Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Proposed Consumer Privacy Bill of Rights Gets Mixed Reviews

Article Placeholder Image
By Mark Wilson, Esq. on March 04, 2015 9:58 AM

The White House on Friday debuted its proposed Consumer Privacy Bill of Rights Act, which would provide additional statutory protection for sensitive consumer information like Social Security numbers and mandate that holders of such information have to provide consumers with notice about privacy and security practices.

As predicated, no one is happy. MediaPost reports that advocacy groups on both the pro-privacy and anti-privacy sides voiced their opposition.

Advertisers Hate It

On the "anti-privacy" side is the Association of National Advertisers, a marketing and advertising trade group. ANA generally derided the proposal without saying a single concrete thing about why the proposal was "a major step in the wrong direction." Instead, it suggested that Congress should instead focus on "the creation of a national data breach notice and data security regime," which it's already doing.

The ANA probably doesn't want to tell you that the bill would impact advertisers' ability to keep detailed records on individual people and advertise at them more effectively. Under the law, consumers would be entitled to know what information advertisers are keeping about them and be given the meaningful ability to withdraw their consent to use that information.

So the proposed bill basically undermines advertising in the 21st century, which is predicated on amassing a comprehensive record on an individual consumer. Give the consumer the ability to see that record or get rid of it altogether, and you've got a problem -- for advertisers.

Privacy Advocates Hate It Too

On the other side, privacy advocates think the bill doesn't go far enough in actually protecting privacy. The Center for Democracy and Technology cautions that the bill's protections "are predicated on a risk of harm." Rather than assert that consumers have a right to data, period, the legislation designates for regulation only those data that pose a privacy risk.

In CDT's opinion, the bill's narrow definition of privacy risk would exempt "many if not most data sets -- such as information collected for marketing purposes." Consumers should know what advertisers have on them, whether or not exposure of the data would "cause emotional distress, or physical, financial, professional or other harm to an individual."

Will Anyone Ever Be Happy?

So what's to like about the bill? Well, for one thing, it isn't limited just to explicitly identifiable information. It also covers information that's linked to identifiable information. A cell phone device ID can't identify you individually, but it is linked to other information that can so be used.

The bill also contains enforcement mechanisms, but CDT says those aren't enough, as a damage calculation is made "not by the number of affected individuals, but by the number of days during which a violation occurs." Enforcement power would lie exclusively with the FTC -- no more state attorneys general, and no more individual citizen lawsuits.

The bill is "an important step along the way" toward meaningful privacy regulations, but it needs a bit more oomph first.

Related Resources:

Find a Lawyer

More Options