SANTA MONICA, CA – Consumer Watchdog today joined 13 other public interest groups in a letter to President Obama outlining the shortcomings of the draft Consumer Privacy Bill Of Rights Act and pledging to work with the Administration and Congress to strengthen the bill.
“In 2012, you released your vision of the founding principles of consumer privacy — the Consumer Privacy Bill of Rights. Many of us hope that your principles, once implemented in legislation, will form a powerful framework to protect Americans’ fundamental right to privacy,” the 14 groups wrote in their joint letter. “Unfortunately, the discussion draft released last Friday falls short of that promise.”
Read the groups’ letter here: http://www.consumerwatchdog.org/resources/ltrobamagroups030315.pdf
“The bill envisions a process where industry will dominate in developing codes of conduct,” said John M. Simpson, Consumer Watchdog’s Privacy Project director in a separate statement. “The bill is full of loopholes and gives consumers no meaningful control of their data. Even the Federal Trade Commission says they have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy.”
Read the draft Consumer Privacy Bill of Rights Act here: http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf
The groups applauded the Administration’s expressed willingness to work with them to improve the draft bill, but added:
“Nevertheless, substantial changes must still be made for the legislation to effectively protect Americans’ right to privacy. The bill should provide individuals with more meaningful and enforceable control over the collection, use and sharing of their personal information. The bill should uphold state privacy laws and afford stronger regulatory and enforcement authority to the Federal Trade Commission.”
The groups said the draft Consumer Privacy Bill Of Rights includes these shortcomings:
— The bill does not adequately define what constitutes sensitive information, nor provide consumers with meaningful choices about this data.
— The bill does not protect large categories of personal information. It’s unclear if the bill protects geolocation data, and there are broad exceptions for business records, data “generally available to the public,” and cyber threat indicators.
— The bill gives companies broad leeway to determine the protections that consumers will receive. Most of the bill’s protections apply only if a company identifies a risk of harm; other rules apply only if the company determines that certain processing is inconsistent with context.
−− The bill lets companies retain data indefinitely for investigations into certain types of crimes, without placing clear limits on data retention for that purpose.
−− The bill contains a broad exception for unreasonable uses of data that are supervised by self-regulatory Privacy Review Boards.
−− The bill does not give the Federal Trade Commission (FTC) adequate resources and strong enough standards to review what could be hundreds of proposed Codes of Conduct and Privacy Review Boards.
−− The main avenue for public participation is through Multistakeholder Processes that have, to date, brought few benefits for consumers—and that are often dominated by industry.
— The bill does not guarantee consumers meaningful access to and the ability to correct most sets of records held by data brokers.
— The bill fails to improve privacy protections for information about children and teens. The Privacy Bill of Rights section does not treat information about minors as sensitive information that deserves heightened protection, in contrast to existing law and FTC policy.
−− The bill prevents private citizens and state Attorneys General from taking meaningful action to protect privacy. The bill limits fines from the FTC in a way that would not deter large companies from significant privacy violations.
— The bill preempts strong state laws (with some exceptions), including many that give citizens the ability to defend their privacy rights in court. It does this without creating new protections that are clearly better.
“We still firmly believe that an overarching privacy law is critical to protect consumers and build trust in our digital world,” the groups’ letter concluded. “We will continue to work with Congress and your administration to craft a bill that creates strong, meaningful protections for consumers. We look forward to those discussions.”
In addition to Consumer Watchdog, the following signed the letter to President Obama: Center for Democracy and Technology, Center for Digital Democracy, Alvaro Bedoya of the Center on Privacy & Technology at Georgetown Law (Affiliation for identification purposes only), Common Sense Media, Consumer Action, Consumer Federation of America, Consumers Union, Electronic Frontier Foundation, National Consumers League, New America’s Open Technology Institute, Public Knowledge, Privacy Rights Clearinghouse and U.S. PIRG.
– 30 –
Visit our website at www.consumerwatchdog.org