The Consumer Privacy Bill of Rights lets the corporate wolves dress in sheep's clothing
Online retail sales in the US approximated to $20 billion at the turn of the century, and have now substantially increased. That should be enough to signify how important laws pertaining to Internet browsing are. Google posts notifications like, “We’re changing our privacy policy and terms. This stuff matters,” while our government hasn’t even set any regulations upon providers like Google to protect the privacy of users such as ourselves.
On Thursday, the government presented the Consumer Privacy Bill of Rights, which is designed to give consumers more control over their personal data. Great, right? Not so much. Although this bill contains six very important "blueprint" rules of online data management, the bill in its current form is completely voluntary and just a guideline.
In the forward of the White House’s report, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” it states, “The Administration has called for Congress to pass legislation that applies the Consumer Privacy Bill of Rights to commercial sectors that are not subject to existing Federal data privacy laws. The Federal Government will play a role in convening discussions among stakeholders ... who will then develop codes of conduct that implement the Consumer Privacy Bill of Rights. Such practices, when publicly and affirmatively adopted by companies subject to Federal Trade Commission jurisdiction, will be legally enforceable by the FTC.”
Therefore, stakeholders can attend discussions, window shop different codes of conduct, say they will implement a few and then face no legal issues until they “publicly and affirmatively” adopt them -- even then a blueprint lacks the punch of a formal, enforceable law. While this is a step in the right direction and at least gets the conversation going, the increasingly invasive practices of companies requires more immediate and stronger changes. This is not a partisan issue, so there is no reason it cannot be quickly moved through both congressional houses. If the Federal Trade Commission cannot even demand that companies agree on any particular principle discussed in the meeting, what is the point of this bill or the fifty plus page report that accompanies it? Is our government sincerely trying to enforce legislation or is this just a public relations stunt to give the illusion of progress?
Just recently, the Federal Trade Commission began investigating Google for apparently tracking users’ data through their iPhones. It is par for the course for online companies to wring in more money through advertisement -- sometimes the buying and trading of user data is the most lucrative portion of a company's business plan. Hence, as Google, Yahoo, Microsoft and AOL all agree to comply with the government’s “Do Not Track” web browser push, it is hard not to see the crocodile smiles of public relations hypocrisy and corporate greed lurking behind the pious display.
The Consumer Privacy Bill of Rights seems to me a repetition of the Platform for Privacy Preferences Project (P3P) of 2002, which very quickly died down as it was also a mere recommendation to companies. It was supposed to give consumers more control and allow websites to be clear about their intentions when using people’s personal information, but all it did was reinstate the power of the Internet over its users. One need only observe the P3P being trodden underfoot by Google's manhandling of Safari and Internet Explorer recently.
Nonetheless, President Obama offers hope that the government will finally do its job in protecting the privacy of its citizens: “American consumers can’t wait any longer for clear rules of the road that ensures their personal information is safe online. … For businesses to succeed online, consumers must feel secure.” Honestly, it sounds almost perfect. But why can’t our government take the same affirmative action the European Union does to protect its member states’ citizens? The truth of the matter is our government needs online businesses to succeed; their success is beneficial to our suffering economy. So the White House fears that if online companies do not proceed independently in their affairs, the way they have been forever, their success may become impeded.
Upon creation, the EU’s Data Protection Directive, which regulates the processing of personal data, required member states to transpose the directive into their individual state’s law. It also required the states to create a supervisory body to oversee data protection statuses. The US has no corresponding law nearly as effective as the EU’s. The Consumer Privacy Guide, available online, chronologically lists the US acts which pertain to the privacy of citizens within all platforms. The Fair Credit Reporting Act (FCRA) of 1970 and the Children’s Online Privacy Protection Act (COPPA) of 1998 are the only two acts that have any enforceable teeth to back up their bark. Per the Consumer Privacy Guide, “While the FCRA regulates the disclosure of personal information, it does not restrict the amount or type of information that can be collected.”
The Consumer Privacy Bill of Rights, on the other hand, would tackle all potential consumer privacy violations if only it was legally mandatory. It encompasses "transparency," which states that all information about consumer privacy be readily and clearly available; "respect for context," which means that companies must remain within the same context when using consumers’ personal data; "security," which ensures the security of collected data; "access and accuracy," which allows users to access and edit their personal data; "focused collection," which states that data collection must be held within reasonable limits; and "accountability," which states that organizations must abide by the bill as it protects consumers’ right.
Without the threat of genuine legal enforcement for any internet companies that breach their voluntary compliance, this bill is nothing but pretty words. Legislators and companies need to worry less about the illusion of caring shepherds and more about concrete actions. After all, when dealing with wolves in sheep's clothing, it’s what’s on the inside that counts, right?