.
“A few privacy law scholars said that the draft bill could undermine protections consumers already had,” notes NYT. “If enacted as currently written, for instance, it could pre-empt stronger laws in a few states that require companies to obtain consumers’ explicit consent before collecting unique biometric information like fingerprints or facial scans.”