A White House plan to provide consumers with a “privacy bill of rights” for the digital age faces dim prospects if Mitt Romney wins the tight presidential race because of the Republican candidate’s general skepticism about regulation, observers told BNA in recent interviews.
But current and former representatives for Romney told BNA that he understands that consumer information should be protected and would likely be open to reviewing the White House plan.
Romney’s mostly job-focused campaign team has not yet indicated whether the nominee, if elected, would pursue the existing White House plan or change course, despite a growing debate over the adequacy of federal privacy protections for consumers’ personal data. In the meantime, his overall platform and priorities as a candidate provide some important clues, according to observers.
“I think Romney would let the effort die,” said John Simpson, privacy project director for Consumer Watchdog, a Washington-based public interest group. “He’s an advocate of less regulation on business, so I don’t see much hope that he would be would be concerned about privacy.”
Peter Swire, a law professor at Ohio State University and a former chief privacy counselor for the Clinton administration, went further, characterizing Romney as an out-of-touch candidate who does not appear to grasp the importance of protecting consumers from privacy intrusions in the age of smartphones and social networking websites.
“He lacks a vision for technology policy generally–broadband, spectrum, what it will take to have the best possible infrastructure for the information economy,” he told BNA.
A Romney campaign spokeswoman, asked about consumer privacy initiatives the Republican candidate might pursue as president and whether he supports the White House plan, said: “Modern commerce requires trust between consumers and businesses. Mitt Romney knows that this trust depends on clear rules of the road for how consumers’ information must be protected and can be used. As president, he will review the regulatory regime to ensure that strong and transparent protections are in place.”
As governor of Massachusetts, Romney proposed related state legislation aimed at curbing identity theft by requiring businesses to notify consumers affected by a data security breach. President Obama’s privacy bill of rights proposal would establish much broader protections at the federal level (11 PVLR 355, 2/27/12).
Under the White House plan, the Federal Trade Commission would for the first time be given authority to enforce general privacy standards governing consumer data-handling practices across the business community, both online and offline.
“I think Governor Romney would certainly be open to reviewing something like that,” Beth Lindstrom, a former Massachusetts consumer affairs director under Romney, told BNA. “Ultimately, I think he would try to strike the right balance between consumer rights and regulatory concerns.”
Patchwork of Laws in Place.
Currently, the United States has narrow federal privacy standards that include rules governing medical records under the Health Insurance Portability and Accountability Act and financial data under the Gramm-Leach-Bliley Act. In addition, the FTC has claimed broad authority to address consumer privacy concerns under Section 5 of the FTC Act, which prohibits “unfair and deceptive” practices. Companies that fail to honor their online privacy policies, for example, may be charged with committing “deception” under the act.
By contrast, the European Union has had a comprehensive data protection regime in place since the 1990s. EU policymakers are now in the process of drafting updated rules. A proposal announced in January includes a “right to be forgotten” principle that would permit individuals to demand the removal of their personal information from the internet (11 PVLR 178, 1/30/12).
Privacy advocates have long been pushing for adoption of a broad, EU-like framework in the United States. But leading U.S. industry groups maintain that a shift toward the European model could create unnecessary regulatory burdens and harm the economy.
Driving the debate is the growing use of the internet and wireless devices and an explosion of consumer data collection.
During the 2008 presidential race, Obama released a general technology policy document in which he promised to, among other objectives, “strengthen privacy protections for the digital age” and hold government and businesses accountable for violations of personal privacy (7 PVLR 1538, 10/27/08).
White House Seeks New Framework.
A report unveiled by the White House earlier this year urged Congress to pass a “privacy bill of rights” that would apply in the private sector. Businesses would be required to respect general privacy principles, such as transparency, as they collect, use, or share consumer data.
The administration has offered to work with lawmakers to enact such legislation. However, key Republicans have said there are a number of issues that must be carefully examined first, including the potential impact on businesses.
Hogan Lovells LLP, Washington
Meanwhile, with no immediate hopes for legislative action, the administration is moving forward with facilitating the development of voluntary privacy codes of conduct based on its proposed bill of rights (11 PVLR 1409, 9/17/12). The process is being handled by the National Telecommunications and Information Administration, a component of the Department of Commerce.
Under the plan, a company’s failure to implement a privacy code after committing to doing so could be treated by the FTC as having violated Section 5 of the FTC Act.
NTIA is currently working with a variety of stakeholders, including consumer advocates and business representatives, to come up with a code for mobile application developers.
“By contrast, the Romney campaign website has no mention of privacy, identity theft, or even technology policy that I could find,” Swire said.
Christopher Wolf, partner and director of Privacy and Information Management Practice at Hogan Lovells LLP, in Washington, noted that the 2012 Democratic Party platform endorsed the administration’s privacy bill of rights, while Republicans were silent on the issue (11 PVLR 1378, 9/10/12).
“Given Governor Romney’s aversion to regulation of business generally, one can expect that the current executive branch initiatives to improve consumer privacy will not continue in a Romney administration,” said Wolf, who also serves as a founder and co-chair of the Future of Privacy Forum, a Washington-based think tank. “In addition, one can expect any Romney appointments to the FTC to be conservative and averse to aggressive enforcement under Section 5 [of the FTC Act].”
Active Enforcement Under Obama.
Under Obama, the federal agencies responsible for consumer privacy protection have been more active than at any other time in U.S. history, according to Lisa Sotto, head of the Privacy and Information Management Practice at Hunton & Williams LLP. She noted, for example, that David Vladeck, director of the FTC’s Bureau of Consumer Protection, has “unquestionably” kept a promise that he made early in his tenure to broaden the agency’s privacy enforcement agenda.
“Under a Romney administration, I suspect we would see much greater reticence to act in such an undaunted manner,” Sotto told BNA. “There would likely be a more forgiving attitude toward privacy incursions that do not result in physical harm or financial loss. The idea that ‘harm to human dignity’ could be actionable under Section 5 of the FTC Act likely would garner less sympathy under a Romney administration.”
Mark Schreiber, a partner in the Boston office of Edwards Wildman Palmer LLP, told BNA that Romney’s approach to protecting consumer privacy would probably be “considerably different” in tone and direction from that of the Obama administration.
“The Republicans assert that Obama’s policies are too focused on regulation, so something like a consumer privacy bill of rights has little or no chance of being pursued in a Romney administration,” Schreiber said.
Ryan Radia, an associate director at the Competitive Enterprise Institute, a Washington-based think tank that advocates limited government, offered similar observations, noting that Romney has emphasized regulatory restraint and pledged to cut federal red tape.
However, he predicted that consumer privacy will be a priority for the next president no matter who wins the election, given the growing importance of the issue.
“A Romney administration might be more skeptical of prescriptive privacy regulation than the current administration, instead preferring to address privacy challenges through voluntary market solutions induced by competitive discipline,” Radia told BNA.
The White House report on consumer privacy is available at http://www.whitehouse.gov/sites/default/files/email-files/privacy_white_paper.pdf.