The Consumer Privacy Bill of Rights is Wrong

March 2, 2015

President Obama’s recent announcement of a Consumer Privacy Bill of Rights unfortunately is a major step in the wrong direction. It will divert attention and energy from critical data security legislation and will not materially aid the privacy debate.

The Obama Administration appears, either consciously or unconsciously, to have realized this fact as the release of the draft was carried out in a manner almost certain to bury the proposal. The Administration released the Consumer Privacy Bill of Rights on a late Friday afternoon in the middle of an extremely busy news cycle focusing on the FCC’s recent net neutrality vote and a Department of Homeland Security funding crisis in Congress. If the Administration truly was trying to publicize an effort in which they had confidence, they certainly would have waited until this week to do so.

Nevertheless, opposition to the proposal came swiftly from all directions, including business, consumer groups, and both sides of the aisle in the Congress. Even the FTC, who would have taken the lead under this draft proposal, raised serious questions about it. The FTC stated, “We have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy.”

Senator Ed Markey (D-MA) chimed in emphasizing that the draft “falls far short of what is needed to ensure consumers and families are squarely in control of their personal data.” House Energy and Commerce Committee Chair Fred Upton (R-MI) and House Commerce, Manufacturing and Trade Subcommittee Chair Michael Burgess (R-TX) also issued a statement, emphasizing that the comprehensive draft bill went too far and that it should be more narrowly focused on data breach legislation. “Data breaches threaten consumers’ credit and pocketbooks and they are an annual drag on our economy of tens of billions of dollars. We hope that Congress and the administration can finally work together to address this growing problem before another decade of data breaches passes by.”

ANA encourages the Obama Administration rather than to attempt to develop a whole new sweeping privacy regime to recognize the broad number of existing federal privacy laws including Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act, among many others, that already provide broad protection to consumers. These privacy laws are substantially supplemented by self-regulatory efforts carried out by the Digital Advertising Alliance to protect consumer online privacy. Just this last week, the DAA program was substantially expanded to cover mobile and mobile apps.  

Instead, lawmakers should focus for now on one area where there is growing consensus that something must be done quickly and effectively, and that is the creation of a national data breach notice and data security regime. ANA strongly believes that it is long past time to end a situation where there are more than 47 inconsistent and conflicting state data breach and data security laws. We must have one strong law for the country as a whole to protect consumers, businesses, and interstate commerce.


You must be logged in to submit a comment.