Obama Administration Consumer Privacy Bill Fails to Protect Consumers, Gives Greater Control of our Information to Data Companies

Three years ago,  President Obama promised that his administration would deliver a “Privacy Bill of Rights” to protect American consumers. The bill released today is a serious setback for privacy. Instead of effective rights that Americans can rely on to protect themselves and their families from the onslaught of online and offline data gathering, the administration proposal perversely reduces the power of the Federal Trade Commission to protect the public. It fails to give the FTC, the country’s key privacy regulator, “rule-making” authority to craft reasonable safeguards,and actually empowers the companies that now harvest our mobile, social, location, financial, and health data, leaving them little to fear from regulators.
 
The legislation creates a huge loophole that practically eviscerates any real privacy protection and consumer control of their data. Its provisions are tied to a standard of both “risk” and “context” that enables a company to determine whether a person’s data require greater privacy control. Since the majority of today’s massive online data gathering is disingenuously considered by industry as “marketing” information—versus what it really is, highly detailed and continually updated profiles merging our online and offline data—very little of a consumer’s data will trigger stronger protections.
 
The multi-stakeholder process at the core of this poorly constructed privacy bill has been flawed from the outset, dominated as it is by industry lobbyists whose real goal is to ensure their companies can continue their practices without any real safeguards. The proceedings have failed so far to generate any meaningful and widely adopted safeguards, and the prospects for a new “code of conduct” that offers genuine consumer protection are unlikely.  Public interest and privacy groups are vastly outnumbered in the Department of Commerce-run multi-stakeholder process, which is notable for its lack of diverse representation, denying meaningful participation from civil rights, consumer, and other representatives.
 
The bill limits the FTC’s “unfair trade practices” authority once companies that collect our data adopt a “multi-stakeholder code of conduct.” Once that code is developed, the FTC has at most 90 days (if adopted via a Department of Commerce process) to approve or deny it, giving the agency and the public insufficient time to analyze and address the code’s shortcomings. Hundreds of codes are predicted to be proposed, leaving the FTC at a disadvantage in performing its duty to protect American consumers.
 
The bill also greatly reduces the ability of state attorneys general to protect our privacy precisely at a time when there is an explosion of hyperlocal data mining of our neighborhoods.
 
The legislation also enables companies to create so-called “privacy review boards” that will most likely rubber-stamp their data practices, another example of how corporations have been further empowered to decide what the consumer privacy rules should be. While the bill touts that it provides rights to consumers, it gives real control to the companies that collect our information.
 
Although the president’s Privacy Bill of Rights promised transparency and control, it creates a labyrinth-like process that consumers must navigate before they can actually access and correct their own data records held by companies. Data brokers and others can hide behind a convoluted system to determine whether individuals can access their files.
 
Beyond its undermining FTC authority and empowering industry self-regulation, the process by which the bill was written also reflects poorly on the Administration. As a Commerce official said to advocates one week ago, the bill was deliberately drafted so as not to “disrupt [the commercial data] business—we are the Department of Commerce.” The majority of consumer and privacy advocates were given only a review of the near-final text a week ago today, with just less than 30 minutes to read the bill. Advocates told the White House early this week about some of the problems in the legislation, urging it to postpone slightly the release of the bill and to work with us to improve its consumer protections. But this proposal was rejected. Leading Congressional leaders on privacy issues were also denied access to the bill until yesterday, leaving them no time for meaningful engagement with the White House. Parts of the bill appear to have been drafted by the “Big Data” lobby itself, in order to protect industry’s current data practices, which raise serious questions about the influence the commercial sector has within the Department of Commerce.
 
“Instead of supporting the FTC, the Administration has aided the data collection industry in its efforts to undermine that agency’s role,” explained Jeff Chester, CDD’s executive director. This bill fails to fulfill what the president promised. CDD and other consumer and privacy advocates will work to ensure Americans get the privacy rights they deserve.”

AttachmentSize
cpbr-act-of-2015-discussion-draft.pdf438.68 KB