Consumer Data Privacy in A Networked World: A Framework For Protective Privacy and Promoting Innovation

2011 U. S.
I NTELLECTUAL PROPERTY
ENFORCEMENT COORDI NATOR
ANNUAL REPORT ON
ENFORCEMENT
COVER TI TLE HERE
FEBRUARY 2 01 2
2011 U. S. I NTELLECTUAL PROPERTY
ENFORCEMENT COORDI NATOR
ANNUAL REPORT ON
ENFORCEMENT
CONSUMER DATA PRI VACY
I N A NETWORKED WORLD:
A FRAMEWORK FOR PROTECTI NG
PRI VACY AND PROMOTI NG I NNOVATION
I N THE GLOBAL DIGI TAL ECONOMY
Pebruary 23, 20l2
Amerlcans have always cherlshed our prlvacy. Prom the blrth of our republlc, we assured ourselves protectlon agalnst
unlawful lntruslon lnto our homes and our personal papers. At the same tlme, we set up a postal system to enable
cltlzens all over the new natlon to engage ln commerce and polltlcal dlscourse. Soon after, Congress made lt a crlme
to lnvade the prlvacy of the malls. And later we extended prlvacy protectlons to new modes of communlcatlons
such as the telephone, the computer, and eventually emall.
1ustlce 8randels taught us that prlvacy ls the rlght to be let alone, but we also know that prlvacy ls about much
more than [ust solltude or secrecy. Cltlzens who feel protected from mlsuse of thelr personal lnformatlon feel free
to engage ln commerce, to partlclpate ln the polltlcal process, or to seek needed health care. Thls ls why we have
laws that protect nanclal prlvacy and health prlvacy, and that protect consumers agalnst unfalr and deceptlve
uses of thelr lnformatlon. Thls ls why the Supreme Court has protected anonymous polltlcal speech, the same rlght
exerclsed by the pamphleteers of the early Pepubllc and todays bloggers.
Never has prlvacy been more lmportant than today, ln the age of the |nternet, the world wlde web and smart phones.
|n [ust the last decade, the |nternet has enabled a renewal of dlrect polltlcal engagement by cltlzens around the
globe and an exploslon of commerce and lnnovatlon creatlng [obs of the future. Much of thls lnnovatlon ls enabled
by novel uses of personal lnformatlon. So, lt ls lncumbent on us to do what we have done throughout hlstory: apply
our tlmeless prlvacy values to the new technologles and clrcumstances of our tlmes.
| am pleased to present thls new Consumer Prlvacy 8lll of Plghts as a blueprlnt for prlvacy ln the lnformatlon age.
These rlghts glve consumers clear guldance on what they should expect from those who handle thelr personal
lnformatlon, and set expectatlons for companles that use personal data. | call on these companles to begln lmmedl-
ately worklng wlth prlvacy advocates, consumer protectlon enforcement agencles, and others to lmplement these
prlnclples ln enforceable codes of conduct. My Admlnlstratlon wlll work to advance these prlnclples and work wlth
Congress to put them lnto law. wlth thls Consumer Prlvacy 8lll of Plghts, we oner to the world a dynamlc model of
how to oner strong prlvacy protectlon and enable ongolng lnnovatlon ln new lnformatlon technologles.
One thlng should be clear, even though we llve ln a world ln whlch we share personal lnformatlon more freely than ln
the past, we must re[ect the concluslon that prlvacy ls an outmoded value. |t has been at the heart of our democracy
from lts lnceptlon, and we need lt now more than ever.
THE WHITE HOUSE
WASHINGTON
l + +
Foreword
Trust ls essentlal to malntalnlng the soclal and economlc benets that networked technologles brlng to
the Unlted States and the rest of the world. wlth the condence that companles wlll handle lnformatlon
about them falrly and responslbly, consumers have turned to the |nternet to express thelr creatlvlty,
[oln polltlcal movements, form and malntaln frlendshlps, and engage ln commerce. The |nternets
global connectlvlty means that a slngle lnnovators ldea can grow rapldly lnto a product or servlce that
becomes a dally necesslty for hundreds of mllllons of consumers. Amerlcan companles lead the way ln
provldlng these technologles, and the Unlted States benets through [ob creatlon and economlc growth
as a result. Our contlnulng leadershlp ln thls area depends on Amerlcan companles ablllty to earn and
malntaln the trust of consumers ln a global marketplace.
Prlvacy protectlons are crltlcal to malntalnlng consumer trust ln networked technologles. when con-
sumers provlde lnformatlon about themselveswhether lt ls ln the context of an onllne soclal network
that ls open to publlc vlew or a transactlon lnvolvlng sensltlve personal datathey reasonably expect
companles to use thls lnformatlon ln ways that are conslstent wlth the surroundlng context. Many
companles llve up to these expectatlons, but some do not. Nelther consumers nor companles have a
clear set of ground rules to apply ln the commerclal arena. As a result, lt ls dlmcult today for consumers
to assess whether a companys prlvacy practlces warrant thelr trust.
The consumer data prlvacy framework ln the Unlted States ls, ln fact, strong. Thls framework rests on
fundamental prlvacy values, nexlble and adaptable common law protectlons and consumer protectlon
statutes, Pederal Trade Commlsslon (PTC) enforcement, and pollcy development that lnvolves a broad
array of stakeholders. Thls framework has encouraged not only soclal and economlc lnnovatlons based
on the |nternet but also vlbrant dlscusslons of how to protect prlvacy ln a networked soclety lnvolvlng
clvll soclety, lndustry, academla, and the government. The current framework, however, lacks two ele-
ments: a clear statement of baslc prlvacy prlnclples that apply to the commerclal world, and a sustalned
commltment of all stakeholders to address consumer data prlvacy lssues as they arlse from advances
ln technologles and buslness models.
To address these lssues, the Admlnlstratlon oners Consumer Data Privacy in a Networked World. At the
center of thls framework ls a Consumer Prlvacy 8lll of Plghts, whlch embraces prlvacy prlnclples recog-
nlzed throughout the world and adapts them to the dynamlc envlronment of the commerclal |nternet.
The Admlnlstratlon has called for Congress to pass leglslatlon that applles the Consumer Prlvacy 8lll
of Plghts to commerclal sectors that are not sub[ect to exlstlng Pederal data prlvacy laws. The Pederal
Government wlll play a role ln convenlng dlscusslons among stakeholderscompanles, prlvacy and
consumer advocates, lnternatlonal partners, State Attorneys General, Pederal crlmlnal and clvll law
enforcement representatlves, and academlcswho wlll then develop codes of conduct that lmple-
ment the Consumer Prlvacy 8lll of Plghts. Such practlces, when publlcly and amrmatlvely adopted by
companles sub[ect to Pederal Trade Commlsslon [urlsdlctlon, wlll be legally enforceable by the PTC. The
Unlted States wlll engage wlth our lnternatlonal partners to create greater lnteroperablllty among our
CONSUMER DATA PRI VACY I N A NETWORKED WORLD: A FRAMEWORK FOR PROTECTI NG
PRI VACY AND PROMOTI NG I NNOVATI ON I N THE GLOBAL DI GI TAL ECONOMY
ll + +
respectlve prlvacy frameworks. Thls wlll provlde more conslstent protectlons for consumers and lower
compllance burdens for companles.
Of course, thls framework ls [ust a beglnnlng. Startlng now, the Admlnlstratlon wlll work wlth and
encourage stakeholders, lncludlng the prlvate sector, to lmplement the Consumer Prlvacy 8lll of Plghts.
The Admlnlstratlon wlll also work wlth Congress to wrlte these nexlble, general prlnclples lnto law.
The Admlnlstratlon ls ready to do lts part as a convener to achleve prlvacy protectlons that preserve
consumer trust and promote lnnovatlon.
lll + +
Table of Contents
Lxecutlve Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
|. |ntroductlon: 8ulldlng on the Strength of the U.S. Consumer Data Prlvacy Pramework . . . . 5
||. Denlng a Consumer Prlvacy 8lll of Plghts . . . . . . . . . . . . . . . . . . . . . 9
|||. |mplementlng the Consumer Prlvacy 8lll of Plghts: Multlstakeholder Processes to
Develop Lnforceable Codes of Conduct . . . . . . . . . . . . . . . . . . . . . 23
A. 8ulldlng on the Successes of |nternet Pollcymaklng . . . . . . . . . . . . . . . 25
8. Denlng the Multlstakeholder Process for Consumer Data Prlvacy . . . . . . . . . 26
|||. 8ulldlng on the PTCs Lnforcement Lxpertlse. . . . . . . . . . . . . . . . . . . . 29
A. Protectlng Consumers Through Strong Lnforcement . . . . . . . . . . . . . . . 29
8. Provldlng |ncentlves to Develop Lnforceable Codes of Conduct . . . . . . . . . . 29
|||. Promotlng |nternatlonal |nteroperablllty . . . . . . . . . . . . . . . . . . . . . 31
A. Mutual Pecognltlon. . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8. An |nternatlonal Pole for Multlstakeholder Processes and Codes of Conduct . . . . . 33
C. Lnforcement Cooperatlon . . . . . . . . . . . . . . . . . . . . . . . . . 33
|v. Lnactlng Consumer Data Prlvacy Leglslatlon. . . . . . . . . . . . . . . . . . . . 35
A. Codlfy the Consumer Prlvacy 8lll of Plghts . . . . . . . . . . . . . . . . . . . 35
8. Grant the PTC Dlrect Lnforcement Authorlty . . . . . . . . . . . . . . . . . . 36
C. Provlde Legal Certalnty Through an Lnforcement Safe Harbor . . . . . . . . . . . 37
D. 8alance Pederal and State Poles ln Consumer Data Prlvacy Protectlon . . . . . . . . 37
L. Preserve Lnectlve Protectlons ln Lxlstlng Pederal Data Prlvacy Laws . . . . . . . . . 38
P. Set a Natlonal Standard for Securlty 8reach Notlcatlon . . . . . . . . . . . . . 39
v||. Pederal Government Leadershlp ln |mprovlng |ndlvldual Prlvacy Protectlons . . . . . . . 41
A. Lnabllng New Servlces . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8. Protectlng Prlvacy Through Lnectlve Lnforcement . . . . . . . . . . . . . . . . 42
C. Guldance for Protectlng Prlvacy . . . . . . . . . . . . . . . . . . . . . . . 43
D. |ntegratlng Prlvacy |nto the Structure of Pederal Agencles . . . . . . . . . . . . . 44
lv + +
v|||. Concluslon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
|X. Appendlx A: The Consumer Prlvacy 8lll of Plghts . . . . . . . . . . . . . . . . . . 47
X. Appendlx 8: Comparlson of the Consumer Prlvacy 8lll of Plghts to Other Statements of the
Palr |nformatlon Practlce Prlnclples (P|PPs). . . . . . . . . . . . . . . . . . . . . 49
l + +
Executive Summary
Strong consumer data prlvacy protectlons are essentlal to malntalnlng consumers trust ln the tech-
nologles and companles that drlve the dlgltal economy. The exlstlng framework ln the Unlted States
enectlvely addresses some prlvacy lssues ln our lncreaslngly networked soclety, but addltlonal protec-
tlons are necessary to preserve consumer trust. The framework set forth ln thls document wlll provlde
these protectlons whlle promotlng lnnovatlon.
The Admlnlstratlons framework conslsts of four key elements: A Consumer Prlvacy 8lll of Plghts, a
multlstakeholder process to speclfy how the prlnclples ln the Consumer Prlvacy 8lll of Plghts apply ln
partlcular buslness contexts, enectlve enforcement, and a commltment to lncrease lnteroperablllty wlth
the prlvacy frameworks of our lnternatlonal partners.
r A Consumer Privacy Bill of Rights
Thls document sets forth a Consumer Prlvacy 8lll of Plghts that, ln the Admlnlstratlons vlew,
provldes a basellne of clear protectlons for consumers and greater certalnty for companles. The
Admlnlstratlon wlll encourage stakeholders to lmplement the Consumer Prlvacy 8lll of Plghts
through codes of conduct and wlll work wlth Congress to enact these rlghts through leglslatlon.
The Consumer Prlvacy 8lll of Plghts applles comprehenslve, globally recognlzed Palr |nformatlon
Practlce Prlnclples (P|PPs) to the lnteractlve and hlghly lnterconnected envlronment ln whlch
we llve and work today. Speclcally, lt provldes for:
|ndlvldual Control: Consumers have a rlght to exerclse control over what personal data
companles collect from them and how they use lt.
Transparency: Consumers have a rlght to easlly understandable and accesslble lnformatlon
about prlvacy and securlty practlces.
Pespect for Context: Consumers have a rlght to expect that companles wlll collect, use, and
dlsclose personal data ln ways that are conslstent wlth the context ln whlch consumers
provlde the data.
Securlty: Consumers have a rlght to secure and responslble handllng of personal data.
Access and Accuracy: Consumers have a rlght to access and correct personal data ln usable
formats, ln a manner that ls approprlate to the sensltlvlty of the data and the rlsk of adverse
consequences to consumers lf the data ls lnaccurate.
Pocused Collectlon: Consumers have a rlght to reasonable llmlts on the personal data that
companles collect and retaln.
Accountablllty: Consumers have a rlght to have personal data handled by companles wlth
approprlate measures ln place to assure they adhere to the Consumer Prlvacy 8lll of Plghts.
2 + +
The Consumer Prlvacy 8lll of Plghts provldes general prlnclples that anord companles dlscre-
tlon ln how they lmplement them. Thls nexlblllty wlll help promote lnnovatlon. Plexlblllty wlll
also encourage enectlve prlvacy protectlons by allowlng companles, lnformed by lnput from
consumers and other stakeholders, to address the prlvacy lssues that are llkely to be most
lmportant to thelr customers and users, rather than requlrlng companles to adhere to a slngle,
rlgld set of requlrements.
Lnactlng the Consumer Prlvacy 8lll of Plghts through Pederal leglslatlon would lncrease legal
certalnty for companles, strengthen consumer trust, and bolster the Unlted States ablllty to
lead consumer data prlvacy engagements wlth our lnternatlonal partners. Lven lf Congress
does not pass leglslatlon, the Consumer Prlvacy 8lll of Plghts wlll serve as a template for prlvacy
protectlons that lncrease consumer trust on the |nternet and promote lnnovatlon.
r Fostering Multistakeholder Processes to Develop Enforceable Codes of Conduct
The Admlnlstratlons framework outllnes a multlstakeholder process to produce enforceable
codes of conduct that lmplement the Consumer Prlvacy 8lll of Plghts. The Admlnlstratlon wlll
convene open, transparent forums ln whlch stakeholders who share an lnterest ln speclc
markets or buslness contexts wlll work toward consensus on approprlate, legally enforceable
codes of conduct. Prlvate sector partlclpatlon wlll be voluntary and companles ultlmately wlll
choose whether to adopt a glven code of conduct. The partlclpatlon of a broad group of stake-
holders, lncludlng consumer groups and prlvacy advocates, wlll help to ensure that codes of
conduct lead to prlvacy solutlons that consumers can easlly use and understand. A slngle code
of conduct for a glven market or buslness context wlll provlde consumers wlth more conslstent
prlvacy protectlons than ls common today, when prlvacy practlces and the lnformatlon that
consumers recelve about them varles slgnlcantly from company to company.
r Strengthening FTC Enforcement
PTC enforcement ls crltlcal to ensurlng that companles are accountable for adherlng to thelr
prlvacy commltments. Lnforcement ls also crltlcal to ensurlng that responslble companles are
not dlsadvantaged by competltors who would play by dlnerent rules. As part of consumer
data prlvacy leglslatlon, the Admlnlstratlon encourages Congress to provlde the PTC (and State
Attorneys General) wlth speclc authorlty to enforce the Consumer Prlvacy 8lll of Plghts.
r Improving Global Interoperability
The Admlnlstratlons framework embraces the goal of lncreased lnternatlonal lnteroperablllty
as a means to provlde conslstent, low-barrler rules for personal data ln the user-drlven and
decentrallzed |nternet envlronment. The two prlnclples that underlle our approach to lnteroper-
ablllty are mutual recognltlon and enforcement cooperatlon. Mutual recognltlon depends on
enectlve enforcement and well-dened accountablllty mechanlsms. Multlstakeholder processes
can provlde scalable, nexlble means of developlng codes of conduct that slmpllfy companles
compllance obllgatlons. Lnforcement cooperatlon helps to ensure that countrles are able to
protect thelr cltlzens rlghts when personal data crosses natlonal boundarles. These approaches
EXECUTI VE SUMMARY
3 + +
wlll gulde Unlted States enorts to clarlfy data protectlons globally whlle ensurlng the nexlblllty
that ls crltlcal to lnnovatlon ln the commerclal world.
The Admlnlstratlon wlll lmplement thls framework wlthout delay. |n the comlng months, the Department
of Commerce wlll work wlth other Pederal agencles to convene stakeholders, lncludlng our lnternatlonal
partners, to develop enforceable codes of conduct that bulld on the Consumer Prlvacy 8lll of Plghts.
5 + +
I. Introduction: Building on the Strength of
the U.S. Consumer Data Privacy Framework
The |nternet ls lntegral to economlc and soclal llfe ln the Unlted States and throughout the world.
Networked technologles oner lndlvlduals nearly llmltless ways to express themselves, form soclal
connectlons, transact buslness, and organlze polltlcally. Networked technologles also spur lnnovatlon,
enable new buslness models, and facllltate consumers and companles access to lnformatlon, products,
and servlces markets across the world.
An abundance of data, lnexpenslve processlng power, and lncreaslngly sophlstlcated analytlcal tech-
nlques drlve lnnovatlon ln our lncreaslngly networked soclety. Polltlcal organlzatlons and candldates
for publlc omce bulld powerful campalgns on data that lndlvlduals share about themselves and thelr
polltlcal preferences. Data from soclal networks allows [ournallsts and lndlvlduals to report and follow
newsworthy events around the world as they unfold. Data plays a key role ln the ablllty of government
to stop ldentlty thleves and protect publlc safety. Pesearchers use sets of medlcal data to ldentlfy publlc
health lssues and probe the causes of human dlseases. Network operators use data from communlca-
tlons networks to ldentlfy events ranglng from a severed ber optlc cable to power outages and the
acts of mallclous lntruders. |n addltlon, personal data fuels an advertlslng marketplace that brlngs many
onllne servlces and sources of content to consumers for free.
Strengthenlng consumer data prlvacy protectlons ln the Unlted States ls an lmportant Admlnlstratlon
prlorlty.' Amerlcans value prlvacy and expect protectlon from lntruslons by both prlvate and govern-
mental actors. Strong prlvacy protectlons also are crltlcal to sustalnlng the trust that nurtures |nternet
commerce and fuels lnnovatlon. Trust means the companles and technlcal systems on whlch we depend
meet our expectatlons for prlvacy, securlty, and rellablllty. |n addltlon, Unlted States leadershlp ln
consumer data prlvacy can help establlsh more nexlble, lnnovatlon-enhanclng prlvacy models among
our lnternatlonal partners.`
l. Thls framework ls concerned solely wlth how prlvate-sector entltles handle personal data ln commerclal
settlngs. A separate set of constltutlonal and statutory protectlons apply to the governments access to data that ls ln the
possesslon of prlvate partles. |n addltlon, the Prlvacy Act of l974, Pub. L. No. 93-579 (5 U.S.C. 552a), and lmplementlng
guldance from the Omce of Management and 8udget, available at http://www.whltehouse.gov/omb/prlvacy_general,
govern the Pederal governments handllng of personally ldentlable lnformatlon. 8oth of these areas are beyond the
scope of thls document.
2. Throughout thls document, company means any organlzatlon, corporatlon, trust, partnershlp, sole
proprletorshlp, unlncorporated assoclatlon, or venture establlshed to make a prot, or nonprot entlty, that collects,
uses, dlscloses, stores, or transfers personal data ln lnterstate commerce, to the extent such organlzatlons are not sub[ect
to exlstlng Pederal data prlvacy laws.
3. See, e.g., Pemarks of Secretary of State Hlllary Podham Cllnton, Pelease of Admlnlstratlons |nternatlonal Strategy
for Cyberspace (May 20ll) (Many of you representlng the governments of other countrles, as well as the prlvate sector
or foundatlons or clvll soclety groups, share our commltment to ensurlng that the |nternet remalns open, secure, free,
not only for the 2 bllllon people who are now oMlne, but for the bllllons more who wlll be onllne ln the years ahead.).
6 + +
Preservlng trust ln the |nternet economy protects and enhances substantlal economlc actlvlty." Onllne
retall sales ln the Unlted States total $l45 bllllon annually.' New uses of personal data ln locatlon
servlces, protected by approprlate prlvacy and securlty safeguards, could create lmportant buslness
opportunltles." Moreover, the Unlted States ls a world leader ln exportlng cloud computlng, locatlon-
based servlces, and other lnnovatlve servlces. To preserve these economlc benets, consumers must
contlnue to trust networked technologles. Strengthenlng consumer data prlvacy protectlons wlll help
to achleve thls goal.
Preservlng trust also ls necessary to reallze the full soclal and cultural benets of networked technolo-
gles. when companles use personal data ln ways that are lnconslstent wlth the clrcumstances under
whlch consumers dlsclosed the data, however, they may undermlne trust. Por example, lndlvlduals who
actlvely share lnformatlon wlth thelr frlends, famlly, colleagues, and the general publlc through websltes
and onllne soclal networklng sltes may not be aware of the ways those servlces, thlrd partles, and thelr
own assoclates may use lnformatlon about them. Unauthorlzed dlsclosure of sensltlve lnformatlon can
vlolate lndlvldual rlghts, cause ln[ury or dlscrlmlnatlon based on sensltlve personal attrlbutes, lead to
actlons and declslons taken ln response to mlsleadlng or lnaccurate lnformatlon, and contrlbute to costly
and potentlally llfe-dlsruptlng ldentlty theft. Protectlng Amerlcans prlvacy by preventlng ldentlty theft
and prosecutlng ldentlty thleves ls an lmportant focus for the Admlnlstratlon.
The exlstlng consumer data prlvacy framework ln the Unlted States ls nexlble and enectlvely addresses
some consumer data prlvacy challenges ln the dlgltal age. Thls framework conslsts of lndustry best
practlces, PTC enforcement, and a network of chlef prlvacy omcers and other prlvacy professlonals
who develop prlvacy practlces that adapt to changes ln technology and buslness models and create
a growlng culture of prlvacy awareness wlthln companles. Much of the personal data used on the
|nternet, however, ls not sub[ect to comprehenslve Pederal statutory protectlon, because most Pederal
data prlvacy statutes apply only to speclc sectors, such as healthcare, educatlon, communlcatlons,
and nanclal servlces or, ln the case of onllne data collectlon, to chlldren. The Admlnlstratlon belleves
that lllng gaps ln the exlstlng framework wlll promote more conslstent responses to prlvacy concerns
across the wlde range of envlronments ln whlch lndlvlduals have access to networked technologles and
ln whlch a broad array of companles collect and use personal data. The Admlnlstratlon, however, does
not recommend modlfylng the exlstlng Pederal statutes that apply to speclc sectors unless they set
lnconslstent standards for related technologles. |nstead, the Admlnlstratlon supports leglslatlon that
would supplement the exlstlng framework and extend basellne protectlons to the sectors that exlstlng
Pederal statutes do not cover.
4. Presldent 8arack Obama, International Strategy for Cyberspace, at 8, May 20ll,
http://www.whltehouse.gov/sltes/default/les/rss_vlewer/lnternatlonal_strategy_for_cyberspace.pdf.
5. U.S. Census 8ureau, E-Stats, May 26, 20ll, http://www.census.gov/econ/estats/2009/2009reportnal.pdf, at l.
6. McKlnsey Global |nstltute, Big Data: The Next Frontier for Innovation, Competition, and Productivity, at 94-95, May
20ll, http://www.mcklnsey.com/mgl/publlcatlons/blg_data/pdfs/MG|_blg_data_full_report.pdf. The Natlonal |nstltute
of Standards and Technology (N|ST) has ldentled ve essentlal characterlstlcs of cloud computlng: on-demand self-
servlce, broad network access, resource poollng, rapld elastlclty, and measured servlce. Peter Mell and Tlm Gance, The
N|ST Denltlon of Cloud Computlng, verslon l5, Oct. 7, 2009,
http://csrc.nlst.gov/groups/SNS/cloud-computlng/cloud-def-vl5.doc.
7. Pecently, ldentlty theft alone was estlmated to cause economlc losses of more than $l5 bllllon ln a slngle year.
Ped. Trade Commn, 2006 |dentlty Theft Survey Peport (2007), available at
http://www.ftc.gov/os/2007/ll/SynovatePlnalPeport|DTheft2006.pdf.
I. INTRODUCTION: BUILDING ON THE STRENGTH OF THE U.S. CONSUMER DATA PRIVACY FRAMEWORK
7 + +
The comprehenslve consumer data prlvacy framework set forth here wlll provlde clearer protectlons
for consumers. |t wlll also provlde greater certalnty for companles whlle promotlng lnnovatlon and
mlnlmlzlng compllance costs (conslstent wlth the goals of Lxecutlve Order l3563, |mprovlng Pegulatlon
and Pegulatory Pevlew). The framework provldes consumers who want to understand and control
how personal data nows ln the dlgltal economy wlth better tools to do so. The proposal ensures that
companles strlvlng to meet consumers expectatlons have more enectlve ways of engaglng consumers
and pollcymakers. Thls wlll help companles to determlne whlch personal data practlces consumers nd
unob[ectlonable and whlch ones they nd lnvaslve. Plnally, the Admlnlstratlons consumer data prlvacy
framework lmproves our global competltlveness by promotlng lnternatlonal pollcy frameworks that
renect how consumers and companles actually use networked technologles.
As a world leader ln |nternet lnnovatlon, the Unlted States has both the responslblllty and lncentlve to
help establlsh forward-looklng prlvacy pollcy models that foster lnnovatlon and preserve baslc prlvacy
rlghts. The Admlnlstratlons framework for consumer data prlvacy oners a path toward achlevlng these
goals. |t ls based on the followlng key elements:
r A Consumer Privacy Bill of Rights, settlng forth lndlvldual rlghts and correspondlng obllga-
tlons of companles ln connectlon wlth personal data. These consumer rlghts are based on
U.S.-developed and globally recognlzed Palr |nformatlon Practlce Prlnclples (P|PPs), artlculated
ln terms that apply to the dynamlc envlronment of the |nternet age,
r Enforceable codes of conduct, developed through multistakeholder processes, to form
the basls for speclfylng what the Consumer Prlvacy 8lll of Plghts requlres ln partlcular buslness
contexts,
r Pederal Trade Commlsslon (PTC) enforcement of consumers data prlvacy rlghts through lts
authorlty to prohlblt unfalr or deceptlve acts or practlces, and
r |ncreaslng global interoperability between the U.S. consumer data prlvacy framework and
other countrles frameworks, through mutual recognltlon, the development of codes of conduct
through multlstakeholder processes, and enforcement cooperatlon can reduce barrlers to the
now of lnformatlon.
Consumer Data Privacy in a Networked World bullds on the recommendatlons of the Department of
Commerce |nternet Pollcy Task Porces December 20l0 report, Commercial Data Privacy and Innovation
in the Internet Economy: A Dynamic Policy Framework (Prlvacy and |nnovatlon Green Paper)." The
|nternet Pollcy Task Porce developed the recommendatlons ln the Prlvacy and |nnovatlon Green Paper by
engaglng wlth stakeholderscompanles, trade groups, prlvacy advocates, academlcs, State Attorneys
General, Pederal clvll and crlmlnal law enforcement representatlves, and lnternatlonal partnersthrough
a publlc symposlum, wrltten comments, publlc speeches and presentatlons, and lnformal meetlngs.
More than l00 stakeholders subsequently submltted wrltten comments on the Prlvacy and |nnovatlon
Green Paper. These comments provlded the Admlnlstratlon wlth lnvaluable feedback durlng the devel-
opment of Consumer Data Privacy in a Networked World. The Admlnlstratlon gratefully acknowledges
the tlme and resources stakeholders devoted to thls lssue. Thelr ongolng engagement wlll be crltlcal
to lmplementlng the framework successfully.
8. Department of Commerce, Commercial Data Privacy and Innovation in the Internet Economy: Dynamic Policy
Framework, Dec. 20l0, available at http://www.ntla.doc.gov/report/20l0/commerclal-data-prlvacy-and-lnnovatlon-
lnternet-economy-dynamlc-pollcy-framework.
9 + +
II. Dening a Consumer
Privacy Bill of Rights
Strengthenlng consumer data prlvacy protectlons and promotlng lnnovatlon requlre prlvacy protec-
tlons that are comprehenslve, actlonable, and nexlble. The Unlted States ploneered the P|PPs ln the
l970s, and they have become the globally recognlzed foundatlons for prlvacy protectlon. The Unlted
States has embraced P|PPs by lncorporatlng them lnto sector-speclc prlvacy laws and applylng them to
personal data that Pederal agencles collect. P|PPs also are a foundatlon for numerous lnternatlonal data
prlvacy frameworks.' These prlnclples contlnue to provlde a solld foundatlon for consumer data prlvacy
protectlon, desplte far-reachlng changes ln companles ablllty to collect, store, and analyze personal data.
The Consumer Prlvacy 8lll of Plghts applles P|PPs to an envlronment ln whlch processlng of data about
lndlvlduals ls far more decentrallzed and pervaslve than lt was when P|PPs were lnltlally developed.
Large corporatlons and government agencles collectlng lnformatlon for relatlvely statlc databases are
no longer typlcal of personal data collectors and processors. The world ls far more varled and dynamlc.
Companles process lncreaslng quantltles of personal data for a wldenlng array of purposes. Consumers
lncreaslngly exchange personal data ln actlve ways through channels such as onllne soclal networks and
personal blogs. The reuse of personal data can be an lmportant source of lnnovatlon that brlngs benets
to consumers but also ralses dlmcult questlons about prlvacy. The central challenge ln thls envlronment
ls to protect consumers prlvacy expectatlons whlle provldlng companles wlth the certalnty they need
to contlnue to lnnovate.'"
To meet thls challenge, the Consumer Prlvacy 8lll of Plghts carrles P|PPs forward ln two ways. Plrst, lt
amrms a set of consumer rlghts that lnform consumers of what they should expect of companles that
handle personal data. The Consumer Prlvacy 8lll of Plghts also recognlzes that consumers have certaln
responslbllltles to protect thelr prlvacy as they engage ln an lncreaslngly networked soclety. Second, the
Consumer Prlvacy 8lll of Plghts renects the P|PPs ln a way that emphaslzes the lmportance of context ln
thelr appllcatlon.'' Key elements of context lnclude the goals or purposes that consumers can expect
9. As noted ln the Prlvacy and |nnovatlon Green Paper (p. ll):
|n l973, the Department of Health, Lducatlon, and welfare (HLw) released lts report, Records,
Computers, and the Rights of Citizens, whlch outllned a Code of Palr |nformatlon Practlces
that would create safeguard requlrements for certaln automated personal data systems
malntalned by the Pederal Government. Thls Code of Palr |nformatlon Practlces, now
commonly referred to as falr lnformatlon practlce prlnclples (P|PPs), establlshed the framework
on whlch much prlvacy pollcy would be bullt.
Lxamples of P|PPs-based lnternatlonal frameworks lnclude the Organlsatlon for Lconomlc Co-operatlon and
Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data and the Asla-Paclc Lconomlc
Cooperatlon Privacy Framework. The Prlvacy and |nnovatlon Green Paper proposed for conslderatlon the followlng set of
P|PPs: transparency, lndlvldual partlclpatlon, purpose speclcatlon, data mlnlmlzatlon, use llmltatlon, data quallty and
lntegrlty, securlty, and accountablllty and audltlng.
l0. As the Prlvacy and |nnovatlon Green Paper noted, New devlces and appllcatlons allow the collectlon and use
of personal lnformatlon ln ways that, at tlmes, can be contrary to many consumers prlvacy expectatlons. Department of
Commerce, Prlvacy and |nnovatlon Green Paper, at l (statement of Commerce Secretary Gary Locke).
ll. Por a comparlson of the Consumer Prlvacy 8lll of Plghts to other statements of the P|PPs, see Appendlx 8.
l0 + +
to achleve by uslng a companys products or servlces, the servlces that the companles actually provlde,
the personal data exchanges that are necessary to provlde these servlces, and whether a companys
customers lnclude chlldren and adolescents. Context should shape the balance and relatlve emphasls
of partlcular prlnclples ln the Consumer Prlvacy 8lll of Plghts.
The Consumer Prlvacy 8lll of Plghts advances these ob[ectlves by holdlng that consumers have a rlght to:
r |ndlvldual Control
r Transparency
r Pespect for Context
r Securlty
r Access and Accuracy
r Pocused Collectlon
r Accountablllty
The Consumer Prlvacy 8lll of Plghts applles to commerclal uses of personal data. Thls term refers to any
data, lncludlng aggregatlons of data, whlch ls llnkable to a speclc lndlvldual.' Personal data may lnclude
data that ls llnked to a speclc computer or other devlce. Por example, an ldentler on a smartphone
or famlly computer that ls used to bulld a usage prole ls personal data. Thls denltlon provldes the
nexlblllty that ls necessary to capture the many klnds of data about consumers that commerclal entltles
collect, use, and dlsclose.
The remalnder of thls sectlon provldes the full statement of the Consumer Prlvacy 8lll of Plghts and
explalns the ratlonale for the rlghts and obllgatlons under each prlnclple.
l2. Thls denltlon ls slmllar to the Pederal Governments denltlon of personally ldentlable lnformatlon:
|||nformatlon that can be used to dlstlngulsh or trace an lndlvlduals ldentlty, elther alone or
when comblned wlth other personal or ldentlfylng lnformatlon that ls llnked or llnkable to a
speclc lndlvldual. The denltlon of P|| ls not anchored to any slngle category of lnformatlon or
technology. Pather, lt requlres a case-by-case assessment of the speclc rlsk that an lndlvldual
can be ldentled.
Peter P. Orszag, Memorandum for the Heads of Lxecutlve Departments and Agencles, Guldance for Agency Use of
Thlrd-Party websltes and Appllcatlons, at 8 (Appendlx), 1une 25, 20l0,
http://www.whltehouse.gov/sltes/default/les/omb/assets/memoranda_20l0/ml0-23.pdf.
I I. DEFI NI NG A CONSUMER PRI VACY BI LL OF RI GHTS
ll + +
1. Individual Control: Consumers have a right to exercise control over what personal
data companies collect from them and how they use it. Companles should provlde
consumers approprlate control over the personal data that consumers share wlth oth-
ers and over how companles collect, use, or dlsclose personal data. Companles should
enable these cholces by provldlng consumers wlth easlly used and accesslble mechanlsms
that renect the scale, scope, and sensltlvlty of the personal data that they collect, use,
or dlsclose, as well as the sensltlvlty of the uses they make of personal data. Companles
should oner consumers clear and slmple cholces, presented at tlmes and ln ways that
enable consumers to make meanlngful declslons about personal data collectlon, use, and
dlsclosure. Companles should oner consumers means to wlthdraw or llmlt consent that
are as accesslble and easlly used as the methods for grantlng consent ln the rst place.
The |ndlvldual Control prlnclple has two dlmenslons. Plrst, at the tlme of collectlon, companles should
present cholces about data sharlng, collectlon, use, and dlsclosure that are approprlate for the scale,
scope, and sensltlvlty of personal data ln questlon. Por example, companles that have access to slgnl-
cant portlons of lndlvlduals |nternet usage hlstorles, such as search englnes, ad networks, and onllne
soclal networks, can bulld detalled proles of lndlvldual behavlor over tlme. These proles may be
broad ln scope and large ln scale, and they may contaln sensltlve lnformatlon, such as personal health
or nanclal data.'` |n these cases, cholce mechanlsms that are slmple and promlnent and oner ne-
gralned control of personal data use and dlsclosure may be approprlate. 8y contrast, servlces that do
not collect lnformatlon that ls reasonably llnkable to lndlvlduals may oner accordlngly llmlted cholces.
|n any event, a company that deals dlrectly wlth consumers should glve them approprlate cholces about
what personal data the company collects, lrrespectlve of whether the company uses the data ltself or
dlscloses lt to thlrd partles. when consumer-faclng companles contract wlth thlrd partles that gather
personal data dlrectly from consumers (as ls the case wlth much onllne advertlslng), they should be
dlllgent ln lnqulrlng about how those thlrd partles use personal data and whether they provlde consum-
ers wlth approprlate cholces about collectlon, use, and dlsclosure. The Admlnlstratlon also encourages
consumer-faclng companles to act as stewards of personal data that they and thelr buslness partners
collect from consumers. Consumer-faclng companles should seek ways to recognlze consumer cholces
through mechanlsms that are slmple, perslstent, and scalable from the consumers perspectlve.
Thlrd partles should also oner cholces about personal data collectlon that are approprlate for the scale,
scope, and sensltlvlty of data they collect. The focal polnt for much of the debate about thlrd-party
personal data collectlon ln recent years ls onllne behavloral advertlslngthe practlce of collectlng
l3. Scope refers to the range of actlvltles or lnterests as well as the tlme perlod that ls renected ln a dataset.
Scale refers to the number of lndlvlduals whose actlvltles are ln a dataset.
l2 + +
lnformatlon about consumers onllne lnterests ln order to dellver targeted advertlslng to them.'" Thls
system of advertlslng revolves around ad networks that can track lndlvldual consumersor at least
thelr devlcesacross dlnerent websltes. when organlzed accordlng to unlque ldentlers, thls data can
provlde a potentlally wlde-ranglng vlew of lndlvldual use of the |nternet. These lndlvldual behavloral
proles allow advertlsers to target ads based on lnferences about lndlvldual lnterests, as revealed by
|nternet use. Targeted ads are generally more valuable and emclent than purely contextual ads and
provlde revenue that supports an array of free onllne content and servlces.

'' However, many consumers
and prlvacy advocates nd tracklng and the advertlslng practlces that lt enables lnvade thelr expecta-
tlons of prlvacy.'"
The Admlnlstratlon recognlzes that the ultlmate uses of personal data that thlrd partles, such as ad
networks, collect anect the prlvacy lnterests at stake. As a result, these uses of personal data should
help to shape the range of approprlate lndlvldual control optlons. Por example, a company that uses
personal data only to calculate statlstlcs about how consumers use lts servlces may not lmpllcate slg-
nlcant consumer prlvacy lnterests and may not need to provlde consumers wlth ways to prevent data
collectlon for thls purpose. Lven lf the company collects and stores some personal data for some uses,
lt may not need to provlde consumers wlth a sophlstlcated array of cholces about collectlon. |n the case
of onllne advertlslng, for lnstance, verlfylng ad dellvery and preventlng a consumer from seelng the
same ad many tlmes over may requlre some personal data collectlon. 8ut personal data collected only
for these statlstlcal purposes may not requlre the assembly of extenslve, long-llved lndlvldual proles
and may not requlre extenslve optlons for control.
|nnovatlve technology can help to expand the range of user control. |t ls lncreaslngly common for
|nternet companles that have dlrect relatlonshlps wlth consumers to oner detalled prlvacy settlngs that
allow lndlvlduals to exerclse greater control over what personal data the companles collect, and when.
|n addltlon, prlvacy-enhanclng technologles such as the Do Not Track mechanlsm allow consumers
to exerclse some control over how thlrd partles use personal data or whether they recelve lt at all. Por
example, prompted by the PTC,' members of the onllne advertlslng lndustry developed self-regulatory
prlnclples based on the P|PPs, a common lnterface to alert consumers of the presence of thlrd party ads
and to dlrect them to more lnformatlon about the relevant ad network, and a common mechanlsm to
l4. See PTC, Self-Regulatory Principles for Online Behavioral Advertising (stan report), at 2, Peb. 2009 (statlng
that onllne behavloral advertlslng lnvolves the tracklng of consumers onllne actlvltles ln order to dellver tallored
advertlslng).
l5. Accordlng to one study, behavlorally targeted ads are worth slgnlcantly more than non-targeted ads. See
Howard 8eales, The Value of Behavioral Targeting, at 3, Mar. 24, 20l0 (ndlng, based on data provlded by ad networks,
that behavlorally targeted ad rates ln 2009 were 2.68 tlmes greater than non-targeted ad rates),
http://www.networkadvertlslng.org/pdfs/8eales_NA|_Study.pdf, PTC, Protecting Consumer Privacy in an Era of Rapid
Change: A Proposed Framework for Businesses and Policymakers (prellmlnary stan report), at 24, Dec. 20l0 (reportlng that
PTC prlvacy roundtable partlclpants dlscussed that the more lnformatlon that ls known about a consumer, the more a
company wlll pay to dellver a preclsely-targeted advertlsement to hlm) (PTC Stan Peport).
l6. See Aleecla M. McDonald and Lorrle Palth Cranor, Americans Attitudes About Internet Behavioral Advertising
Practices, Proceedlngs of the 9th Annual ACM workshop on Prlvacy ln the Llectronlc Soclety (wPLS) (20l0).
l7. See generally PTC, Self-Regulatory Principles for Online Behavioral Advertising (stan report), Peb. 2009.
l3 + +
allow consumers to opt out of targeted advertlslng by lndlvldual ad networks.'" A varlety of other actors,
lncludlng browser vendors, software developers, and standards-settlng organlzatlons, are developlng
Do Not Track mechanlsms that allow consumers to exerclse some control over whether thlrd partles
recelve personal data. All of these mechanlsms show promlse. However, they requlre further develop-
ment to ensure they are easy to use, strlke a balance wlth lnnovatlve uses of personal data, take publlc
safety lnterests lnto account, and present consumers wlth a clear plcture of the potentlal costs and
benets of llmltlng personal data collectlon.
As thlrd partles become further removed from dlrect lnteractlons wlth consumers, lt may be more
dlmcult for them to provlde consumers wlth meanlngful control over data collectlon. Data brokers, for
example, aggregate personal data from multlple sources, often wlthout lnteractlng wlth consumers at
all. Such companles face a challenge ln provldlng enectlve mechanlsms for lndlvldual control because
consumers mlght not know that these thlrd partles exlst. Moreover, some data brokers collect court
records, news reports, property records, and other data that ls ln the publlc record. The rlghts of free-
dom of speech and freedom of the press lnvolved ln the collectlon and use of these documents must
be balanced wlth the need for transparency to lndlvlduals about how data about them ls collected,
used, and dlssemlnated and the opportunlty for lndlvlduals to access and correct data that has been
collected about them.
Stlll, data brokers and other companles that collect personal data wlthout dlrect consumer lnteractlons or
a reasonably detectable presence ln consumer-faclng actlvltles should seek lnnovatlve ways to provlde
consumers wlth enectlve |ndlvldual Control. |f lt ls lmpractlcal to provlde |ndlvldual Control, these com-
panles should ensure that they lmplement other elements of the Consumer Prlvacy 8lll of Plghts ln ways
that adequately protect consumers prlvacy. Por example, to provlde sumclent prlvacy protectlons, such
companles may need to go to extra lengths to lmplement other prlnclples such as Transparencyby
provldlng clear, publlc explanatlons of the roles they play ln commerclal uses of personal dataas well
as provldlng approprlate use controls once lnformatlon ls collected under the Access and Accuracy and
Accountablllty prlnclples to compensate for the lack of a dlrect consumer relatlonshlp.
The second dlmenslon of |ndlvldual Control ls consumer responslblllty. |n a growlng number of cases,
such as onllne soclal networks, the use of personal data beglns wlth lndlvlduals declslons to choose
prlvacy settlngs and to share personal data wlth others. |n such contexts, consumers should evaluate
thelr cholces and take responslblllty for the ones that they make. Control over the lnltlal act of sharlng
ls crltlcal. Consumers should take responslblllty for those declslons, [ust as companles that partlclpate ln
and benet from thls sharlng should provlde usable tools and clear explanatlons to enable consumers
to make meanlngful cholces.
The |ndlvldual Control prlnclple also recognlzes that consumers prlvacy lnterests ln personal data perslst
throughout thelr relatlonshlps wlth a company. Accordlngly, thls prlnclple lncludes a rlght to wlthdraw
consent to use personal data that the company controls. Companles should provlde means of wlth-
l8. See AboutAds.lnfo, Self-Regulatory Principles for Online Behavioral Advertising,
http://www.aboutads.lnfo/resource/download/seven-prlnclples-07-0l-09.pdf (1uly 2009), |nteractlve Advertlslng 8ureau,
Comment on the Prlvacy and |nnovatlon Green Paper (Attachment 8) (explalnlng onllne advertlsers system for dlrectlng
users to ad networks prlvacy pollcles and opt-outs).
l4 + +
drawlng consent that are on equal footlng wlth ways they obtaln consent. Por example, lf consumers
grant consent through a slngle actlon on thelr computers, they should be able to wlthdraw consent ln
a slmllar fashlon.''
There are three practlcal llmlts to the rlght to wlthdraw consent. Plrst, lt presumes that consumers
have an ongolng relatlonshlp wlth a company. Thls relatlonshlp could be mlnlmal, such as a consumer
establlshlng an account for a slngle transactlon, or lt may be as extenslve as many nanclal transactlons
spannlng many years. Nonetheless, the company must have a way to enect a wlthdrawal of consent
to the extent the company has assoclated and retalned data wlth an lndlvldual. Conversely, data that a
company cannot reasonably assoclate wlth an lndlvldual ls not sub[ect to the rlght to wlthdraw consent.
Second, the obllgatlon to respect a consumers wlthdrawal of consent only extends to data that the
company has under lts control. Thlrd, the |ndlvldual Control prlnclple does not call for companles to
permlt wlthdrawal of consent for personal data that they collected before lmplementlng the Consumer
Prlvacy 8lll of Plghts, unless they made such a commltment at the tlme of collectlon.
2. TRANSPARENCY: Consumers have a right to easily understandable and accessible
information about privacy and security practices. At tlmes and ln places that are most
useful to enabllng consumers to galn a meanlngful understandlng of prlvacy rlsks and
the ablllty to exerclse |ndlvldual Control, companles should provlde clear descrlptlons of
what personal data they collect, why they need the data, how they wlll use lt, when they
wlll delete the data or de-ldentlfy lt from consumers, and whether and for what purposes
they may share personal data wlth thlrd partles.
Plaln language statements about personal data collectlon, use, dlsclosure, and retentlon help consumers
understand the terms surroundlng commerclal lnteractlons. Companles should make these statements
vlslble to consumers when they are most relevant to understandlng prlvacy rlsks and easlly accesslble
when called for.
Personal data uses that are not conslstent wlth the context of a company-to-consumer transactlon or
relatlonshlp deserve more promlnent dlsclosure than uses that are lntegral to or commonly accepted
ln that context. Prlvacy notlces that dlstlngulsh personal data uses along these llnes wlll better lnform
consumers of personal data uses that they have not antlclpated, compared to many current prlvacy
notlces that generally glve equal emphasls to all potentlal personal data uses." Such notlces wlll glve
prlvacy-consclous consumers easy access to lnformatlon that ls relevant to them. They may also promote
greater conslstency ln dlsclosures by companles ln a glven market and attract the attentlon of consumers
who ordlnarlly would lgnore prlvacy notlces, potentlally maklng prlvacy practlces a more sallent polnt
of competltlon among dlnerent products and servlces.
l9. The obllgatlon to provlde these cholces should be read ln con[unctlon wlth the Access and Accuracy prlnclple
dlscussed below.
20. See Asslstant Secretary for Communlcatlons and |nformatlon Lawrence L. Strlckllng, Testlmony 8efore the
Senate Commlttee on Commerce, Sclence, and Transportatlon, Mar. l6, 20ll, at 2-3.
l5 + +
|n addltlon, companles should provlde notlce ln a form that ls easy to read on the devlces that consumers
actually use to access thelr servlces. |n partlcular, moblle devlces have small screens that make readlng
full prlvacy notlces enectlvely lmposslble. Companles should therefore strlve to present moblle consum-
ers wlth the most relevant lnformatlon ln a manner that takes lnto account moblle devlce characterlstlcs,
such as small dlsplay slzes and prlvacy rlsks that are speclc to moblle devlces.
Plnally, companles that do not lnteract dlrectly wlth consumerssuch as the data brokers dlscussed
aboveneed to make avallable expllclt explanatlons of how they acqulre, use, and dlsclose personal
data. These companles may need to compensate for the lack of a dlrect relatlonshlp when maklng
these explanatlons avallable, for example by postlng them on thelr websltes or other publlcly acces-
slble locatlons. Moreover, companles that have rst-party relatlonshlps wlth consumers should dlsclose
speclcally the purpose(s) for whlch they provlde personal data to thlrd partles, help consumers to
understand the nature of those thlrd partles actlvltles, and whether those thlrd partles are bound to
llmlt thelr use of the data to achlevlng those purposes. Thls glves consumers a more tractable task of
assesslng whether to engage wlth a slngle entlty, rather than trylng to understand what personal data
thlrd partlespotentlally dozens, or even hundredsrecelve and how they use lt. Slmllarly, rst partles
could create greater transparency by dlscloslng what klnds of personal data they obtaln from thlrd par-
tles, who the thlrd partles are, and how they use thls data. Thls level of transparency may also facllltate
the development wlthln the prlvate sector of lnnovatlve prlvacy-enhanclng technologles and guldance
that consumers can use to protect thelr prlvacy.
3. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will col-
lect, use, and disclose personal data in ways that are consistent with the context in
which consumers provide the data. Companles should llmlt thelr use and dlsclosure of
personal data to those purposes that are conslstent wlth both the relatlonshlp that they
have wlth consumers and the context ln whlch consumers orlglnally dlsclosed the data,
unless requlred by law to do otherwlse. |f companles wlll use or dlsclose personal data for
other purposes, they should provlde helghtened Transparency and |ndlvldual Cholce by
dlscloslng these other purposes ln a manner that ls promlnent and easlly actlonable by
consumers at the tlme of data collectlon. |f, subsequent to collectlon, companles declde
to use or dlsclose personal data for purposes that are lnconslstent wlth the context ln
whlch the data was dlsclosed, they must provlde helghtened measures of Transparency
and |ndlvldual Cholce. Plnally, the age and famlllarlty wlth technology of consumers who
engage wlth a company are lmportant elements of context. Companles should fulll the
obllgatlons under thls prlnclple ln ways that are approprlate for the age and sophlstlcatlon
of consumers. |n partlcular, the prlnclples ln the Consumer Prlvacy 8lll of Plghts may requlre
greater protectlons for personal data obtalned from chlldren and teenagers than for adults.
l6 + +
Pespect for Context dlstlngulshes personal data uses on the basls of how closely they relate to the
purposes for whlch consumers use a servlce or appllcatlon as well as the buslness processes necessary
to provlde the servlce or appllcatlon.' The Pespect for Context prlnclple calls on companles that collect
data to act as stewards of data ln ways that respect thelr consumers. Thls prlnclple derlves from two
prlnclples commonly found ln statements of the P|PPs. The rst prlnclple, purpose speclcatlon, states
that companles should speclfy at the tlme of collectlon the purposes for whlch they collect personal
data. Second, the use llmltatlon prlnclple holds that companles should use personal data only to fulll
those speclc purposes.
The Pespect for Context prlnclple adapts these well-establlshed prlnclples ln two ways. Plrst, Pespect
for Context provldes a substantlve standard to gulde companles declslons about thelr baslc personal
data practlces. Generally speaklng, companles should llmlt personal data uses to fullllng purposes
that are conslstent wlth the context ln whlch consumers dlsclose personal data. Second, whlle thls
prlnclple emphaslzes the lmportance of the relatlonshlp between a consumer and a company at the
tlme consumers dlsclose data, lt also recognlzes that thls relatlonshlp may change over tlme ln ways not
foreseeable at the tlme of collectlon. Such adaptlve uses of personal data may be the source of lnnova-
tlons that benet consumers. However, companles must provlde approprlate levels of transparency and
lndlvldual cholcewhlch may be more strlngent than was necessary at the tlme of collectlonbefore
reuslng personal data.
Applylng the Consumer Prlvacy 8lll of Plghts ln a context-speclc manner provldes companles nexlblllty
but also requlres them to conslder carefully what consumers are llkely to understand about thelr data
practlces based on the products and servlces they oner, how the companles themselves explaln the
roles of personal data ln dellverlng them, research on consumers attltudes and understandlngs, and
feedback from consumers. Context should help to determlne whlch personal data uses are llkely to ralse
the greatest consumer prlvacy concerns. The company-to-consumer relatlonshlp should gulde compa-
nles declslons about whlch uses of personal data they wlll make most promlnent ln prlvacy notlces. Por
2l. Several commenters on the Prlvacy and |nnovatlon Green Paper emphaslzed the lmportance of context
ln applylng P|PPs. See, e.g., AT&T Comment on the Prlvacy and |nnovatlon Green Paper, at 7, 1an. 28, 20ll (P|PPs are
usefully expressed as generallzed pollcy guldes that should shape the multl-stakeholder collaboratlve processes to
develop nexlble and contextuallzed codes of practlce for partlcular lndustrles.), Centre for |nformatlon Pollcy Leadershlp
Comment on the Prlvacy and |nnovatlon Green Paper, at 3, 1an. 28, 20ll (Prlnclples of falr lnformatlon practlces should
be applled wlthln a contextual framework, and not ln a rlgld or xed way.), Google Comment on the Prlvacy and
|nnovatlon Green Paper, at 6, 1an. 28, 20ll (|n partlcular, P|PPs must be nexlble enough to take account of the spectrum
of ldentlablllty, llnkablllty, and sensltlvlty of varlous data ln varlous contexts.), |ntel Comment on the Prlvacy and
|nnovatlon Green Paper, at 4 (|M|any of the lssues present ln a prlvacy regulatory scheme are hlghly contextual.), |ntult
Comment on the Prlvacy and |nnovatlon Green Paper, at 9 (|t ls the use of the lnformatlon as well as lts characterlstlcs
that should lnform our treatment of lt. Context ls cruclal.), Helen Nlssenbaum, Kenneth Parrall, and Plnn 8runton,
Comment on the Prlvacy and |nnovatlon Green Paper, at 2-3 (recommendlng conslderatlon of context as a source of
basellne substantlve constralnts on data practlces followlng the model of current US sectoral prlvacy regulatlon),
Onllne Publlshers Assoclatlon Comment on the Prlvacy and |nnovatlon Green Paper, at 6 (Onllne publlshers share a
dlrect and trusted relatlonshlp wlth vlsltors to thelr sltes. |n the context of thls relatlonshlp, OPA members sometlmes
collect and use lnformatlon to target and dellver the onllne advertlslng that subsldlzes productlon of quallty dlgltal
content.), TPUSTe Comment on the Prlvacy and |nnovatlon Green Paper, at 2 (we vlew prlvacy as lnherently contextual,
dlsclosure obllgatlons wlll dlner dependlng on the context of the lnteractlon.). Current scholarshlp also emphaslzes
the lmportance of the relatlonshlp between context and prlvacy. See Helen Nlssenbaum, Privacy in Context: Technology,
Policy, and the Integrity of Social Life (2009).
l7 + +
example, onllne retallers need to dlsclose consumers names and home addresses to shlppers ln order to
fulll customers orders. Thls dlsclosure ls obvlous from the context of the consumer-retaller relatlonshlp.
Petallers do not need to provlde promlnent notlce of the practlce (though they should dlsclose lt ln thelr
full prlvacy notlces), companles may lnfer that consumers have agreed to the dlsclosure based on the
consumers actlons ln placlng the order and a wldespread understandlng of the product dellvery process.
Several categorles of data practlces are both common to many contexts and lntegral to companles
operatlons. The example above falls lnto the more general category of product and servlce fulllment,
companles may lnfer consent to use and dlsclose personal data to achleve ob[ectlves that consumers
have speclcally requested, as long as there ls a common understandlng of the servlce. Slmllarly, com-
panles may lnfer consent to use personal data to conduct marketlng ln the context of most rst-party
relatlonshlps, glven the famlllarlty of thls actlvlty ln dlgltal and ln-person commerce, the vlslblllty of
thls klnd of marketlng, the presence of an easlly ldentlable party to contact to provlde feedback, and
consumers opportunlty to end thelr relatlonshlp wlth a company lf they are dlssatlsed wlth lt. |n addl-
tlon, companles collect and use personal data for purposes that are common, even lf they may not be
well known to consumers. Por example, analyzlng how consumers use a servlce ln order to lmprove lt,
preventlng fraud, complylng wlth law enforcement orders and other legal obllgatlons, and protectlng
lntellectual property all have been baslc elements of dolng buslness and meetlng companles legal
obllgatlons. Companles should be able to lnfer consumer consent to collect personal data for these
llmlted purposes, conslstent wlth the other prlnclples ln the Consumer Prlvacy 8lll of Plghts.
|n other cases, context should gulde declslons about whlch opportunltles for consumer control are
reasonable for companles to provlde and also meanlngful to consumers. |nformatlon and cholces that
are meanlngful to consumers ln one context may be largely lrrelevant ln others. Por example, conslder
a hypothetlcal game appllcatlon for a moblle devlce that allows consumers to save the games state, so
that they can resume playlng after a break. The hypothetlcal company that provldes thls game collects
the unlque ldentler of each users moblle devlce ln order to provlde thls save functlon. Collectlng
the moblle devlces unlque ldentler for thls purpose may be conslstent wlth the save functlon and
consumers declslons to use lt, partlcularly lf the company uses ldentlers only for thls purpose. |f the
company provldes consumers unlque devlce ldentlers to thlrd partles for purposes such as onllne
behavloral advertlslng, however, the company should notlfy consumers and allow them to prevent the
dlsclosure of personal data.
The sophlstlcatlon of a companys consumers ls also a crltlcal element of context. |n partlcular, the prlvacy
framework may requlre a dlnerent degree of protectlon for chlldrens and teenagers prlvacy lnterests
from the protectlons anorded to adults due to the unlque characterlstlcs of these age groups. Chlldren
may be partlcularly susceptlble to prlvacy harms. Currently, the Chlldrens Onllne Prlvacy Protectlon
Act (COPPA) and the PTCs lmplementlng regulatlons provlde strong protectlons by requlrlng onllne
22. Thls llst of practlces that are common to many contexts ls slmllar to the commonly accepted practlces that
PTC stan ldentled ln lts 20l0 report. See PTC Stan Peport at 53-54. |n the Admlnlstratlons vlew, protectlng lntellectual
property ls so wldespread and necessary to many companles that they should be able to lnfer consent to achleve thls
ob[ectlve. Several commenters on the Department of Commerces Prlvacy and |nformatlon Green Paper encouraged the
Admlnlstratlon to recognlze such practlces ln order to provlde certalnty for companles and to glve greater promlnence
to cholces that consumers are more llkely to nd meanlngful.
l8 + +
servlces that are dlrected to chlldren, or that know that they are collectlng personal data from chlldren,
to obtaln verlable parental consent before they collect such data.` Onllne servlces that are dlrected to
chlldren must meet thls same standard. The Admlnlstratlon looks forward to explorlng wlth stakehold-
ers whether more strlngent appllcatlons of the Consumer Prlvacy 8lll of Plghtssuch as an agreement
not to create lndlvldual proles about chlldren, even lf onllne servlces obtaln the necessary consent to
collect personal dataare approprlate to protect chlldrens prlvacy.
The terms governlng a company-to-consumer relatlonshlp are another key element of context. |n par-
tlcular, advertlslng supports lnnovatlve new servlces and helps to provlde consumers wlth free access
to a broad array of onllne servlces and appllcatlons. The Pespect for Context prlnclple does not foreclose
any partlcular ad-based buslness models. Pather, the Pespect for Context prlnclple requlres companles
to recognlze that dlnerent buslness models based on dlnerent personal data ralse dlnerent prlvacy
rlsks. A company should clearly lnform consumers of what they are gettlng ln exchange for the personal
data they provlde. The Admlnlstratlon also encourages companles engaged ln onllne advertlslng to
refraln from collectlng, uslng, or dlscloslng personal data that may be used to make declslons regard-
lng employment, credlt, and lnsurance ellglblllty or slmllar matters that may have slgnlcant adverse
consequences to consumers. Collectlng data for such sensltlve uses ls at odds wlth the contextually
well-dened purposes of generatlng revenue and provldlng consumers wlth ads that they are more
llkely to nd relevant. Such practlces also may be at odds wlth the norm of responslble data stewardshlp
that the Pespect for Context prlnclple encourages.
Conslder, for example, an onllne soclal networklng servlce whose users dlsclose blographlcal lnformatlon
when creatlng an account and provlde lnformatlon about thelr soclal contacts and lnterests by lnclud-
lng frlends, buslness assoclates, and companles ln thelr networks. As consumers use the servlce, they
may generate large amounts of lnformatlon that ls assoclated wlth thelr ldentlty on the onllne soclal
network, lncludlng wrltten updates, photos, vldeos, and locatlon lnformatlon. Consumers make amrma-
tlve cholces to share thls lnformatlon wlth members of thelr onllne soclal networks. These dlsclosures
are all lntegral to the company provldlng lts soclal networklng servlce. Purthermore, lt ls reasonable for
the company to reveal at least some of these detalls to other members ln order to help them form new
connectlons.
whether the onllne soclal networklng servlce provlder wlll use thls lnformatlon, and for what purposes,
may be less clear from the context that consumers experlence. The personal data that consumers gener-
ate may be valuable for lmprovlng the servlce, selllng onllne advertlslng, or assembllng lndlvldual proles
that the company provldes to thlrd partles. These uses fall along a contlnuum that starts at the core
context of consumers engaglng onllne wlth a group of assoclates. Consumers expect the company to
lmprove lts servlces. The company does not need to seek amrmatlve consent each tlme lt uses exlstlng
data to lmprove a servlce, or even creates a new servlce, provlded that these new uses of personal data
are conslstent wlth what users come to expect ln a soclal networklng context.
Suppose that the company leases lndlvldual prole lnformatlon to thlrd partles, such as lnformatlon
brokers. Pespect for Context may not requlre the company to speclfy each use that a reclplent mlght
23. See Chlldrens Onllne Prlvacy Protectlon Act, Pub. L. l05-277 (codled at l5 U.S.C. 650l-6506) and PTC,
Chlldrens Onllne Protectlon Pule, l6 C.P.P. Part 3l2. COPPA denes chlld to mean an lndlvldual under the age of l3. l5
U.S.C. 650l(l).
l9 + +
make of thls data, but, at a mlnlmum, lt may requlre the company to state promlnently and expllcltly
that lt dlscloses personal data to thlrd partles who may further aggregate and use thls data for other
purposes. The Pespect for Context prlnclple, ln comblnatlon wlth other prlnclples ln the Consumer
Prlvacy 8lll of Plghts, also calls on the company to provlde consumers wlth meanlngful opportunltles
to prevent these dlsclosures.
4. SECURITY: Consumers have a right to secure and responsible handling of personal
data. Companles should assess the prlvacy and securlty rlsks assoclated wlth thelr per-
sonal data practlces and malntaln reasonable safeguards to control rlsks such as loss,
unauthorlzed access, use, destructlon, or modlcatlon, and lmproper dlsclosure.
Technologles and procedures that keep personal data secure are essentlal to protectlng consumer
prlvacy. Securlty fallures lnvolvlng personal data, whether resultlng from accldents or dellberate attacks,
can cause harms that range from embarrassment to nanclal loss and physlcal harm. Companles that
lose control of personal data may suner reputatlonal harm as well as nanclal losses lf buslness partners
or consumers end thelr relatlonshlps after a securlty breach. These consequences provlde companles
wlth slgnlcant lncentlves to keep personal data secure. The securlty precautlons that are approprlate
for a glven company wlll depend on lts llnes of buslness, the klnds of personal data lt collects, the llkell-
hood of harm to consumers, and many other factors.
The Securlty prlnclple recognlzes these needs. |t glves companles the dlscretlon to choose technologles
and procedures that best t the scale and scope of the personal data that they malntaln, sub[ect to thelr
obllgatlons under any appllcable data securlty statutes, lncludlng thelr dutles to notlfy consumers and
law enforcement agencles lf the securlty of data about them ls breached, and thelr commltments to
adopt reasonable securlty practlces.
5. ACCESS AND ACCURACY: Consumers have a right to access and correct personal
data in usable formats, in a manner that is appropriate to the sensitivity of the
data and the risk of adverse consequences to consumers if the data is inaccurate.
Companles should use reasonable measures to ensure they malntaln accurate personal
data. Companles also should provlde consumers wlth reasonable access to personal data
that they collect or malntaln about them, as well as the approprlate means and oppor-
tunlty to correct lnaccurate data or request lts deletlon or use llmltatlon. Companles that
handle personal data should construe thls prlnclple ln a manner conslstent wlth freedom
of expresslon and freedom of the press. |n determlnlng what measures they may use to
malntaln accuracy and to provlde access, correctlon, deletlon, or suppresslon capabllltles
to consumers, companles may also conslder the scale, scope, and sensltlvlty of the personal
data that they collect or malntaln and the llkellhood that lts use may expose consumers
to nanclal, physlcal, or other materlal harm.
20 + +
An lncreaslngly dlverse array of entltles uses personal data to make declslons that anect consumers ln
ways ranglng from the ads they see onllne to thelr candldacy for employment. Outslde of sectors covered
by speclc Pederal prlvacy laws, such as the Health |nsurance Portablllty and Accountablllty Act (H|PAA)
and the Palr Credlt Peportlng Act, consumers do not currently have the rlght to access and correct thls
data. The Admlnlstratlon ls commltted to publlshlng data on the |nternet ln machlne-readable formats
to advance the goals of lnnovatlon, transparency, partlclpatlon, and collaboratlon. Por example, to
promote lnnovatlon and emclency ln the dellvery of electrlclty, the Admlnlstratlon supports provldlng
consumers wlth tlmely access to energy usage data ln standardlzed, machlne-readable formats over
the |nternet." Slmllarly, the expanded use of health |T, lncludlng patlents access to health data through
electronlc health records, ls a key element of the Admlnlstratlons lnnovatlon strategy.' Comprehenslve
prlvacy and securlty safeguards, tallored for both contexts, are fundamental to both strategles.
Provldlng consumers wlth access to lnformatlon about them ln usable formats holds slmllar promlse ln
the commerclal arena. To help consumers make more lnformed cholces, the Admlnlstratlon encourages
companles to make personal data avallable ln useful formats to the properly authentlcated lndlvlduals
over the |nternet."
The Access and Accuracy prlnclple recognlzes that the use of lnaccurate personal data may lead to a
range of harms. The rlsk of these harms, ln addltlon to the scale, scope, and sensltlvlty of personal data
that a company retalns, help to determlne what klnds of access and correctlon facllltles may be reason-
able ln a glven context. As a result, thls prlnclple does not dlstlngulsh between companles that are
consumer-faclng and those that are not. |n all cases, however, the mechanlsms that companles use to
provlde consumers wlth access to data about them should not create addltlonal prlvacy or securlty rlsks.
Unlted States Constltutlonal law has long recognlzed that prlvacy lnterests co-exlst alongslde funda-
mental Plrst Amendment rlghts to freedom of speech, freedom of the press, and freedom of assoclatlon.
|ndlvlduals and members of the press exerclslng thelr free speech rlghts may well speak about other
lndlvlduals and lnclude personal lnformatlon ln thelr speech. The Access and Accuracy prlnclple should
therefore be lnterpreted wlth full respect for Plrst Amendment values, especlally for non-commerclal
speakers and lndlvlduals exerclslng freedom of the press.
24. Natlonal Sclence and Technology Councll, A Policy Framework for the 21st Century Grid: Enabling Our Secure
Energy Future, at 4l, 46, 1une 20ll, available at http://www.whltehouse.gov/sltes/default/les/mlcrosltes/ostp/nstc-
smart-grld-[une20ll.pdf.
25. See The whlte House, A Strategy for American Innovation: A Strategy for American Innovation: Securing Our
Economic Growth and Prosperity, Peb. 20ll, http://www.whltehouse.gov/lnnovatlon/strategy, Department of Health and
Human Servlces, Plnal Pule on Llectronlc Health Pecord |ncentlve Program, 75 Ped. Peg. 443l4, 1uly 28, 20l0.
26. See Memorandum for the Heads of Lxecutlve Departments and Agencles, |nformlng Consumers Through
Smart Dlsclosure, available at http://www.whltehouse.gov/sltes/default/les/omb/lnforeg/for-agencles/lnformlng-
consumers-through-smart-dlsclosure.pdf (To the extent practlcable and sub[ect to valld restrlctlons, agencles
should publlsh lnformatlon onllne ln an open format that can be retrleved, downloaded, lndexed, and searched by
commonly used web search appllcatlons. An open format ls one that ls platform lndependent, machlne readable,
and made avallable to the publlc wlthout restrlctlon that would lmpede the re-use of that lnformatlon.), M-l0-06,
Memorandum for the Heads of Lxecutlve Departments and Agencles, Open Government Dlrectlve, available at http://
www.whltehouse.gov/sltes/default/les/omb/assets/memoranda_20l0/ml0-06.pdf (Machlne readable data are dlgltal
lnformatlon stored ln a format enabllng the lnformatlon to be processed and analyzed by computer. These formats allow
electronlc data to be as usable as posslble.).
2l + +
6. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal
data that companies collect and retain. Companles should collect only as much per-
sonal data as they need to accompllsh purposes specled under the Pespect for Context
prlnclple. Companles should securely dlspose of or de-ldentlfy personal data once they
no longer need lt, unless they are under a legal obllgatlon to do otherwlse.
The Pocused Collectlon prlnclple holds that companles should engage ln consldered declslons about the
klnds of data they need to collect to accompllsh speclc purposes. Por example, the hypothetlcal game
company referenced above that collects the unlque ldentler of each users moblle devlce ln order to
provlde a save functlon should conslder whether lt must use the moblle devlce ldentler or whether
a less broadly llnkable ldentler would work as well. Nevertheless, as dlscussed under the Pespect for
Context prlnclple, companles may nd new uses for personal data after they collect lt, provlded they
take approprlate measures of transparency and lndlvldual cholce. The Pocused Collectlon prlnclple
does not relleve companles of any lndependent legal obllgatlons, lncludlng law enforcement orders,
that requlre them to retaln personal data.
wlde-ranglng data collectlon may be essentlal for some famlllar and soclally beneclal |nternet servlces
and appllcatlons. Search englnes are one example. Search englnes gather detalled data about the
contents and structure of the world wlde web. Consumers understand and depend on search englnes
to collect thls broad range of data and make lt avallable for a wlde range of end uses. Search englnes
also log search querles to lmprove thelr servlces. Search englnes may collect such data, whlch lncludes
personal data, ln a manner that ls conslstent wlth the Pocused Collectlon prlnclple, so long as thelr
purposes for collectlng personal data are clear, and they do not retaln personal data beyond the tlme
they need lt to achleve any of these purposes.
7. ACCOUNTABILITY: Consumers have a right to have personal data handled by com-
panies with appropriate measures in place to assure they adhere to the Consumer
Privacy Bill of Rights. Companles should be accountable to enforcement authorltles
and consumers for adherlng to these prlnclples. Companles also should hold employees
responslble for adherlng to these prlnclples. To achleve thls end, companles should traln
thelr employees as approprlate to handle personal data conslstently wlth these prlnclples
and regularly evaluate thelr performance ln thls regard. where approprlate, companles
should conduct full audlts. Companles that dlsclose personal data to thlrd partles should
at a mlnlmum ensure that the reclplents are under enforceable contractual obllgatlons to
adhere to these prlnclples, unless they are requlred by law to do otherwlse.
22 + +
Prlvacy protectlon depends on companles belng accountable to consumers as well as to agencles that
enforce consumer data prlvacy protectlons. The Accountablllty prlnclple, however, goes beyond external
accountablllty to encompass practlces through whlch companles prevent lapses ln thelr prlvacy com-
mltments or detect and remedy any lapses that may occur. Companles that can demonstrate that they
llve up to thelr prlvacy commltments have powerful means of malntalnlng and strengthenlng consumer
trust. A companys own evaluatlon can prove lnvaluable to thls process. The approprlate evaluatlon
technlque, whlch could be a self-assessment and need not necessarlly be a full audlt, wlll depend on
the slze, complexlty, and nature of a companys buslness, as well as the sensltlvlty of the data lnvolved.
|n recent years, chlef prlvacy omcersexperts who ralse awareness of prlvacy lssues ln companles that
face rapld changes ln technologles, consumer expectatlons, and regulatlonshave emerged as a valu-
able source of guldance and lnternal evaluatlon. Chlef prlvacy omcers are llkely to provlde a contlnulng
source of guldance wlthln companles throughout the development of products and servlces.
To be fully enectlve, however, companles should llnk evaluatlons to the enforcement of pre-establlshed
lnternal expectatlons, evaluatlons are not an end ln themselves. Audltswhether conducted by the
company or by an lndependent thlrd partymay be approprlate under some clrcumstances, but they
are not always necessary to fulll the Accountablllty prlnclple.
Moreover, accountablllty must attach to data transferred from one company to another. Prom the
perspectlve of the Consumer Prlvacy 8lll of Plghts, the emphasls ls not on the dlsclosures themselves,
but on whether a dlsclosure leads to a use of personal data that ls lnconslstent wlthln the context of lts
collectlon or a consumers expressed deslre to control the data. Thus, lf a company transfers personal
data to a thlrd party, lt remalns accountable and thus should hold the reclplent accountablethrough
contracts or other legally enforceable lnstrumentsfor uslng and dlscloslng the data ln ways that are
conslstent wlth the Consumer Prlvacy 8lll of Plghts.
23 + +
III. Implementing the
Consumer Privacy Bill of Rights:
Multistakeholder Processes to Develop
Enforceable Codes of Conduct
|mplementlng the general prlnclples ln the Consumer Prlvacy 8lll of Plghts across the wlde range of lnno-
vatlve uses of personal data requlres a process to establlsh more speclc practlces. The Admlnlstratlon
encourages lndlvldual companles, lndustry groups, prlvacy advocates, consumer groups, crlme vlctlms,
academlcs, lnternatlonal partners, State Attorneys General, Pederal clvll and crlmlnal law enforcement
representatlves, and other relevant groups to partlclpate ln multlstakeholder processes to develop codes
of conduct that lmplement these general prlnclples.
|n consumer data prlvacy, as ln other areas anectlng |nternet pollcy, the Admlnlstratlon belleves that
multlstakeholder processes underlle many of the lnstltutlons responslble for the |nternets success. Thls
renects the Admlnlstratlons abldlng commltment to preservlng the |nternet as anopen, decentrallzed,
user-drlven platform for communlcatlon, lnnovatlon, and economlc growth.
The Admlnlstratlon supports open, transparent multlstakeholder processes because, when appro-
prlately structured, they can provlde the nexlblllty, speed, and decentrallzatlon necessary to address
|nternet pollcy challenges. A process that ls open to a broad range of partlclpants and facllltates thelr
full partlclpatlon wlll allow technlcal experts, companles, advocates, clvll and crlmlnal law enforcement
representatlves responslble for enforclng consumer prlvacy laws, and academlcs to work together to nd
creatlve solutlons to problems. Plexlblllty ln the dellberatlve process ls crltlcal to allowlng stakeholders
to explore the technlcal and pollcy dlmenslonswhlch are often lntertwlnedof |nternet pollcy lssues.
Moreover, the Unlted States wlll need to confront a broad, complex, and global set of consumer data
prlvacy lssues for decades to come. A process that works emclently and on a global scale ls therefore
essentlal.
Another key advantage of multlstakeholder processes ls that they can produce solutlons ln a more tlmely
fashlon than regulatory processes and treaty-based organlzatlons. |n the |nternet standards world, for
example, worklng groups frequently form around a speclc problem and make slgnlcant progress
toward a solutlon wlthln months, rather than years. These groups frequently functlon on the basls of
consensus and are amenable to the partlclpatlon of lndlvlduals and groups wlth llmlted resources. These
characterlstlcs lend legltlmacy to the groups and thelr solutlons, whlch ln turn can encourage rapld and
enectlve lmplementatlon.
27. The Unlted States recently [olned the other members of the Organlsatlon for Lconomlc Co-operatlon and
Development (OLCD) ln recognlzlng the economlc and soclal lmportance of the |nternet. See OLCD, Communlque on
Prlnclples for |nternet Pollcy-Maklng, OLCD Hlgh-Level Meetlng on The |nternet Lconomy: Generatlng |nnovatlon and
Growth, 1une 28-29, 20ll, http://www.ntla.doc.gov/legacy/ntlahome/prlvwhltepaper.html.
24 + +
2011 U. S. I NTELLECTUAL PROPERTY ENFORCEMENT COORDI NATOR
Plnally, multlstakeholder processes do not rely on a slngle, centrallzed authorlty to solve problems.
Speclc multlstakeholder lnstltutlons address speclc klnds of |nternet pollcy challenges. Thls klnd of
speclallzatlon not only speeds up the development of solutlons but also helps to avold the dupllcatlon
of stakeholders enorts.
Due ln part to lts rellance on multlstakeholder processes, Unlted States |nternet pollcy has generally
avolded fragmented, prescrlptlve, and unpredlctable rules that frustrate lnnovatlon and undermlne
consumer trust. The Unlted States has also refralned from adoptlng legal requlrements that prescrlbe
speclc technlcal requlrements, whlch could fragment the global market for lnformatlon technologles
and servlces and lnhlblt lnnovatlon. |nstead, the Unlted States generally defers to the expert bodles that
produce |nternet technlcal standards. |n addltlon, the Admlnlstratlon contlnues lts support for |nternet
pollcy processes that are open, transparent, and promote cooperatlon wlthln a legal framework that
sets approprlate performance requlrements for lndlvlduals and companles.
Consumer data prlvacy lssues exempllfy the need for multlstakeholder processes that develop the
practlces and technologles necessary to lmplement general pollcy prlnclples. Lxperlence ln the Unlted
States has shown that both companles and consumers benet when companles commlt to the task of
lnnovatlng prlvacy practlces. |n the early days of commerclal actlvlty on the |nternet (mld-l990s to early
2000s), for example, the Department of Commerce, the PTC, and the whlte House convened stakeholders
to gather lnformatlon about prlvacy lssues ln thls rapldly evolvlng marketplace. These enorts ylelded
a nexlble, voluntary prlvacy framework that provlded meanlngful prlvacy protectlons whlle fosterlng
dynamlc lnnovatlons ln technologles and buslness models."
Lven wlthout leglslatlon, the Admlnlstratlon lntends to convene and facllltate multlstakeholder pro-
cesses to produce enforceable codes of conduct. |n an open forum, stakeholders wlth an lnterest ln
a speclc market or buslness context wlll work toward consensus on a legally enforceable code of
conduct that lmplements the Consumer Prlvacy 8lll of Plghts. Multlstakeholder processes are dlnerent
from tradltlonal agency rulemaklngs. The Pederal Government wlll work wlth stakeholders to establlsh
operatlng procedures for an open, transparent process. Ultlmately, however, the stakeholders themselves
wlll control the process and lts results. There ls no Pederal regulatlon at the end of the process, and codes
wlll not blnd any companles unless they choose to adopt them.
The lncentlve for stakeholders to partlclpate ln thls process ls twofold. Companles wlll bulld consumer
trust by engaglng dlrectly wlth consumers and other stakeholders durlng the process. Adoptlng a code
of conduct that stakeholders develop through thls process would further bulld consumer trust. Second,
ln any enforcement actlon based on conduct covered by a code, the PTC wlll conslder a companys
adherence to a code favorably.
28. Por example, the comblned enorts of the Department of Commerce, PTC, and the whlte House produced the
consumer data prlvacy framework of notlce and cholce, whlch protected prlvacy ln the context of rapldly developlng
technologles and markets. See PTC, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal
Trade Commission Report to Congress, at http://www.ftc.gov/reports/prlvacy2000/prlvacy2000.pdf (2000), whlte House,
Framework for Global Electronic Commerce, at 5, http://cllnton4.nara.gov/wH/New/Commerce/ (l997), Natlonal
Telecommunlcatlons and |nformatlon Admlnlstratlon, Privacy and the NII: Safeguarding Telecommunications-Related
Personal Information (Oct. l995), http://www.ntla.doc.gov/legacy/ntlahome/prlvwhltepaper.html.
25 + +
I I I. I MPLEMENTI NG THE CONSUMER PRI VACY BI LL OF RI GHTS:
MULTI STAKEHOLDER PROCESSES TO DEVELOP ENFORCEABLE CODES OF CONDUCT
A. Building on the Successes of Internet Policymaking
The |nternet provldes several successful examples of the klnd of multlstakeholder pollcy development
the Admlnlstratlon envlslons. Prlvate-sector standards-settlng organlzatlons, for example, are at the
forefront of settlng |nternet-related technlcal standards. Groups such as the |nternet Lnglneerlng Task
Porce (|LTP) and the world wlde web Consortlum (w3C) use transparent processes to set |nternet-related
technlcal standards. These processes are successful, ln part, because stakeholders share an lnterest ln
developlng consensus-based solutlons to the underlylng challenges. The success of the resultlng stan-
dards ls evldent ln the constantly growlng range of servlces and appllcatlonsas well as the trllllons of
dollars ln global commercethey support.
Slmllarly, the |nternet Corporatlon for Asslgned Names and Numbers (|CANN), a nonprot corporatlon,
coordlnates the technlcal management of the domaln name system, whlch maps domaln names to
unlque numerlcal addresses. |CANN ls also a multlstakeholder organlzatlon that lncludes representa-
tlves from a broad array of lnterests, lncludlng generlc top level domaln reglstrles, reglstrars and regls-
trants, country code top level domaln reglstrles, the Peglonal |nternet Peglstrles, root server operators,
natlonal governments, and |nternet users at large. wlth thls structure, |CANN coordlnates the technlcal
management of an lmportant functlon of the |nternetmapplng names that people can remember
to numerlcal addresses that computers can useand does so ln a manner that allows for a wlde range
of stakeholder lnput.
Government-convened pollcymaklng enorts, such as the Lxecutlve 8ranch-led prlvacy dlscusslons of
the l990s and early 2000s, contlnue to be central to advanclng consumer data prlvacy protectlons ln
the Unlted States. The framework ln thls document ls a dlrect result of the Department of Commerce
|nternet Pollcy Task Porces extenslve engagement wlth stakeholderscompanles, trade groups, prlvacy
advocates, academlcs, clvll and crlmlnal law enforcement representatlves, and forelgn government
omclals. |n addltlon, the PTC has encouraged multlstakeholder enorts to develop a Do Not Track
mechanlsm, whlch would anord greater consumer control over personal data ln the context of onllne
behavloral advertlslng.
26 + +
B. Dening the Multistakeholder Process for Consumer Data Privacy
The Department of Commerces Natlonal Telecommunlcatlons and |nformatlon Admlnlstratlon (NT|A)
has the necessary authorlty and expertlse, developed through lts role ln other areas of |nternet pollcy,
to convene multlstakeholder processes that address consumer data prlvacy lssues.' NT|A wlll lead the
Department of Commerces convenlng of stakeholders ln a dellberatlve process that develops codes
of conduct and allows stakeholders to adapt the codes to protect consumers prlvacy as technologles
and market condltlons change.`"
Plgure l. The prlnclpal stages of the multlstakeholder process for consumer data prlvacy
1. Deliberation
r Identifying Issues. Stakeholder groups, wlth the asslstance of NT|A, wlll ldentlfy markets and
lndustry sectors that lnvolve slgnlcant consumer data prlvacy lssues and may be rlpe for an
enforceable code of conduct. The process wlll be open, but the focus of a glven process llkely
wlll not appeal equally to all stakeholders.
r Initiating and Facilitating Deliberations. NT|A wlll take steps to enllst the partlclpatlon of
stakeholders to develop an enforceable code of conduct. As convener, NT|A wlll open meet-
lngs to all stakeholders, lncludlng lnternatlonal partners, the PTC, Pederal clvll and crlmlnal law
enforcement representatlves, and State Attorneys General, that have an lnterest ln denlng an
approprlate code of conduct and express a wllllngness to work ln good falth toward reachlng
consensus on the codes provlslons.
As thelr rst order of buslness, stakeholders wlll establlsh operatlng processes and procedures.
The Admlnlstratlon ls commltted to a process that ls open, transparent, and accommodates
partlclpatlon by groups that have llmlted resources, however the dellberatlve process must
meet the needs of lts partlclpants, who determlne and ablde by lts outcome.`'
29. NT|A ls deslgnated by statute as the Presldents prlnclpal advlser on telecommunlcatlons pollcles pertalnlng to
the Natlons economlc and technologlcal advancement . . . . 47 U.S.C. 902(b)(2)(D).
30. Other Pederal agencles may play thls convenlng role lf consumer data prlvacy lssues arlse ln thelr areas of
expertlse. Alternatlvely, prlvate-sector organlzatlons could convene stakeholders, though the dearth of prlvate sector-
led code development enorts ls preclsely the reason that the Admlnlstratlon proposes to serve as convener.
3l. The Admlnlstratlons guldellnes for lncreaslng transparency, partlclpatlon, and collaboratlon ln publlc
pollcy development could prove useful here. See Presldent 8arack Obama, Memorandum to the Heads of Lxecutlve
Departments and Agencles: Transparency and Open Government,
http://www.whltehouse.gov/the_press_omce/TransparencyandOpenGovernment/, Peter P. Orszag, Memorandum for
the Heads of Lxecutlve Departments and Agencles: Open Government Dlrectlve, Dec. 8, 2009,
http://www.whltehouse.gov/open/documents/open-government-dlrectlve.
27 + +
I I I. I MPLEMENTI NG THE CONSUMER PRI VACY BI LL OF RI GHTS:
MULTI STAKEHOLDER PROCESSES TO DEVELOP ENFORCEABLE CODES OF CONDUCT
r Conclusion. A code that renects the agreement of all stakeholders ls ready for companles to
conslder adoptlng. The Admlnlstratlon expects, however, that consensus wlll emerge on parts
of a code, and that stakeholders are llkely to resolve the most dlmcult lssues later ln the process.
At thls stage, NT|A may need to work lntenslvely wlth stakeholders to help them resolve thelr
dlnerences. NT|As role wlll be to help the partles reach clarlty on what thelr posltlons are and
whether there are optlons for compromlse toward consensus, rather than substltutlng lts own
[udgment. To mlnlmlze the posslblllty that some stakeholders may draw lnnexlble llnes that
prevent consensus, the partles should dlscuss and set out rules or procedures at the outset
of the process to govern how the group wlll reach an orderly concluslon, even lf there ls not
complete agreement on results.
2. Adoption
Once a code of conduct ls complete, companles to whlch the code ls relevant may choose to adopt lt.
The Admlnlstratlon expects that a companys publlc commltment to adhere to a code of conduct wlll
become enforceable under Sectlon 5 of the PTC Act (l5 U.S.C. 45), [ust as a company ls bound today
to follow lts prlvacy statements.` Lnforceablllty ls essentlal to assurlng consumers that companles
practlces match thelr commltments and thus to strengthenlng consumer trust.
3. Evolution
A key goal of the multlstakeholder process ls to enable stakeholders to modlfy prlvacy protectlons ln
response to rapld changes ln technology, consumer expectatlons, and market condltlons, to assure
they sumclently protect consumer data prlvacy. The multlstakeholder process oners several ways to
keep codes of conduct current. Stakeholders may declde at any tlme that a code of conduct no longer
provldes enectlve consumer data prlvacy protectlons, ln llght of technologlcal or market changes. NT|A
mlght also draw thls concluslon and seek to re-convene stakeholders. As wlth the lnltlal development of a
code of conduct, however, stakeholder partlclpatlon ln the process to revlse a code of conduct would be
voluntary. The Pederal Government would not revlse a code of conduct, rather, stakeholder groups wlll
make these changes wlth Pederal Government lnput. Plnally, under the leglslatlve safe harbor framework
dlscussed ln the followlng sectlon, Congress could prescrlbe a renewal perlod for codes of conduct, so
that the PTC perlodlcally revlews codes that are the basls of enforcement safe harbors.
32. The PTC brlngs cases based on vlolatlons of commltments ln lts prlvacy statements under lts authorlty to
prevent deceptlve acts or practlces. |n addltlon, the PTC brlngs data prlvacy cases under lts unfalrness [urlsdlctlon, whlch
wlll remaln an lmportant source of consumer data prlvacy protectlon.
29 + +
IV. Building on the FTCs
Enforcement Expertise
A. Protecting Consumers Through Strong Enforcement
Lnforcement ls crltlcal to ensurlng that the prlvacy commltments companles make by adoptlng a code
of conduct are meanlngful. Self-regulatory bodles, whlch develop and admlnlster voluntary guldellnes
for member companles, can provlde a rst llne of enforcement, though they are not necessary for the
framework descrlbed here. Lnforcement through self-regulatory bodles can help to detect and remedy
compllance lssues at an early stage. As a result, thls klnd of enforcement can strengthen trust ln a code
of conduct and the companles that commlt to the code.
Government agencles also play a vltal role ln enforclng the prlvacy protectlons ln codes of conduct. The
PTC ls the Pederal Governments leadlng consumer prlvacy enforcement authorlty.`` Lnforcement actlons
by the PTC (and State Attorneys General) have establlshed that companles fallures to adhere to volun-
tary prlvacy commltments, such as those stated ln prlvacy pollcles, are actlonable under the PTC Acts
(and State analogues) prohlbltlon on unfalr or deceptlve acts or practlces.`" |n addltlon, the PTC brlngs
cases agalnst companles that allegedly falled to use reasonable securlty measures to protect personal
lnformatlon about consumers.`' Uslng thls authorlty, the PTC has brought cases that enectlvely protect
consumer data prlvacy wlthln a nexlble and evolvlng approach to changlng technologles and markets.
The same authorlty would allow the PTC to enforce the commltments of companles under lts [urlsdlc-
tlon to adhere to codes of conduct developed through the multlstakeholder process.`" Thus, companles
that adopt codes of conduct wlll make commltments that are legally enforceable under exlstlng law.
B. Providing Incentives to Develop Enforceable Codes of Conduct
The PTC has slgnlcant enforcement and pollcy expertlse to oner all stakeholders on consumer data
prlvacy lssues codes of conduct. wlth or wlthout consumer data prlvacy leglslatlon, the PTC should
provlde asslstance and advlce regardlng development of the codes. |n the absence of leglslatlon, the
PTC, Pederal clvll and crlmlnal law enforcement representatlves, and States should partlclpate ln the
multlstakeholder dellberatlons by provldlng advlce on substance and process. Once stakeholders have
developed a code, a company may voluntarlly adhere to the code ln order to galn greater certalnty and
33. Note, however, the PTC does not currently have authorlty to enforce Sectlon 5 of the PTC Act, l5, U.S.C. 45,
agalnst certaln corporatlons that operate for prot.
34. See PTC Act 5, l5 U.S.C. 45. |n addltlon to uslng lts Sectlon 5 authorlty to protect consumer data prlvacy, the
PTC has brought dozens of cases under sector-speclc statutes, such as the Chlldrens Onllne Prlvacy Protectlon Act, the
Palr Credlt Peportlng Act, the Gramm-Leach-8llley Act, and the Do Not Call Pule. Por a revlew of these cases, see PTC Stan
Peport at 9-l3.
35. See PTC Stan Peport at l0 (revlewlng enforcement actlons that lnclude counts based on unfalr acts or
practlces).
36. The PTCs [urlsdlctlon over nonprots and certaln other types of entltles under PTC Act 5 may be llmlted.
30 + +
assure lts customers that lts practlces protect thelr prlvacy. Companles may choose to adopt multlple
codes of conduct to cover dlnerent llnes of buslness, the common basellne of the Consumer Prlvacy 8lll
of Plghts should help ensure that the codes are conslstent. Then, ln any lnvestlgatlon or enforcement
actlon related to the sub[ect matter of one or more codes, the PTC should conslder the companys
adherence to the codes favorably.
3l + +
V. Promoting International Interoperability
The |nternet helps U.S. companles expand across borders. As a result, cross-border data nows are a vltal
component of the domestlc and global economles. Dlnerences ln natlonal prlvacy laws create challenges
for companles wlshlng to transfer personal data across natlonal borders. Complylng wlth dlnerent
prlvacy laws ls burdensome for companles that transfer personal data as part of well-dened, dlscrete
data processlng operatlons because legal standards may vary among [urlsdlctlons, and companles may
need to obtaln multlple regulatory approvals to conduct even routlne operatlons.
Servlces that cater to lndlvldual users face steeper compllance challenges because they handle data
nows that are more complex and varled. Purther compllcatlng matters ls the prollferatlon of cloud
computlng systems.` Thls globally dlstrlbuted archltecture helps dellver cost-enectlve, lnnovatlve
new servlces to consumers, companles, and governments. |t also allows consumers and companles to
send the personal data they generate and use to reclplents all over the world. Consumer data prlvacy
frameworks should not only facllltate these technologles and buslness models but also adapt rapldly
to those that have yet to emerge.
Though governments may take dlnerent approaches to meetlng these challenges, lt ls crltlcal to the
contlnued growth of the dlgltal economy that they strlve to create lnteroperablllty between prlvacy
reglmes. The Admlnlstratlon belleves nexlble multlstakeholder processes that address novel uses and
transfers of data facllltate lnteroperable prlvacy reglmes. The Unlted States ls commltted to engaglng
wlth lts lnternatlonal partners to lncrease lnteroperablllty ln prlvacy laws by pursulng mutual recognltlon,
the development of codes of conduct through multlstakeholder processes, and enforcement coopera-
tlon. |t ls also commltted to lncludlng lnternatlonal counterparts ln these multlstakeholder processes,
to enable global consensus on emerglng prlvacy lssues.
A. Mutual Recognition
Mutual recognltlon of commerclal data prlvacy frameworks ls a means to achleve meanlngful global
data protectlon. A startlng polnt for mutual recognltlon ls the embrace of common values surround-
lng prlvacy and personal data protectlon. Two prlnclples should determlne whether the condltlons for
mutual recognltlon between speclc prlvacy frameworks exlst: enectlve enforcement and mechanlsms
that allow companles to demonstrate accountablllty.
where companles are under comparable legal requlrements, mutual recognltlon means that all par-
tles can enforce the companles obllgatlons. Lnectlve enforcement, conducted accordlng to publlcly
announced pollcles, ls therefore crltlcal to establlshlng lnteroperablllty. Lnforcement authorltles and
mechanlsms vary from country to country, and the Unlted States recognlzes that a varlety of approaches
can be enectlve. The Unlted States relles prlmarlly upon the PTCs case-by-case enforcement of general
37. N|ST has ldentled ve essentlal characterlstlcs of cloud computlng: on-demand self-servlce, broad network
access, resource poollng, rapld elastlclty, and measured servlce. See supra note 6.
32 + +
prohlbltlons on unfalr or deceptlve acts and practlces. Thls approach helps develop evolvlng standards
for handllng personal data ln the prlvate sector.
|n the context of mutual recognltlon, accountablllty refers to a companys capaclty to demonstrate the
lmplementatlon of enforceable pollcles and procedures relatlng to prlvacy (whether adopted voluntarlly
or as a result of legal obllgatlons). Accountablllty mechanlsms lnclude self-assessments, evaluatlons, and
audlts.`" The Admlnlstratlon encourages stakeholders to work together to ldentlfy globally accepted
accountablllty mechanlsms when developlng codes of conduct.
One example of an lnltlatlve to facllltate transnatlonal mutual recognltlon ls the Asla-Paclc Lconomlc
Cooperatlons (APLC) voluntary system of Cross 8order Prlvacy Pules (C8PP), whlch ls based on the
APLC Prlvacy Pramework and lncludes prlvacy prlnclples that APLC member economles have agreed to
recognlze.`' Codes of conduct based on these prlnclples could streamllne the data prlvacy pollcles and
practlces of companles operatlng throughout the vast APLC reglon."" Upon lmplementatlon, APLCs
C8PP system wlll requlre lnterested appllcants to demonstrate that they comply wlth a set of C8PP
program requlrements based on the APLC Prlvacy Pramework. Moreover, the commltments an appllcant
makes durlng thls process, whlle voluntary, must be enforceable under laws ln member economles.
Successful C8PP certlcatlon wlll entltle partlclpatlng companles to represent to consumers that they
are accountable and meet strlngent and globally recognlzed standards, thereby facllltatlng the transfer
of personal data throughout the APLC reglon.
|n Lurope, Artlcle 27 of Luropean Unlon (LU) Dlrectlve 95/46/LC on the protectlon of lndlvlduals wlth
regard to the processlng of personal data and on the free movement of such data, commonly known as
the LU Data Protectlon Dlrectlve, encourages the development of codes of conduct to help lmplement
the law. Llke the Admlnlstratlons framework, whlch proposes lndustry-speclc codes of conduct, the
Data Protectlon Dlrectlve recognlzes that codes of conduct that lmplement general prlvacy prlnclples
may dlner ln thelr detalls, accordlng to the needs of the relevant lndustry. The Admlnlstratlon ls com-
mltted to worklng wlth organlzatlons at the LU level as well as wlth member states to make codes of
conduct the basls of mutually recognlzed prlvacy protectlons.
The Safe Harbor Prameworks that the Unlted States developed wlth the LU and Swltzerland are early
examples of global lnteroperablllty that have had a meanlngful lmpact on transatlantlc data nows.
The Unlted States, the LU, and Swltzerland negotlated these Prameworks to accompllsh the ob[ectlves
of protectlng personal lnformatlon whlle also ensurlng that companles could transfer lnformatlon ln
a way that dld not dlsrupt thelr global buslness operatlons. These Prameworks allow companles to
self-certlfy that they comply wlth requlrements under the LU Data Protectlon Dlrectlve, sub[ect to PTC
38. Audltlng ls not a requlrement under the Accountablllty prlnclple stated ln the Consumer Prlvacy 8lll of Plghts.
Thls sectlon dlscusses the potentlal use of audlts by companles that seek to take advantage of global lnteroperablllty ln
prlvacy laws. Not all organlzatlons, however, t thls descrlptlon.
39. The nlne prlnclples are collectlon llmltatlon, lntegrlty of personal lnformatlon, notlce, uses of personal
lnformatlon, cholce, securlty safeguards, access and correctlon, accountablllty, and harm preventlon.
See http://publlcatlons.apec.org/publlcatlon-detall.phpIpub_ld390.
40. Currently, APLC lncludes 2l members: Australla, 8runel Darussalam, Canada, Chlle, the Peoples Pepubllc of
Chlna, Hong Kong, |ndonesla, 1apan, the Pepubllc of Korea, Malaysla, Mexlco, New Zealand, Papua New Gulnea, Peru,
the Phlllpplnes, Pussla, Slngapore, Chlnese Talpel, Thalland, the Unlted States, and vletnam. APLC, Member Lconomles,
http://www.apec.org/About-Us/About-APLC/Member-Lconomles.aspx (last vlslted Sept. 7, 20ll).
V. PROMOTI NG I NTERNATI ONAL I NTEROPERABI LI TY
33 + +
enforcement of these representatlons."' The more than 2,700 companles that partlclpate ln the Safe
Harbor Prameworks may transfer personal data from the LU to the Unlted States. As a result, the Safe
Harbor Prameworks have enectlvely reduced barrlers to personal data now and thereby support trade
and economlc growth.
B. An International Role for Multistakeholder Processes and Codes of
Conduct
The attrlbutes of speed, nexlblllty and decentrallzed problem-solvlng ln well-structured multlstake-
holder consultatlons oner certaln advantages over tradltlonal government regulatlon when lt comes to
establlshlng globally appllcable rules and guldellnes that promote lnnovatlon and protect consumers.
Multlstakeholder-developed codes of conduct, comblned wlth exlstlng mutual recognltlon frameworks,
hold the promlse of greatly slmpllfylng companles compllance burdens.
whlle the Safe Harbor Prameworks have proven to be valuable ln facllltatlng transatlantlc trade, they
are not perfect solutlons for all U.S. entltles. Sectors not regulated by the PTC, such as nanclal servlces,
telecommunlcatlons common carrlers, and lnsurance, are not covered by the Safe Harbor Prameworks.
Some companles ln these sectors have lndlcated that they would llke to see an lmproved envlronment
for transatlantlc data transfers.
To bulld on the success of the Safe Harbor Prameworks, the Admlnlstratlon, through the Departments
of Commerce and State, plans to develop addltlonal mechanlsmssuch as [olntly developed codes of
conductthat support mutual recognltlon of legal reglmes, facllltate the free now of lnformatlon, and
address emerglng prlvacy challenges. The Admlnlstratlon hopes to lnclude lnternatlonal stakeholders
ln the multlstakeholder processes. The Safe Harbor Prameworks could one day be supplemented by
codes of conduct renectlng transatlantlc consensus on lmportant, emerglng prlvacy lssues.
C. Enforcement Cooperation
To reallze global lnteroperablllty ln data protectlon, mutual recognltlon must be accompanled by robust
enforcement cooperatlon. Such collaboratlon, whether bllateral or multllateral, ls necessary to address
lnformatlon sharlng among data protectlon authorltles.
Lmpowered by leglslatlon that grants lt greater authorlty to cooperate wlth forelgn counterparts, the
PTC helped to create the Global Prlvacy Lnforcement Network (GPLN). GPLN alms to further the devel-
opment of prlvacy enforcement prlorltles, sharlng of best practlces, and support for [olnt enforcement
lnltlatlves. The PTC ls lnvolved ln a number of other lnternatlonal organlzatlons, lncludlng the OLCD,
APLC, the Asla-Paclc Prlvacy Authorltles forum, and the |nternatlonal Conference of Data Protectlon and
Prlvacy Commlssloners. The work of the Unlted States Government ln GPLN, the OLCD, APLC, and other
venues ls lncreaslng collaboratlon ln prlvacy lnvestlgatlons and enforcement actlons globally. Glven that
|nternet-based servlces reach lndlvlduals ln [urlsdlctlons around the world, lt ls nelther enectlve nor wlse
pollcy for governments to enforce natlonal data prlvacy leglslatlon ln lsolatlon.
4l. Por a summary of the PTCs enforcement of the U.S.-LU Safe Harbor Pramework, see PTC, PTC Settles wlth Slx
Companles Clalmlng to Comply wlth |nternatlonal Prlvacy Pramework, Oct. 6, 2009,
http://www.ftc.gov/opa/2009/l0/safeharbor.shtm. See also In re Google, |nc., Complalnt, at 7 Plle No. l02 3l36, Mar. 30,
20ll (alleglng respondent dld not adhere to the US Safe Harbor Prlvacy Prlnclples of Notlce and Cholce).
35 + +
VI. Enacting Consumer Data
Privacy Legislation
The Admlnlstratlon urges Congress to pass leglslatlon adoptlng the Consumer Prlvacy 8lll of Plghts.
Leglslatlon would promote trust ln the dlgltal economy by provldlng a baslc set of prlvacy rlghts
throughout areas of the commerclal sector that are not currently sub[ect to speclc Pederal data prlvacy
leglslatlon. The nexlble approach that the Admlnlstratlon supports wlll allow companles to lmplement
the Consumer Prlvacy 8lll of Plghts ln ways that t the context ln whlch they do buslness.
A. Codify the Consumer Privacy Bill of Rights
Congress should act to protect consumers from vlolatlons of the rlghts dened ln the Admlnlstratlons
proposed Consumer Prlvacy 8lll of Plghts. These rlghts provlde clear protectlon for consumers and
dene rules of the road for the rapldly growlng marketplace for personal data." The leglslatlon should
permlt the PTC and State Attorneys General to enforce these rlghts dlrectly. The leglslatlon wlll need
to state companles obllgatlons under the Consumer Prlvacy 8lll of Plghts wlth greater speclclty than
thls document provldes. The Consumer Prlvacy 8lll of Plghts ls a gulde for the Admlnlstratlon to work
collaboratlvely wlth Congress on statutory language."`
To provlde greater legal certalnty and to encourage the development and adoptlon of lndustry-speclc
codes of conduct, the Admlnlstratlon also supports leglslatlon that authorlzes the PTC to revlew codes
of conduct and grant companles that commlt to adhereand do adhereto such codes forbearance
from enforcement of provlslons of the leglslatlon.
|n addltlon, consumer data prlvacy leglslatlon should avold:
r Addlng dupllcatlve or overly burdensome regulatory requlrements to companles that are
already adherlng to leglslatlvely adopted prlvacy prlnclples.
r Prescrlblng technology-speclc means of complylng wlth the laws obllgatlons.
r Precludlng new buslness models that are conslstent wlth the Consumer Prlvacy 8lll of Plghts
ln general but may lnvolve new uses of personal lnformatlon not contemplated at the tlme the
statute ls wrltten.
r Alterlng exlstlng statutory or regulatory authorltles pursuant to whlch the government may
obtaln lnformatlon that ls necessary to asslst ln conductlng border searches, lnvestlgatlng
crlmlnal conduct or other vlolatlons of law, or protectlng publlc safety and natlonal securlty.
42. The Admlnlstratlon ls separately conslderlng the need to amend laws pertalnlng to the governments access
to data ln the possesslon of prlvate partles, lncludlng the Llectronlc Communlcatlons Prlvacy Act, to address changes ln
technology.
43. |n the absence of leglslatlon, the Consumer Prlvacy 8lll of Plghts set forth ln thls document provldes guldance
for stakeholders and does not alter the PTCs exlstlng enforcement authorlty under PTC Act 5.
36 + +
r Contravenlng the ablllty of law enforcement to lnvestlgate and prosecute crlmlnal acts, and
ensure publlc safety.
r Alterlng exlstlng statutory, regulatory, or pollcy authorltles that apply to the governments
lnformatlon practlces or address prlvacy lssues outslde of a purely commerclal, consumer-
orlented context.
B. Grant the FTC Direct Enforcement Authority
The Admlnlstratlon encourages Congress to grant the PTC the authorlty to enforce each element
of the statutory Consumer Prlvacy 8lll of Plghts."" Thls authorlty would provlde greater certalnty to
consumers and companles both. Companles would begln wlth a clearer roadmap to thelr prlvacy obll-
gatlons. Consumers would benet from knowlng that Congress has empowered the PTC to enforce a
comprehenslve set of prlvacy protectlons ln the commerclal marketplace. At the same tlme, a statute
that allows the PTC to enforce the Consumer Prlvacy 8lll of Plghts dlrectly would provlde nexlblllty and
permlt the PTC to address emerglng prlvacy lssues through speclc enforcement actlons governed by
appllcable procedural safeguards. Companles seeklng even greater certalnty under such leglslatlon
should use the multlstakeholder process and enforcement safe harbor dlscussed below to develop
context-speclc codes of conduct ln a tlmely fashlon. The Admlnlstratlon recommends that Congress
grant the same authorlty to State Attorneys General. So long as they coordlnate wlth the PTC ln thelr
enforcement actlons, States could provlde addltlonal enforcement resources and a conslderable source
of consumer data prlvacy expertlse.
|n domalns lnvolvlng rapld changes ln technology and buslness practlces, Congress has chosen to cre-
ate nexlble standards rather than tallorlng them to technologles and practlces that exlst at the tlme lt
passes a law. |n the realm of antltrust, for example, the Sherman Act prohlblts agreements ln restralnt of
trade."' The Copyrlght Act denes baslc terms such as coples, devlces, and processes wlth reference
to technologles now known or later developed."" And, ln the realm of data prlvacy, the PTC has brought
numerous enforcement actlons under the PTC Act Sectlon 5s prohlbltlon on unfalr or deceptlve acts or
practlces. A comblnatlon of agency guldellnes, [udlclal lnterpretatlon, and lndustry practlces provldes
lnterpretatlons of these terms to allow lndlvlduals and companles to determlne wlth greater certalnty
whether thelr conduct complles wlth these general laws.
The Admlnlstratlon encourages Congress to follow a slmllar path wlth basellne consumer data prl-
vacy leglslatlon. |t ls lmportant that a basellne statute provlde a level playlng eld for companles, a
conslstent set of expectatlons for consumers, and greater clarlty and transparency ln the basls for PTC
enforcement actlons. The PTC also could engage the publlc to clarlfy how lt wlll enforce the statutory
Consumer Prlvacy 8lll of Plghts. The prlmary mechanlsms to clarlfy the statutes requlrements should
be the multlstakeholder process and enforcement safe harbor, based on enforceable codes of conduct,
as dlscussed below. The more tradltlonal modes of clarlfylng general statutory requlrements, however,
could also play a helpful role.
44. The PTC refers clvll penalty actlons to the Department of 1ustlce, whlch may brlng an actlon wlthln 45 days. |f
the Department of 1ustlce decllnes to lltlgate, the PTC may prosecute the case ltself. See, e.g., l5 U.S.C. 56(a).
45. l5 U.S.C l.
46. l7 U.S.C. l0l.
VI. ENACTI NG CONSUMER DATA PRI VACY LEGI SLATI ON
37 + +
C. Provide Legal Certainty Through an Enforcement Safe Harbor
The Admlnlstratlon supports authorlzlng the PTC to provlde greater assurance to companles that adopt
enforceable codes of conduct than ls posslble under current law. Two leglslatlve structures would help
to accompllsh thls goal. Plrst, the PTC should have expllclt authorlty to revlew codes of conduct agalnst
the Consumer Prlvacy 8lll of Plghts, as they are set forth ln leglslatlon. Leglslatlon should requlre the
PTC to revlew codes submltted for revlew wlthln a reasonable amount of tlme (e.g., l80 days), requlre
the PTC to conslder publlc comments on a code, llmlt lts revlew authorlty to approvlng or re[ectlng
a code that renects the consensus of all partlclpants ln the multlstakeholder process, and establlsh a
perlod for revlewlng approved codes to ensure that they sumclently protect consumer prlvacy ln llght
of technologlcal and market changes. The record from the multlstakeholder process that produced a
codeand partlcularly the presence of general consensus on lts provlslonswould help to gulde the
PTCs assessment of whether a code sumclently lmplements the Consumer Prlvacy 8lll of Plghts. 8ecause
the outcome of PTC revlew wlll llkely lnnuence companles declslons to adopt codes of conductthe
end result of the multlstakeholder processlt ls approprlate to determlne the detalls of PTC revlew
through a process that ls open to all stakeholders. These detalls, however, need to be legally blnd-
lng. Accordlngly, the Admlnlstratlon recommends that Congress grant the PTC authorlty under the
Admlnlstratlve Procedure Act (5 U.S.C. 552 et seq.) to lssue rules that establlsh a falr and transparent
process for revlewlng and approvlng codes of conduct.
The second element that the Admlnlstratlon recommends ls glvlng the PTC the authorlty to grant a safe
harborthat ls, forbearance from enforcement of the statutory Consumer Prlvacy 8lll of Plghtsto
companles that follow a code of conduct that the PTC has revlewed and approved. Companles that
decllne to adopt a code of conduct, or choose not to seek PTC revlew of a code that they do adopt, would
slmply be sub[ect to the general obllgatlons of the leglslatlvely adopted Consumer Prlvacy 8lll of Plghts.
D. Balance Federal and State Roles in Consumer Data Privacy Protection
Pederal leglslatlon that enacts a Consumer Prlvacy 8lll of Plghts should provlde a natlonal standard for
protectlng consumer data prlvacy where exlstlng Pederal data prlvacy statutes do not apply. Natlonally
unlform consumer data prlvacy rules are necessary to create certalnty for companles and conslstent
protectlons for consumers. These rules should take lnto conslderatlon the need for certaln lnformatlon
to be avallable for law enforcement-related purposes. Moreover, natlonal unlformlty ls cruclal to preserv-
lng the lncentlves that the Admlnlstratlons framework provldes through the multlstakeholder process.
Stakeholders lncentlves to partlclpate ln the multlstakeholder process, and companles lncentlves to
adopt codes of conduct, would be dlmlnlshed lf States enacted laws wlth more strlngent requlrements.
The Admlnlstratlon therefore recommends that Congress preempt State laws to the extent they are
lnconslstent wlth the Consumer Prlvacy 8lll of Plghts as enacted and applled. The Admlnlstratlon also
recommends that Congress provlde forbearance from enforcement of State laws agalnst companles
that adopt and comply wlth PTC-approved codes of conduct.
The Admlnlstratlons proposed approach preserves lmportant pollcymaklng and enforcement roles
for the States. States can and should play a hlghly constructlve role ln the multlstakeholder process.
The Admlnlstratlon also supports grantlng State Attorneys General wlth the authorlty to enforce the
38 + +
Consumer Prlvacy 8lll of Plghts. Taken together, these mechanlsms wlll provlde States means to address
consumer data prlvacy lssues that States ldentlfy whlle malntalnlng unlformlty at the natlonal level.
The Admlnlstratlon wlll also work wlth Congress, States, the prlvate sector, and other stakeholders to
determlne whether there are speclc sectors ln whlch States could enact laws that would not dlsrupt the
broader unlformlty the Admlnlstratlon seeks ln consumer data prlvacy protectlons. Por example, lt may
be approprlate to allow States to enact laws that apply the Consumer Prlvacy 8lll of Plghts to personal
data ln sectors they closely regulate, such as retall electrlclty dlstrlbutlon."
E. Preserve Eective Protections in Existing Federal Data Privacy Laws
Consumer data prlvacy leglslatlon should preserve exlstlng sector-speclc Pederal laws that enectlvely
protect personal data, mlnlmlze the dupllcatlon of legal requlrements, and provlde consumers wlth a
clear sense of what protectlons they have and who enforces them. where exlstlng Pederal laws do not
meet these guldellnes, however, the Admlnlstratlon encourages Congress to conslder how consumer
data prlvacy leglslatlon could slmpllfy exlstlng requlrements, to the benet of consumers and companles.
|n general, the sector-speclc Pederal data prlvacy laws establlsh legal obllgatlons that are tallored to
the sensltlvlty of personal data used and the prevalllng practlces ln those sectors."" Por lnstance, H|PAA
and the H|PAA Prlvacy and Securlty Pules regulate the collectlon, use, and dlsclosure of personal health
lnformatlon by healthcare provlders, lnsurers, and health lnformatlon clearlnghouses. H|PAA permlts by
default personal health lnformatlon practlces that are necessary or commonly accepted ln the healthcare
context, such as dlsclosures of personal health lnformatlon between two healthcare provlders ln order
to treat a patlent. Pederal data prlvacy laws that apply to educatlon, credlt reportlng, nanclal servlces,
and the collectlon of chlldrens personal data are examples of slmllarly well-tallored requlrements.
1. Create Comprehensive Privacy Protection Without Duplicating Burdens
To avold creatlng dupllcatlve regulatory burdens, the Admlnlstratlon supports exemptlng companles
from consumer data prlvacy leglslatlon to the extent that thelr actlvltles are sub[ect to exlstlng Pederal
data prlvacy laws. However, actlvltles wlthln such companles that do not fall under an exlstlng data
prlvacy law would be covered by the leglslatlon that the Admlnlstratlon proposes. The alternatlve
exemptlng entlre entltles that are sub[ect to an exlstlng Pederal data prlvacy lawcould allow the
exceptlon to swallow the rule. Por example, the Gramm-Leach-8llley Act (GL8) requlres nanclal lnstltu-
tlons to take certaln prlvacy and securlty precautlons wlth nonpubllc personal lnformatlon. |f entltles
that are sub[ect to GL8 were exempt from a basellne consumer data prlvacy law for non-GL8-covered
personal data, the basellne statutes enectlveness could be slgnlcantly dlmlnlshed.
47. |ndeed, the Admlnlstratlon recently called for State publlc utllltles commlsslons to follow prlvacy prlnclples
that are very slmllar to those ln the Consumer Prlvacy 8lll of Plghts ln order to protect personal data assoclated wlth the
smart electrlc grld. See supra note 23.
48. Thls llmltatlon also means that the laws that regulate the Pederal governments collectlon, use, and dlsclosure
of personal data are beyond the frameworks scope.
VI. ENACTI NG CONSUMER DATA PRI VACY LEGI SLATI ON
39 + +
2. Amend Laws That Create Inconsistent or Confusing Requirements
8ecause exlstlng Pederal laws treat slmllar technologles wlthln the communlcatlons sector dlnerently,"'
the Admlnlstratlon supports slmpllfylng and clarlfylng the legal landscape and maklng the PTC respon-
slble for enforclng the Consumer Prlvacy 8lll of Plghts agalnst communlcatlons provlders.
F. Set a National Standard for Security Breach Notication
|n the speclc area of securlty breaches, the Admlnlstratlon supports creatlng a natlonal standard under
whlch companles must notlfy consumers of unauthorlzed dlsclosures of certaln klnds of personal data.
Securlty breach notlcatlon (S8N) laws enectlvely promote the protectlon of sensltlve personal data.
They requlre companles ln certaln sltuatlons to notlfy consumers whose personal data was exposed
to unauthorlzed reclplents. Notlce helps consumers protect themselves agalnst harms such as ldentlty
theft. |t also provldes companles wlth lncentlves to establlsh better data securlty ln the rst place. The
S8N model ls also galnlng acceptance lnternatlonally as a performance-based requlrement that enec-
tlvely protects consumers.
Currently, 47 States, the Dlstrlct of Columbla, and several U.S. Terrltorles, have S8N laws. varlatlons ln
States have allowed a sense of the most enectlve approaches to emerge, but the need for natlonal unl-
formlty ls now evldent. The patchwork of State laws creates slgnlcant burdens for companles wlthout
much countervalllng benet for consumers. As part of lts comprehenslve cybersecurlty leglslatlve pack-
age, the Admlnlstratlon recommended creatlng a natlonal standard for notlfylng consumers ln the event
that there are unauthorlzed dlsclosures of certaln types of personal data.'" Thls natlonal standard would
replace the varlous State standards that exlst today and preempt future State leglslatlon ln thls area.
49. See, e.g., 47 U.S.C. 222, 338 & 55l (requlrlng telecommunlcatlons carrlers, satelllte carrlers, and cable
servlces, respectlvely, to protect customers personal lnformatlon).
50. The whlte House, Data 8reach Notlcatlon Leglslatlve Language, May 20ll, http://www.whltehouse.gov/sltes/
default/les/omb/leglslatlve/letters/data-breach-notlcatlon.pdf.
4l + +
VII. Federal Government Leadership in
Improving Individual Privacy Protections
|n areas other than consumer data prlvacy, the Admlnlstratlon ls contlnulng the Pederal governments
long hlstory of champlonlng data prlvacy protectlons ln the publlc and prlvate spheres. Thls hlstory stems
from the early days of computerlzed data processlng. |n l973, the Department of Health, Lducatlon,
and welfare (HLw) Advlsory Commlttee on Automated Personal Data Systems lssued a report entltled
Pecords, Computers, and the Plghts of Cltlzens. Thls landmark report provlded an early statement of the
P|PPs that provlde a foundatlon for the Admlnlstratlons Consumer Prlvacy 8lll of Plghts.
Slnce then, the Pederal government has led the way ln demonstratlng that protectlng prlvacy ls lntegral
to conductlng the Natlons buslness. No slngle event or pollcy need has spurred thls actlvlty. |n some
cases, Pederal agencles conslder prlvacy lssues ln response to speclc Congresslonal mandates. |n other
cases, Pederal agencles lntegrate prlvacy lnto lnnovatlve lnltlatlves that advance thelr core mlsslons. The
actlvltles of Pederal agencles wlth dutles that range across a broad array of economlc sectorslncludlng
healthcare, nanclal servlces, and educatlonlllustrate the Admlnlstratlons commltment to promot-
lng best practlces, enabllng new servlces, provldlng tools to address many dlnerent prlvacy lssues, and
enforclng lndlvldual prlvacy rlghts.
A. Enabling New Services
Llke the prlvate sector, Pederal agencles must confront data prlvacy lssues when dellverlng servlces to
the publlc. A partlcularly challenglng set of prlvacy lssues arlses ln connectlon wlth dellverlng healthcare
to the Natlons veterans. The Department of veterans Analrs (vA) provldes healthcare for 8.3 mllllon
enrolled veterans through more than l,400 facllltles dlstrlbuted across the Natlon. To help manage a
healthcare operatlon of thls scale and scope emclently and cost-enectlvely, the vA ls contlnulng to lncor-
porate lnformatlon technology lnto lts healthcare dellvery system. Protectlng the prlvacy of veterans
health lnformatlon ls essentlal to the success of thls endeavor.
vA recently launched an lnltlatlve that demonstrates how careful attentlon to prlvacy and securlty pro-
tectlons for personal health lnformatlon can lead to slgnlcant advances ln how healthcare ls dellvered.
vA lncorporated prlvacy and securlty protectlons lnto lts My Healthevet Personal Health Pecord. Thls
system ls a gateway to lnformatlon that helps veterans to enable thelr careglvers to dellver better care
and provldes other |nternet-based tools that empower veterans to become actlve partners ln thelr health
care. The vAs 8lue 8utton servlce allows veterans to download an electronlc copy of thelr Healthevet
lnformatlon ln a secure manner.
42 + +
How Administration Action Is Enabling Privacy in Other Areas
t Integrating Privacy into Cybersecurity Initiatives. Protectlng prlvacy ls a prlorlty ln the
Admlnlstratlons enorts to secure onllne envlronments for contlnulng lncreases ln produc-
tlvlty, lnnovatlon, and support for new buslness ventures. Led by the Natlonal |nstltute of
Standards and Technology (N|ST), the National Strategy for Trusted Identities in Cyberspace
calls for a partnershlp wlth the commerclal sector to develop more standardlzed, secure,
and prlvacy-enhanclng ways to authentlcate lndlvlduals onllne.
t Enhancing Transparency in Credit Markets. The Admlnlstratlon ls ensurlng that prlvacy
protectlons keep pace wlth developments ln uses of personal data ln settlng the terms
of consumer credlt. The Pederal Peserve 8oard, together wlth the PTC, lssued a rule that
requlres credltors to provlde a consumer wlth notlce when, based on the consumers
credlt report, the credltor provldes credlt to the consumer on less favorable terms than lt
provldes to other consumers. Thls rule also entltles consumers who are notled of such
rlsk-based prlclng to obtaln a free credlt report, so that they can check whether the
lnformatlon credltors use ls accurate.
B. Protecting Privacy Through Eective Enforcement
The PTC has used lts clvll enforcement authorlty agalnst those commerclal enterprlses that fall to follow
Commlsslon rules or act ln an unfalr or deceptlve manner. Slnce 2009, the PTC has taken actlons agalnst
companles that have falled to exerclse reasonable care to secure sensltlve personal and medlcal lnfor-
matlon, represented that they ablde by the U.S.-LU or U.S.-Swlss Safe Harbor agreements when they do
not or they have allowed these certlcatlons to lapse, or that mlsrepresent the use of tracklng software.
The PTC also prosecuted actlons lnvolvlng deceptlve practlces by onllne seal provlders, soclal medla
companles, and companles clalmlng to protect ldentltles. |n addltlon, the PTC prosecuted cases under
the Telemarketlng Sales Pule, the COPPA Pule, the Palr Credlt Peportlng Act, and the GL8 Safeguards Pule.
The Admlnlstratlon also takes enforclng statutory prlvacy rlghts serlously. Pederal agencles wlth law
enforcement authorlty have taken actlon agalnst those who vlolate prlvacy rlghts. Por example, the
Department of 1ustlce (DO1) aggresslvely prosecutes cases lnvolvlng ldentlty theftthe use of mlsappro-
prlated personal data that can cause llfe-dlsruptlng and economlcally devastatlng harm to lts vlctlms. |n
20l0 alone, DO1s Unlted States Attorneys Omces prosecuted nearly l300 cases lnvolvlng ldentlty theft,
and U.S. Attorneys have brought nearly 700 ldentlty theft cases ln the current scal year. DO1, asslsted
by lnvestlgators from the Pederal 8ureau of |nvestlgatlon and Department of Homeland Securlty (DHS)
components such as Unlted States Secret Servlce and U.S. |mmlgratlon and Customs Lnforcement, also
vlgorously prosecutes lndlvlduals who obtaln personal data (and other lnformatlon) by breaklng lnto
computers. Taken together, these enorts help protect the condentlallty of personal data and brlng
[ustlce for vlctlms of ldentlty theft and other crlmes that lnvolve the mlsuse of personal data.
VII. FEDERAL GOVERNMENT LEADERSHIP IN IMPROVING INDIVIDUAL PRIVACY PROTECTIONS
43 + +
C. Guidance for Protecting Privacy
Pederal agencles are also devotlng resources to produclng guldance on data prlvacy that has broad
appllcablllty ln the prlvate sector. The Department of Health and Human Servlces (HHS), for example,
has lssued guldance that analyzes some of the fundamental lssues surroundlng responses to securlty
breaches that lnvolve personally ldentlable lnformatlon. |n 2009, the Department of Health and Human
Servlces Omce for Clvll Plghts (OCP) lssued guldance on when health lnformatlon ls consldered to be
secure (and therefore exempt from breach notlcatlon requlrements) by speclfylng the technologles
and methodologles that render protected health lnformatlon unusable, unreadable, or lndeclpherable.
|n 20l0, OCP also lssued guldance on conductlng a rlsk analysls under the H|PAA Securlty Pule. OCP
plans to lssue addltlonal guldance on the H|PAA Prlvacy Pules mlnlmum necessary standard and on
de-ldentlcatlon of health lnformatlon under the H|PAA Prlvacy Pule.
Pederal agencles are also provldlng guldance on how to make more enectlve use of exlstlng prlvacy-
protectlng measures. |n 2009, elght Pederal agencles released a model prlvacy notlce form that nanclal
lnstltutlons can opt to use for thelr prlvacy notlces to consumers requlred by GL8. Use of the model form
provldes a legal safe harbor for compllance wlth the GL8 Prlvacy Pule, though the model form ls not
requlred. The agencles conducted extenslve consumer research and testlng ln developlng the model
form to ensure that consumers can easlly understand what nanclal lnstltutlons do wlth thelr personal
lnformatlon and compare dlnerent lnstltutlons lnformatlon sharlng practlces.
44 + +
Other Signicant Administration Guidance on Privacy:
t Raising Public Awareness of Privacy and Data Security. DHS ls leadlng a natlonal publlc
awareness enort called Stop. Think. Connect. to lnform the Amerlcan publlc of the need to
strengthen cybersecurlty and to provlde practlcal tlps to help Amerlcans lncrease thelr
safety and securlty onllne. |n addltlon, the PTC has lssued guldes explalnlng measures that
consumers and companles can take to protect chlldrens prlvacy onllne, mlnlmlze the rlsk
of medlcal ldentlty theft, and prevent the loss of sensltlve data through peer-to-peer le
sharlng appllcatlons.
t Applying Privacy Principles to New Technologies. The Admlnlstratlon ls demonstratlng
that the same prlvacy prlnclples that lnform the general consumer data prlvacy framework
developed here also apply to speclc, emerglng contexts. The Smart Grldthe lncorpo-
ratlon of lnformatlon technologles to make the electrlc grld more emclent, more accom-
modatlng of clean sources of energy, and a source of new [obs and lnnovatlonprovldes
an excellent example. Over the past two years, the Department of Lnergy and the Natlonal
|nstltute of Standards and Technology engaged wlth stakeholders to understand prlvacy
lssues that could arlse from thls promlslng new technology. Thls work culmlnated ln the
Admlnlstratlons Policy Framework for The 21st Century Grid: Enabling Our Secure Energy
Future, whlch recommends that States make comprehenslve P|PPs the startlng polnt for
protectlng the detalled energy usage data that the Smart Grld wlll generate.
D. Integrating Privacy Into the Structure of Federal Agencies
Plnally, Pederal agencles are leadlng the way ln lncorporatlng prlvacy lnto thelr structure and opera-
tlons and ln developlng accountable organlzatlons. Some of these accountablllty-enhanclng practlces
and tools have dlnused to the prlvate sector and across the globe. Por example, the |nternal Pevenue
Servlce and DHS ploneered the use of prlvacy lmpact assessments (P|As), whlch provlde for structured
assessments of the potentlal prlvacy lssues arlslng from new lnformatlon systems and, under the
L-Government Act of 2002, are now requlred of Pederal agencles under some clrcumstances. 8ulldlng
on enorts of prevlous Admlnlstratlons, thls Admlnlstratlon has extended the use of P|As to soclal medla.
Slnce thelr lnltlal development wlthln the Pederal government, P|As have become wldely used ln the
prlvate sector and wlthln the Luropean Unlon. Pederal agencles also contlnue to make prlvacy profes-
slonals part of thelr senlor leadershlp structures. Many Pederal agencles have full-tlme, professlonal chlef
prlvacy omcers, who engage on prlvacy lssues wlthln thelr agencles, ln broader dlscusslons wlthln the
Pederal government, and wlth the general publlc.
45 + +
VIII. Conclusion
The Unlted States ls commltted to protectlng prlvacy. |t ls an element of lndlvldual dlgnlty and an aspect
of partlclpatlon ln democratlc soclety. To an lncreaslng extent, prlvacy protectlons have become crltlcal
to the lnformatlon-based economy. Stronger consumer data prlvacy protectlons wlll buttress the trust
that ls necessary to promote the full economlc, soclal, and polltlcal uses of networked technologles. The
lncreaslng quantltles of personal data that these technologles sub[ect to collectlon, use, and dlsclosure
have fueled lnnovatlon and slgnlcant soclal benets. we can preserve these benets whlle also ensur-
lng that our consumer data prlvacy pollcy better renects the value that Amerlcans place on prlvacy and
bolsters trust ln the |nternet and other networked technologles.
The framework set forth ln the precedlng pages provldes a way to achleve these goals. The Consumer
Prlvacy 8lll of Plghts should be the legal basellne that governs consumer data prlvacy ln the Unlted
States. The Admlnlstratlon wlll work wlth Congress to brlng thls about, but lt wlll also work wlth prlvate-
sector stakeholders to adopt the Consumer Prlvacy 8lll of Plghts ln the absence of leglslatlon. To encour-
age adoptlon, the Department of Commerce wlll convene multlstakeholder processes to encourage
the development of enforceable, context-speclc codes of conduct. The Unlted States Government wlll
engage wlth our lnternatlonal partners to lncrease the lnteroperablllty of our respectlve consumer data
prlvacy frameworks. Pederal agencles wlll contlnue to develop lnnovatlve prlvacy-protectlng programs
and guldance as well as enforce the broad array of exlstlng Pederal laws that protect consumer prlvacy.
A cornerstone of thls framework ls lts call for the ongolng partlclpatlon of prlvate-sector stakeholders.
The vlews that companles, clvll soclety, academlcs, and advocates provlded to the Admlnlstratlon
through wrltten comments, publlc symposla, and lnformal dlscusslons have been lnvaluable ln shap-
lng thls framework. |mplementlng lt, and maklng progress toward consumer data prlvacy protectlons
that support a more trustworthy networked world, wlll requlre all of us to contlnue to work together.
47 + +
Appendix A: e Consumer
Privacy Bill of Rights
CONSUMER PRIVACY BILL OF RIGHTS
The Consumer Prlvacy 8lll of Plghts applles to personal data, whlch means any data, lncludlng aggre-
gatlons of data, whlch ls llnkable to a speclc lndlvldual. Personal data may lnclude data that ls llnked
to a speclc computer or other devlce. The Admlnlstratlon supports Pederal leglslatlon that adopts
the prlnclples of the Consumer Prlvacy 8lll of Plghts. Lven wlthout leglslatlon, the Admlnlstratlon wlll
convene multlstakeholder processes that use these rlghts as a template for codes of conduct that are
enforceable by the Pederal Trade Commlsslon. These elementsthe Consumer Prlvacy 8lll of Plghts,
codes of conduct, and strong enforcementwlll lncrease lnteroperablllty between the U.S. consumer
data prlvacy framework and those of our lnternatlonal partners.
1. INDIVIDUAL CONTROL: Consumers have a right to exercise control over what personal
data companies collect from them and how they use it. Companles should provlde consum-
ers approprlate control over the personal data that consumers share wlth others and over how
companles collect, use, or dlsclose personal data. Companles should enable these cholces by
provldlng consumers wlth easlly used and accesslble mechanlsms that renect the scale, scope,
and sensltlvlty of the personal data that they collect, use, or dlsclose, as well as the sensltlvlty
of the uses they make of personal data. Companles should oner consumers clear and slmple
cholces, presented at tlmes and ln ways that enable consumers to make meanlngful declslons
about personal data collectlon, use, and dlsclosure. Companles should oner consumers means
to wlthdraw or llmlt consent that are as accesslble and easlly used as the methods for grantlng
consent ln the rst place.
2. TRANSPARENCY: Consumers have a right to easily understandable and accessible infor-
mation about privacy and security practices. At tlmes and ln places that are most useful
to enabllng consumers to galn a meanlngful understandlng of prlvacy rlsks and the ablllty
to exerclse |ndlvldual Control, companles should provlde clear descrlptlons of what personal
data they collect, why they need the data, how they wlll use lt, when they wlll delete the data
or de-ldentlfy lt from consumers, and whether and for what purposes they may share personal
data wlth thlrd partles.
3. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will collect,
use, and disclose personal data in ways that are consistent with the context in which
consumers provide the data. Companles should llmlt thelr use and dlsclosure of personal data
to those purposes that are conslstent wlth both the relatlonshlp that they have wlth consumers
and the context ln whlch consumers orlglnally dlsclosed the data, unless requlred by law to
do otherwlse. |f companles wlll use or dlsclose personal data for other purposes, they should
provlde helghtened Transparency and |ndlvldual Control by dlscloslng these other purposes ln
a manner that ls promlnent and easlly actlonable by consumers at the tlme of data collectlon. |f,
48 + +
subsequent to collectlon, companles declde to use or dlsclose personal data for purposes that
are lnconslstent wlth the context ln whlch the data was dlsclosed, they must provlde helghtened
measures of Transparency and |ndlvldual Cholce. Plnally, the age and famlllarlty wlth technol-
ogy of consumers who engage wlth a company are lmportant elements of context. Companles
should fulll the obllgatlons under thls prlnclple ln ways that are approprlate for the age and
sophlstlcatlon of consumers. |n partlcular, the prlnclples ln the Consumer Prlvacy 8lll of Plghts
may requlre greater protectlons for personal data obtalned from chlldren and teenagers than
for adults.
4. SECURITY: Consumers have a right to secure and responsible handling of personal data.
Companles should assess the prlvacy and securlty rlsks assoclated wlth thelr personal data
practlces and malntaln reasonable safeguards to control rlsks such as loss, unauthorlzed access,
use, destructlon, or modlcatlon, and lmproper dlsclosure.
5. ACCESS AND ACCURACY: Consumers have a right to access and correct personal data in
usable formats, in a manner that is appropriate to the sensitivity of the data and the risk
of adverse consequences to consumers if the data is inaccurate. Companles should use
reasonable measures to ensure they malntaln accurate personal data. Companles also should
provlde consumers wlth reasonable access to personal data that they collect or malntaln about
them, as well as the approprlate means and opportunlty to correct lnaccurate data or request lts
deletlon or use llmltatlon. Companles that handle personal data should construe thls prlnclple
ln a manner conslstent wlth freedom of expresslon and freedom of the press. |n determlnlng
what measures they may use to malntaln accuracy and to provlde access, correctlon, deletlon,
or suppresslon capabllltles to consumers, companles may also conslder the scale, scope, and
sensltlvlty of the personal data that they collect or malntaln and the llkellhood that lts use may
expose consumers to nanclal, physlcal, or other materlal harm.
6. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal
data that companies collect and retain. Companles should collect only as much personal
data as they need to accompllsh purposes specled under the Pespect for Context prlnclple.
Companles should securely dlspose of or de-ldentlfy personal data once they no longer need
lt, unless they are under a legal obllgatlon to do otherwlse.
7. ACCOUNTABILITY: Consumers have a right to have personal data handled by companies
with appropriate measures in place to assure they adhere to the Consumer Privacy Bill
of Rights. Companles should be accountable to enforcement authorltles and consumers for
adherlng to these prlnclples. Companles also should hold employees responslble for adherlng
to these prlnclples. To achleve thls end, companles should traln thelr employees as approprlate
to handle personal data conslstently wlth these prlnclples and regularly evaluate thelr perfor-
mance ln thls regard. where approprlate, companles should conduct full audlts. Companles that
dlsclose personal data to thlrd partles should at a mlnlmum ensure that the reclplents are under
enforceable contractual obllgatlons to adhere to these prlnclples, unless they are requlred by
law to do otherwlse.
49 + +
A
p
p
e
n
d
i
x

B
:

C
o
m
p
a
r
i
s
o
n

o
f

t
h
e

C
o
n
s
u
m
e
r

P
r
i
v
a
c
y

B
i
l
l

o
f

R
i
g
h
t
s

t
o

O
t
h
e
r

S
t
a
t
e
m
e
n
t
s

o
f

t
h
e

F
a
i
r

I
n
f
o
r
m
a
t
i
o
n

P
r
a
c
t
i
c
e

P
r
i
n
c
i
p
l
e
s

(
F
I
P
P
s
)
C
o
n
s
u
m
e
r

P
r
i
v
a
c
y

B
i
l
l

o
f

R
i
g
h
t
s
O
E
C
D

P
r
i
v
a
c
y

G
u
i
d
e
l
i
n
e
s

(
e
x
c
e
r
p
t
s
)
D
H
S

P
r
i
v
a
c
y

P
o
l
i
c
y

(
g
e
n
e
r
a
l
i
z
e
d
)
A
P
E
C

P
r
i
n
c
i
p
l
e
s

(
e
x
c
e
r
p
t
s
)
I
n
d
i
v
i
d
u
a
l

C
o
n
t
r
o
l
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

e
x
e
r
c
l
s
e

c
o
n
t
r
o
l

o
v
e
r

w
h
a
t

p
e
r
s
o
n
a
l

d
a
t
a

t
h
a
t

c
o
m
p
a
n
l
e
s

c
o
l
l
e
c
t

f
r
o
m

t
h
e
m

a
n
d

h
o
w

t
h
e
y

u
s
e

l
t
.
U
s
e

L
i
m
i
t
a
t
i
o
n

P
r
i
n
c
i
p
l
e
.

P
e
r
s
o
n
a
l

d
a
t
a

s
h
o
u
l
d

n
o
t

b
e

d
l
s
c
l
o
s
e
d

.

.

.

e
x
c
e
p
t

w
l
t
h

t
h
e

c
o
n
s
e
n
t

o
f

t
h
e

d
a
t
a

s
u
b
[
e
c
t

o
r

b
y

t
h
e

a
u
t
h
o
r
l
t
y

o
f

l
a
w
.

I
n
d
i
v
i
d
u
a
l

P
a
r
t
i
c
i
p
a
t
i
o
n
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

l
n
v
o
l
v
e

t
h
e

l
n
d
l
v
l
d
u
a
l

l
n

t
h
e

p
r
o
c
e
s
s

o
f

u
s
l
n
g

P
|
|

|
p
e
r
s
o
n
a
l
l
y

l
d
e
n
t
l
a
b
l
e

l
n
f
o
r
m
a
t
l
o
n
|

a
n
d
,

t
o

t
h
e

e
x
t
e
n
t

p
r
a
c
t
l
c
a
b
l
e
,

s
e
e
k

l
n
d
l
v
l
d
u
a
l

c
o
n
s
e
n
t

f
o
r

t
h
e

c
o
l
l
e
c
t
l
o
n
,

u
s
e
,

d
l
s
s
e
m
l
n
a
t
l
o
n
,

a
n
d

m
a
l
n
t
e
n
a
n
c
e

o
f

P
|
|
.
C
h
o
i
c
e
.

w
h
e
r
e

a
p
p
r
o
p
r
l
a
t
e
,

l
n
d
l
v
l
d
u
a
l
s

s
h
o
u
l
d

b
e

p
r
o
v
l
d
e
d

w
l
t
h

c
l
e
a
r
,

p
r
o
m
l
-
n
e
n
t
,

e
a
s
l
l
y

u
n
d
e
r
s
t
a
n
d
a
b
l
e
,

a
c
c
e
s
s
l
b
l
e

a
n
d

a
n
o
r
d
a
b
l
e

m
e
c
h
a
n
l
s
m
s

t
o

e
x
e
r
c
l
s
e

c
h
o
l
c
e

l
n

r
e
l
a
t
l
o
n

t
o

t
h
e

c
o
l
l
e
c
t
l
o
n
,

u
s
e

a
n
d

d
l
s
c
l
o
s
u
r
e

o
f

t
h
e
l
r

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n
.
T
r
a
n
s
p
a
r
e
n
c
y
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

e
a
s
l
l
y

u
n
d
e
r
s
t
a
n
d
a
b
l
e

l
n
f
o
r
m
a
t
l
o
n

a
b
o
u
t

p
r
l
v
a
c
y

a
n
d

s
e
c
u
r
l
t
y

p
r
a
c
t
l
c
e
s
.

O
p
e
n
n
e
s
s

P
r
i
n
c
i
p
l
e
.

T
h
e
r
e

s
h
o
u
l
d

b
e

a

g
e
n
e
r
a
l

p
o
l
l
c
y

o
f

o
p
e
n
n
e
s
s

a
b
o
u
t

d
e
v
e
l
o
p
m
e
n
t
s
,

p
r
a
c
t
l
c
e
s

a
n
d

p
o
l
l
c
l
e
s

w
l
t
h

r
e
s
p
e
c
t

t
o

p
e
r
s
o
n
a
l

d
a
t
a
.
T
r
a
n
s
p
a
r
e
n
c
y
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

b
e

t
r
a
n
s
p
a
r
e
n
t

a
n
d

n
o
t
l
f
y

l
n
d
l
v
l
d
u
a
l
s

r
e
g
a
r
d
l
n
g

c
o
l
l
e
c
t
l
o
n
,

u
s
e
,

d
l
s
s
e
m
l
n
a
-
t
l
o
n
,

a
n
d

m
a
l
n
t
e
n
a
n
c
e

o
f

P
|
|
.
N
o
t
i
c
e
.

P
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

c
o
n
t
r
o
l
-
l
e
r
s

s
h
o
u
l
d

p
r
o
v
l
d
e

c
l
e
a
r

a
n
d

e
a
s
l
l
y

a
c
c
e
s
s
l
b
l
e

s
t
a
t
e
m
e
n
t
s

a
b
o
u
t

t
h
e
l
r

p
r
a
c
t
l
c
e
s

a
n
d

p
o
l
l
c
l
e
s

.

.

.

.
50 + +
C
o
n
s
u
m
e
r

P
r
i
v
a
c
y

B
i
l
l

o
f

R
i
g
h
t
s
O
E
C
D

P
r
i
v
a
c
y

G
u
i
d
e
l
i
n
e
s

(
e
x
c
e
r
p
t
s
)
D
H
S

P
r
i
v
a
c
y

P
o
l
i
c
y

(
g
e
n
e
r
a
l
i
z
e
d
)
A
P
E
C

P
r
i
n
c
i
p
l
e
s

(
e
x
c
e
r
p
t
s
)
R
e
s
p
e
c
t

f
o
r

C
o
n
t
e
x
t
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

e
x
p
e
c
t

t
h
a
t

c
o
m
p
a
n
l
e
s

w
l
l
l

c
o
l
l
e
c
t
,

u
s
e
,

a
n
d

d
l
s
c
l
o
s
e

p
e
r
s
o
n
a
l

d
a
t
a

l
n

w
a
y
s

t
h
a
t

a
r
e

c
o
n
s
l
s
t
e
n
t

w
l
t
h

t
h
e

c
o
n
t
e
x
t

l
n

w
h
l
c
h

c
o
n
s
u
m
e
r
s

p
r
o
v
l
d
e

t
h
e

d
a
t
a
.
P
u
r
p
o
s
e

S
p
e
c
i
c
a
t
i
o
n

P
r
i
n
c
i
p
l
e
.

T
h
e

p
u
r
p
o
s
e
s

f
o
r

w
h
l
c
h

p
e
r
s
o
n
a
l

d
a
t
a

a
r
e

c
o
l
l
e
c
t
e
d

s
h
o
u
l
d

b
e

s
p
e
c
l
e
d

n
o
t

l
a
t
e
r

t
h
a
n

a
t

t
h
e

t
l
m
e

o
f

d
a
t
a

c
o
l
l
e
c
t
l
o
n

a
n
d

t
h
e

s
u
b
s
e
q
u
e
n
t

u
s
e

l
l
m
l
t
e
d

t
o

t
h
e

f
u
l
l
l
m
e
n
t

o
f

t
h
o
s
e

p
u
r
p
o
s
e
s

o
r

s
u
c
h

o
t
h
e
r
s

a
s

a
r
e

n
o
t

l
n
c
o
m
p
a
t
l
b
l
e

w
l
t
h

t
h
o
s
e

p
u
r
p
o
s
e
s

a
n
d

a
s

a
r
e

s
p
e
c
l
e
d

o
n

e
a
c
h

o
c
c
a
s
l
o
n

o
f

c
h
a
n
g
e

o
f

p
u
r
p
o
s
e
.

P
u
r
p
o
s
e

S
p
e
c
i
c
a
t
i
o
n
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

s
p
e
c
l
c
a
l
l
y

a
r
t
l
c
u
l
a
t
e

t
h
e

a
u
t
h
o
r
l
t
y

t
h
a
t

p
e
r
m
l
t
s

t
h
e

c
o
l
l
e
c
t
l
o
n

o
f

P
|
|

a
n
d

s
p
e
c
l
c
a
l
l
y

a
r
t
l
c
u
l
a
t
e

t
h
e

p
u
r
p
o
s
e

o
r

p
u
r
p
o
s
e
s

f
o
r

w
h
l
c
h

t
h
e

P
|
|

l
s

l
n
t
e
n
d
e
d

t
o

b
e

u
s
e
d
.
N
o
t
i
c
e
.

A
l
l

r
e
a
s
o
n
a
b
l
y

p
r
a
c
t
l
c
a
b
l
e

s
t
e
p
s

s
h
a
l
l

b
e

t
a
k
e
n

t
o

e
n
s
u
r
e

t
h
a
t

s
u
c
h

n
o
t
l
c
e

l
s

p
r
o
v
l
d
e
d

e
l
t
h
e
r

b
e
f
o
r
e

o
r

a
t

t
h
e

t
l
m
e

o
f

c
o
l
l
e
c
t
l
o
n

o
f

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n
.

O
t
h
e
r
w
l
s
e
,

s
u
c
h

n
o
t
l
c
e

s
h
o
u
l
d

b
e

p
r
o
v
l
d
e
d

a
s

s
o
o
n

a
f
t
e
r

a
s

l
s

p
r
a
c
t
l
c
a
b
l
e
.
U
s
e

L
i
m
i
t
a
t
i
o
n

P
r
i
n
c
i
p
l
e
.

P
e
r
s
o
n
a
l

d
a
t
a

s
h
o
u
l
d

n
o
t

b
e

d
l
s
c
l
o
s
e
d
,

m
a
d
e

a
v
a
l
l
a
b
l
e

o
r

o
t
h
e
r
w
l
s
e

u
s
e
d

f
o
r

p
u
r
p
o
s
e
s

o
t
h
e
r

t
h
a
n

t
h
o
s
e

s
p
e
c
l
e
d

l
n

a
c
c
o
r
d
a
n
c
e

w
l
t
h

P
a
r
a
g
r
a
p
h

9

|
p
u
r
p
o
s
e

s
p
e
c
l
c
a
t
l
o
n
|

e
x
c
e
p
t

.

.

.

(
a
)

w
l
t
h

t
h
e

c
o
n
s
e
n
t

o
f

t
h
e

d
a
t
a

s
u
b
[
e
c
t
,

o
r

(
b
)

b
y

t
h
e

a
u
t
h
o
r
l
t
y

o
f

l
a
w
.

U
s
e

L
i
m
i
t
a
t
i
o
n
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

u
s
e

P
|
|

s
o
l
e
l
y

f
o
r

t
h
e

p
u
r
p
o
s
e
(
s
)

s
p
e
c
l
-
e
d

l
n

t
h
e

n
o
t
l
c
e
.

S
h
a
r
l
n
g

P
|
|

s
h
o
u
l
d

b
e

f
o
r

a

p
u
r
p
o
s
e

c
o
m
p
a
t
l
b
l
e

w
l
t
h

t
h
e

p
u
r
-
p
o
s
e

f
o
r

w
h
l
c
h

t
h
e

P
|
|

w
a
s

c
o
l
l
e
c
t
e
d
.
U
s
e
s

o
f

P
e
r
s
o
n
a
l

I
n
f
o
r
m
a
t
i
o
n
.

P
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

c
o
l
l
e
c
t
e
d

s
h
o
u
l
d

b
e

u
s
e
d

o
n
l
y

t
o

f
u
l
l
l

t
h
e

p
u
r
p
o
s
e
s

o
f

c
o
l
l
e
c
t
l
o
n

a
n
d

o
t
h
e
r

c
o
m
p
a
t
l
b
l
e

o
r

r
e
l
a
t
e
d

p
u
r
p
o
s
e
s

e
x
c
e
p
t
:

a
)

w
l
t
h

t
h
e

c
o
n
s
e
n
t

o
f

t
h
e

l
n
d
l
v
l
d
u
a
l

w
h
o
s
e

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

l
s

c
o
l
l
e
c
t
e
d
,
b
)

w
h
e
n

n
e
c
e
s
s
a
r
y

t
o

p
r
o
v
l
d
e

a

s
e
r
v
l
c
e

o
r

p
r
o
d
u
c
t

r
e
q
u
e
s
t
e
d

b
y

t
h
e

l
n
d
l
v
l
d
u
a
l
,

o
r
,

c
)

b
y

t
h
e

a
u
t
h
o
r
l
t
y

o
f

l
a
w

a
n
d

o
t
h
e
r

l
e
g
a
l

l
n
s
t
r
u
m
e
n
t
s
,

p
r
o
c
l
a
m
a
t
l
o
n
s

a
n
d

p
r
o
n
o
u
n
c
e
m
e
n
t
s

o
f

l
e
g
a
l

e
n
e
c
t
.
S
e
c
u
r
i
t
y
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

s
e
c
u
r
e

a
n
d

r
e
s
p
o
n
s
l
b
l
e

h
a
n
d
l
l
n
g

o
f

p
e
r
s
o
n
a
l

d
a
t
a
.

S
e
c
u
r
i
t
y

S
a
f
e
g
u
a
r
d
s

P
r
i
n
c
i
p
l
e
.

P
e
r
s
o
n
a
l

d
a
t
a

s
h
o
u
l
d

b
e

p
r
o
t
e
c
t
e
d

b
y

r
e
a
s
o
n
a
b
l
e

s
e
c
u
r
l
t
y

s
a
f
e
g
u
a
r
d
s

a
g
a
l
n
s
t

s
u
c
h

r
l
s
k
s

a
s

l
o
s
s

o
r

u
n
a
u
t
h
o
r
l
z
e
d

a
c
c
e
s
s
,

d
e
s
t
r
u
c
t
l
o
n
,

u
s
e
,

m
o
d
l
c
a
t
l
o
n

o
r

d
l
s
c
l
o
s
u
r
e

o
f

d
a
t
a
.
S
e
c
u
r
i
t
y
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

p
r
o
t
e
c
t

P
|
|

(
l
n

a
l
l

m
e
d
l
a
)

t
h
r
o
u
g
h

a
p
p
r
o
p
r
l
a
t
e

s
e
c
u
r
l
t
y

s
a
f
e
g
u
a
r
d
s

a
g
a
l
n
s
t

r
l
s
k
s

s
u
c
h

a
s

l
o
s
s
,

u
n
a
u
t
h
o
r
l
z
e
d

a
c
c
e
s
s

o
r

u
s
e
,

d
e
s
t
r
u
c
t
l
o
n
,

m
o
d
l
c
a
t
l
o
n
,

o
r

u
n
l
n
-
t
e
n
d
e
d

o
r

l
n
a
p
p
r
o
p
r
l
a
t
e

d
l
s
c
l
o
s
u
r
e
.
S
e
c
u
r
i
t
y

S
a
f
e
g
u
a
r
d
s
.

P
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

c
o
n
t
r
o
l
l
e
r
s

s
h
o
u
l
d

p
r
o
t
e
c
t

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

t
h
a
t

t
h
e
y

h
o
l
d

w
l
t
h

a
p
p
r
o
p
r
l
a
t
e

s
a
f
e
g
u
a
r
d
s

a
g
a
l
n
s
t

r
l
s
k
s
,

s
u
c
h

a
s

l
o
s
s

o
r

u
n
a
u
t
h
o
r
l
z
e
d

a
c
c
e
s
s

t
o

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n
,

o
r

u
n
a
u
t
h
o
r
l
z
e
d

d
e
s
t
r
u
c
t
l
o
n
,

u
s
e
,

m
o
d
l
-
c
a
t
l
o
n

o
r

d
l
s
c
l
o
s
u
r
e

o
f

l
n
f
o
r
m
a
t
l
o
n

o
r

o
t
h
e
r

m
l
s
u
s
e
s
.

5l + +
APPENDI X B: COMPARI SON OF THE CONSUMER PRI VACY BI LL OF RI GHTS TO OTHER
STATEMENTS OF THE FAI R I NFORMATI ON PRACTI CE PRI NCI PLES FI PPS
C
o
n
s
u
m
e
r

P
r
i
v
a
c
y

B
i
l
l

o
f

R
i
g
h
t
s
O
E
C
D

P
r
i
v
a
c
y

G
u
i
d
e
l
i
n
e
s

(
e
x
c
e
r
p
t
s
)
D
H
S

P
r
i
v
a
c
y

P
o
l
i
c
y

(
g
e
n
e
r
a
l
i
z
e
d
)
A
P
E
C

P
r
i
n
c
i
p
l
e
s

(
e
x
c
e
r
p
t
s
)
A
c
c
e
s
s

a
n
d

A
c
c
u
r
a
c
y
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

a
c
c
e
s
s

a
n
d

c
o
r
r
e
c
t

p
e
r
s
o
n
a
l

d
a
t
a

l
n

u
s
a
b
l
e

f
o
r
m
a
t
s
,

l
n

a

m
a
n
n
e
r

t
h
a
t

l
s

a
p
p
r
o
p
r
l
a
t
e

t
o

t
h
e

s
e
n
s
l
t
l
v
l
t
y

o
f

t
h
e

d
a
t
a

a
n
d

t
h
e

r
l
s
k

o
f

a
d
v
e
r
s
e

c
o
n
s
e
q
u
e
n
c
e
s

t
o

c
o
n
s
u
m
e
r
s

l
f

t
h
e

d
a
t
a

l
s

l
n
a
c
c
u
r
a
t
e
.

I
n
d
i
v
i
d
u
a
l

P
a
r
t
i
c
i
p
a
t
i
o
n

P
r
i
n
c
i
p
l
e
.

A
n

l
n
d
l
v
l
d
u
a
l

s
h
o
u
l
d

h
a
v
e

t
h
e

r
l
g
h
t
:

a
)

t
o

o
b
t
a
l
n

f
r
o
m

a

d
a
t
a

c
o
n
t
r
o
l
l
e
r
,

o
r

o
t
h
e
r
-
w
l
s
e
,

c
o
n
r
m
a
t
l
o
n

o
f

w
h
e
t
h
e
r

o
r

n
o
t

t
h
e

d
a
t
a

c
o
n
t
r
o
l
l
e
r

h
a
s

d
a
t
a

r
e
l
a
t
l
n
g

t
o

h
l
m
,

b
)

t
o

h
a
v
e

c
o
m
m
u
n
l
c
a
t
e
d

t
o

h
l
m
,

d
a
t
a

r
e
l
a
t
l
n
g

t
o

h
l
m

w
l
t
h
l
n

a

r
e
a
s
o
n
-
a
b
l
e

t
l
m
e
,

a
t

a

c
h
a
r
g
e
,

l
f

a
n
y
,

t
h
a
t

l
s

n
o
t

e
x
c
e
s
s
l
v
e
,

l
n

a

r
e
a
s
o
n
a
b
l
e

m
a
n
n
e
r
,

a
n
d

l
n

a

f
o
r
m

t
h
a
t

l
s

r
e
a
d
l
l
y

l
n
t
e
l
l
l
g
l
b
l
e

t
o

h
l
m
,

c
)

t
o

b
e

g
l
v
e
n

r
e
a
s
o
n
s

l
f

a

r
e
q
u
e
s
t

m
a
d
e

u
n
d
e
r

s
u
b
p
a
r
a
g
r
a
p
h
s
(
a
)

a
n
d

(
b
)

l
s

d
e
n
l
e
d
,

a
n
d

t
o

b
e

a
b
l
e

t
o

c
h
a
l
l
e
n
g
e

s
u
c
h

d
e
n
l
a
l
,

d
)

t
o

c
h
a
l
l
e
n
g
e

d
a
t
a

r
e
l
a
t
l
n
g

t
o

h
l
m

a
n
d
,

l
f

t
h
e

c
h
a
l
l
e
n
g
e

l
s

s
u
c
c
e
s
s
f
u
l

t
o

h
a
v
e

t
h
e

d
a
t
a

e
r
a
s
e
d
,

r
e
c
t
l
e
d
,

c
o
m
p
l
e
t
e
d

o
r

a
m
e
n
d
e
d
.
D
a
t
a

Q
u
a
l
i
t
y

a
n
d

I
n
t
e
g
r
i
t
y
.

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d
,

t
o

t
h
e

e
x
t
e
n
t

p
r
a
c
t
l
c
a
b
l
e
,

e
n
s
u
r
e

t
h
a
t

P
|
|

l
s

a
c
c
u
r
a
t
e
,

r
e
l
e
v
a
n
t
,

t
l
m
e
l
y
,

a
n
d

c
o
m
p
l
e
t
e
.
A
c
c
e
s
s

a
n
d

C
o
r
r
e
c
t
i
o
n
.

|
n
d
l
v
l
d
u
a
l
s

s
h
o
u
l
d

b
e

a
b
l
e

t
o
:
a
)

o
b
t
a
l
n

f
r
o
m

t
h
e

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
-
t
l
o
n

c
o
n
t
r
o
l
l
e
r

c
o
n
r
m
a
t
l
o
n

o
f

w
h
e
t
h
e
r

o
r

n
o
t

t
h
e

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

c
o
n
t
r
o
l
l
e
r

h
o
l
d
s

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

a
b
o
u
t

t
h
e
m
,
b
)

h
a
v
e

c
o
m
m
u
n
l
c
a
t
e
d

t
o

t
h
e
m
,

a
f
t
e
r

h
a
v
l
n
g

p
r
o
v
l
d
e
d

s
u
m
c
l
e
n
t

p
r
o
o
f

o
f

t
h
e
l
r

l
d
e
n
t
l
t
y
,

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

a
b
o
u
t

t
h
e
m
,

l
.

w
l
t
h
l
n

a

r
e
a
s
o
n
a
b
l
e

t
l
m
e

l
l
.

a
t

a

c
h
a
r
g
e
,

l
f

a
n
y
,

t
h
a
t

l
s

n
o
t

e
x
c
e
s
s
l
v
e
,

l
l
l
.

l
n

a

r
e
a
s
o
n
a
b
l
e

m
a
n
n
e
r
,

l
v
.

l
n

a

f
o
r
m

t
h
a
t

l
s

g
e
n
e
r
a
l
l
y

u
n
d
e
r
-
s
t
a
n
d
a
b
l
e
,

a
n
d
,
c
)

c
h
a
l
l
e
n
g
e

t
h
e

a
c
c
u
r
a
c
y

o
f

l
n
f
o
r
m
a
-
t
l
o
n

r
e
l
a
t
l
n
g

t
o

t
h
e
m

a
n
d
,

l
f

p
o
s
s
l
b
l
e

a
n
d

a
s

a
p
p
r
o
p
r
l
a
t
e
,

h
a
v
e

t
h
e

l
n
f
o
r
m
a
-
t
l
o
n

r
e
c
t
l
e
d
,

c
o
m
p
l
e
t
e
d
,

a
m
e
n
d
e
d

o
r

d
e
l
e
t
e
d
.
D
a
t
a

Q
u
a
l
i
t
y

P
r
i
n
c
i
p
l
e
.

P
e
r
s
o
n
a
l

d
a
t
a

s
h
o
u
l
d

b
e

r
e
l
e
v
a
n
t

t
o

t
h
e

p
u
r
p
o
s
e
s

f
o
r

w
h
l
c
h

t
h
e
y

a
r
e

t
o

b
e

u
s
e
d
,

a
n
d
,

t
o

t
h
e

e
x
t
e
n
t

n
e
c
e
s
s
a
r
y

f
o
r

t
h
o
s
e

p
u
r
p
o
s
e
s
,

s
h
o
u
l
d

b
e

a
c
c
u
r
a
t
e
,

c
o
m
p
l
e
t
e

a
n
d

k
e
p
t

u
p
-
t
o
-
d
a
t
e
.
I
n
t
e
g
r
i
t
y

o
f

P
e
r
s
o
n
a
l

I
n
f
o
r
m
a
t
i
o
n
.

P
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

s
h
o
u
l
d

b
e

a
c
c
u
-
r
a
t
e
,

c
o
m
p
l
e
t
e

a
n
d

k
e
p
t

u
p
-
t
o
-
d
a
t
e

t
o

t
h
e

e
x
t
e
n
t

n
e
c
e
s
s
a
r
y

f
o
r

t
h
e

p
u
r
p
o
s
e
s

o
f

u
s
e
.
P
r
e
v
e
n
t
i
n
g

H
a
r
m
.

P
e
c
o
g
n
l
z
l
n
g

t
h
e

l
n
t
e
r
e
s
t
s

o
f

t
h
e

l
n
d
l
v
l
d
u
a
l

t
o

l
e
g
l
t
l
m
a
t
e

e
x
p
e
c
t
a
t
l
o
n
s

o
f

p
r
l
v
a
c
y
,

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

p
r
o
t
e
c
t
l
o
n

s
h
o
u
l
d

b
e

d
e
s
l
g
n
e
d

t
o

p
r
e
v
e
n
t

t
h
e

m
l
s
u
s
e

o
f

s
u
c
h

l
n
f
o
r
m
a
t
l
o
n
.

52 + +
C
o
n
s
u
m
e
r

P
r
i
v
a
c
y

B
i
l
l

o
f

R
i
g
h
t
s
O
E
C
D

P
r
i
v
a
c
y

G
u
i
d
e
l
i
n
e
s

(
e
x
c
e
r
p
t
s
)
D
H
S

P
r
i
v
a
c
y

P
o
l
i
c
y

(
g
e
n
e
r
a
l
i
z
e
d
)
A
P
E
C

P
r
i
n
c
i
p
l
e
s

(
e
x
c
e
r
p
t
s
)
F
o
c
u
s
e
d

C
o
l
l
e
c
t
i
o
n
:

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

r
e
a
s
o
n
a
b
l
e

l
l
m
l
t
s

o
n

t
h
e

p
e
r
s
o
n
a
l

d
a
t
a

t
h
a
t

c
o
m
p
a
n
l
e
s

c
o
l
l
e
c
t

a
n
d

r
e
t
a
l
n
.

C
o
l
l
e
c
t
i
o
n

L
i
m
i
t
a
t
i
o
n

P
r
i
n
c
i
p
l
e
.

T
h
e
r
e

s
h
o
u
l
d

b
e

l
l
m
l
t
s

t
o

t
h
e

c
o
l
l
e
c
t
l
o
n

o
f

p
e
r
s
o
n
a
l

d
a
t
a

a
n
d

a
n
y

s
u
c
h

d
a
t
a

s
h
o
u
l
d

b
e

o
b
t
a
l
n
e
d

b
y

l
a
w
f
u
l

a
n
d

f
a
l
r

m
e
a
n
s

a
n
d
,

w
h
e
r
e

a
p
p
r
o
p
r
l
a
t
e
,

w
l
t
h

t
h
e

k
n
o
w
l
e
d
g
e

o
r

c
o
n
s
e
n
t

o
f

t
h
e

d
a
t
a

s
u
b
[
e
c
t
.
D
a
t
a

M
i
n
i
m
i
z
a
t
i
o
n
:

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

o
n
l
y

c
o
l
l
e
c
t

P
|
|

t
h
a
t

l
s

d
l
r
e
c
t
l
y

r
e
l
e
v
a
n
t

a
n
d

n
e
c
e
s
s
a
r
y

t
o

a
c
c
o
m
p
l
l
s
h

t
h
e

s
p
e
c
l
e
d

p
u
r
p
o
s
e
(
s
)

a
n
d

o
n
l
y

r
e
t
a
l
n

P
|
|

f
o
r

a
s

l
o
n
g

a
s

l
s

n
e
c
e
s
s
a
r
y

t
o

f
u
l
l
l

t
h
e

s
p
e
c
l
e
d

p
u
r
p
o
s
e
(
s
)
.
C
o
l
l
e
c
t
i
o
n

L
i
m
i
t
a
t
i
o
n
.

T
h
e

c
o
l
l
e
c
t
l
o
n

o
f

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

s
h
o
u
l
d

b
e

l
l
m
l
t
e
d

t
o

l
n
f
o
r
m
a
t
l
o
n

t
h
a
t

l
s

r
e
l
e
v
a
n
t

t
o

t
h
e

p
u
r
p
o
s
e
s

o
f

c
o
l
l
e
c
t
l
o
n

a
n
d

a
n
y

s
u
c
h

l
n
f
o
r
m
a
t
l
o
n

s
h
o
u
l
d

b
e

o
b
t
a
l
n
e
d

b
y

l
a
w
f
u
l

a
n
d

f
a
l
r

m
e
a
n
s
,

a
n
d

w
h
e
r
e

a
p
p
r
o
p
r
l
a
t
e
,

w
l
t
h

n
o
t
l
c
e

t
o
,

o
r

c
o
n
s
e
n
t

o
f
,

t
h
e

l
n
d
l
v
l
d
u
a
l

c
o
n
c
e
r
n
e
d
.
A
c
c
o
u
n
t
a
b
i
l
i
t
y
.

C
o
n
s
u
m
e
r
s

h
a
v
e

a

r
l
g
h
t

t
o

h
a
v
e

p
e
r
s
o
n
a
l

d
a
t
a

h
a
n
d
l
e
d

b
y

c
o
m
p
a
n
l
e
s

w
l
t
h

a
p
p
r
o
p
r
l
a
t
e

m
e
a
s
u
r
e
s

l
n

p
l
a
c
e

t
o

a
s
s
u
r
e

t
h
e
y

a
d
h
e
r
e

t
o

t
h
e

C
o
n
s
u
m
e
r

P
r
l
v
a
c
y

8
l
l
l

o
f

P
l
g
h
t
s
.

A
c
c
o
u
n
t
a
b
i
l
i
t
y

P
r
i
n
c
i
p
l
e
.

A

d
a
t
a

c
o
n
t
r
o
l
l
e
r

s
h
o
u
l
d

b
e

a
c
c
o
u
n
t
a
b
l
e

f
o
r

c
o
m
p
l
y
l
n
g

w
l
t
h

m
e
a
s
u
r
e
s

w
h
l
c
h

g
l
v
e

e
n
e
c
t

t
o

t
h
e

p
r
l
n
c
l
p
l
e
s

s
t
a
t
e
d

a
b
o
v
e
.
A
c
c
o
u
n
t
a
b
i
l
i
t
y

a
n
d

A
u
d
i
t
i
n
g
:

O
r
g
a
n
l
z
a
t
l
o
n
s

s
h
o
u
l
d

b
e

a
c
c
o
u
n
t
a
b
l
e

f
o
r

c
o
m
p
l
y
l
n
g

w
l
t
h

t
h
e
s
e

p
r
l
n
c
l
p
l
e
s
,

p
r
o
v
l
d
l
n
g

t
r
a
l
n
l
n
g

t
o

a
l
l

e
m
p
l
o
y
e
e
s

a
n
d

c
o
n
t
r
a
c
t
o
r
s

w
h
o

u
s
e

P
|
|
,

a
n
d

a
u
d
l
t
l
n
g

t
h
e

a
c
t
u
a
l

u
s
e

o
f

P
|
|

t
o

d
e
m
o
n
s
t
r
a
t
e

c
o
m
p
l
l
a
n
c
e

w
l
t
h

t
h
e
s
e

p
r
l
n
c
l
p
l
e
s

a
n
d

a
l
l

a
p
p
l
l
c
a
b
l
e

p
r
l
v
a
c
y

p
r
o
t
e
c
t
l
o
n

r
e
q
u
l
r
e
m
e
n
t
s
.
A
c
c
o
u
n
t
a
b
i
l
i
t
y
.

A

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
-
t
l
o
n

c
o
n
t
r
o
l
l
e
r

s
h
o
u
l
d

b
e

a
c
c
o
u
n
t
a
b
l
e

f
o
r

c
o
m
p
l
y
l
n
g

w
l
t
h

m
e
a
s
u
r
e
s

t
h
a
t

g
l
v
e

e
n
e
c
t

t
o

t
h
e

P
r
l
n
c
l
p
l
e
s

s
t
a
t
e
d

a
b
o
v
e
.

w
h
e
n

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
t
l
o
n

l
s

t
o

b
e

t
r
a
n
s
f
e
r
r
e
d

t
o

a
n
o
t
h
e
r

p
e
r
s
o
n

o
r

o
r
g
a
n
l
z
a
t
l
o
n
,

w
h
e
t
h
e
r

d
o
m
e
s
t
l
c
a
l
l
y

o
r

l
n
t
e
r
n
a
t
l
o
n
a
l
l
y
,

t
h
e

p
e
r
s
o
n
a
l

l
n
f
o
r
m
a
-
t
l
o
n

c
o
n
t
r
o
l
l
e
r

s
h
o
u
l
d

o
b
t
a
l
n

t
h
e

c
o
n
s
e
n
t

o
f

t
h
e

l
n
d
l
v
l
d
u
a
l

o
r

e
x
e
r
c
l
s
e

d
u
e

d
l
l
l
g
e
n
c
e

a
n
d

t
a
k
e

r
e
a
s
o
n
a
b
l
e

s
t
e
p
s

t
o

e
n
s
u
r
e

t
h
a
t

t
h
e

r
e
c
l
p
l
e
n
t

p
e
r
s
o
n

o
r

o
r
g
a
n
l
z
a
t
l
o
n

w
l
l
l

p
r
o
t
e
c
t

t
h
e

l
n
f
o
r
m
a
t
l
o
n

c
o
n
s
l
s
t
e
n
t
l
y

w
l
t
h

t
h
e
s
e

P
r
l
n
c
l
p
l
e
s
.

Consumer Data Privacy in A Networked World: A Framework For Protective Privacy and Promoting Innovation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Consumer Data Privacy in A Networked World: A Framework For Protective Privacy and Promoting Innovation

Uploaded by

Copyright:

Available Formats

2011 U. S.

You might also like