The White House has proposed a "bill of rights" to protect consumer privacy online. The framework that President Obama is advocating allows users to easily tell Internet companies with one click whether they want their online activity to be tracked.
The U.S. Commerce Department will work with companies and privacy advocates to develop "enforceable" privacy policies based on the proposal, which the White House released Feb. 22. The bill of rights calls for reasonable limits on the amount of personal data online companies can try to collect and retain, as well as the ability of consumers to access and ensure the accuracy of their own data. The data also has to be stored securely.
Coinciding with the official White House announcement Feb. 23, the Digital Advertising Alliance, which represents 90 percent of advertisers associated with Google, Yahoo and Microsoft's ad networks, agreed to implement a "Do Not Track" button for major Web browsers to allow users to opt out of tracking. The current process implemented by Mozilla, Google and Microsoft in their browsers, is confusing and complicated. The one-click button to make the process easier will likely be available within nine months, said Stu Ingis, the DAA's general counsel.
"American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," Obama said in a statement.
The privacy bill of rights does not impose any requirements or have any implementation rules for companies. The announcement highlighted "key concepts" that the industry will now have to figure out how to implement, said Ed Goodman, the chief privacy officer for Identity Theft 911. Congress will have to create legislation, and the industry has to figure out how personal data can be collected, stored, used and shared with user consent.
"While we believe legislation will likely be necessary to achieve these protections, we support the White Papers call for the development of consensus rules on emerging privacy issues to be worked out by industry, civil society and regulators," said Leslie Harris, president of the Center for Democracy and Technology.
Even without Congressional legislation, the Federal Trade Commission would be able to enforce compliance with the rules developed by the Commerce Department. "Do Not Track" would remain strictly voluntary. However, companies that choose to adopt the principles but fail to meet privacy commitments could find themselves labeled as practitioners of deceptive acts or practices. This would result in FTC fines or other actions, said FTC chairman Jon Leibowitz.
While the FTC and the Commerce Department have been advocating since 2010 the concept of "Do Not Track" and demanding online companies make it easier for consumers to know how their information is being shared, there have been several industry groups resisting the idea, said Goodman. The bill of rights is a clear message from the White House that it's time to stop fighting and to start working on fixing the problem.
The next steps are up to the industry to move forward, said Goodman.
The FTC had initially called for Do Not Track and stronger privacy protections in a draft report released December 2010. A final report is expected soon.
An online privacy bill of rights is important because if consumers start worrying about how their information is being used online, they will stop trusting the Internet and the digital economy. Trust is "essential" for continued growth, according to the White House.
Congress has been tinkering with various ways to handle online tracking over the past year, but there hasn't been much movement on any of the bills. Internet companies have argued that privacy should be handled by the industry with no government regulation. While there have been some movements by Web browser makers to implement universal opt-out and companies adopting clearer privacy policies, consumer advocacy groups claim they aren't doing enough to be transparent.
Google was also recently accused of violating the privacy settings in Apples Safari Web browser.
Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion reached an agreement with the state of California to strengthen privacy protections for smartphone owners who download mobile applications, Attorney General Kamala Harris announced Feb. 22. Under the agreement, software developers have to post conspicuous privacy policies detailing what personal information they plan to obtain and how it will be used. App store providers must also offer a mechanism for users to report apps that do not comply with the rules.