The Obama Administration’s consumer data privacy framework released last month will impact companies’ data collection, use, and retention practices, and raises complex legal issues. As explained in a recent article by Keller and Heckman LLP, the notion of codes of conduct developed through a multistakeholder process, to be enforced by the Federal Trade Commission (“FTC”), raises (1) administrative procedure concerns, and (2) questions as to whether self-regulatory initiatives could be hampered. In addition, enforceable codes of conduct and a Consumer Privacy Bill of Rights, which forms the core of the framework, could spur more privacy litigation. Recent lawsuits have involved the use of cookies and other technologies to track users online, companies’ violations of their privacy and data security commitments, and companies’ failures to adequately protect and secure personal information.
As contemplated by the White House framework, the U.S. Department of Commerce National Telecommunications and Information Administration (“NTIA”) has requested comments on enforceable codes of conduct and the multistakeholder process. NTIA seeks comment on the following issues in particular:
- Transparency of privacy notices for mobile apps;
- Online services directed to kids and teens; and
- The use of technologies like browser cookies, local shared objects, and browser cache to collect personal information.
These issues have also been a focus of lawmakers, the FTC, and the states.
The Administration urges Congress to pass legislation that applies the Consumer Privacy Bill of Rights to sectors not subject to existing privacy laws, and calls for a national security breach notification standard. Even in the absence of comprehensive legislation, these developments demonstrate that the U.S. privacy legal landscape continues to rapidly evolve.