The White House last week released draft legislation designed to better protect consumer data collected by companies, but already several advocacy groups have said it does not go far enough.
The proposed Consumer Privacy Bill of Rights [.pdf] would require companies that collect, retain and use personal data of consumers to clearly, concisely and easily provide notices about their privacy and security practices.
It would also require companies to give individuals access to their personal data and let them dispute and correct any inaccurate or incomplete information about them. And the bill would allow industries to establish codes of conduct regarding how personal data is processed.
Long in the making, the proposed bill of rights is designed to address increasing fears among consumers about how companies use and protect personal information, especially following what seems to be a recent spate of massive data breaches within the private sector.
The Information Technology Industry Council released a statement that said the discussion draft "continues the important dialogue" around privacy practices.
"The U.S. has a robust legal framework of privacy protections that protect consumers' information while enabling industry to continue to innovate and offer the services that consumers rely on and expect," said the industry group that counts Facebook, IBM and Microsoft among its several dozen members. "Any efforts to modify this framework must be carefully considered with a meaningful opportunity for all relevant stakeholders to participate in the process."
However, 14 consumer and privacy rights groups sent President Obama a letter [.pdf] that the legislation still needs "substantial changes" to effectively protect people's rights.
"The bill should provide individuals with more meaningful and enforceable control over the collection, use and sharing of their personal information. The bill should uphold state privacy laws and afford stronger regulatory and enforcement authority to the Federal Trade Commission," states the letter signed by the groups, including the Center for Democracy and Technology, or CDT, Consumer Watchdog and Electronic Frontier Foundation.
Among a number of other criticisms, the groups said it is unclear if the bill protects geolocation data and that it gives companies greater latitude in determining protections for consumers. Additionally, they said it lets companies retain data indefinitely for investigations into certain crimes, but it doesn't place any retention limits for that purpose.
In a separate statement, John M. Simpson, Consumer Watchdog's privacy project director, said the bill is "full of loopholes and gives consumers no meaningful control of their data."
"Even the Federal Trade Commission says they have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy," he added.
Sen. Ed Markey (D-Mass.) said last week that industries shouldn't be allowed to draft codes of conduct since they've historically been against strong privacy measures. Rather, he said uniform and legally enforceable rules are needed. He also railed against a provision in the proposal that could preempt strong state laws protecting consumer privacy rights.
"And I am especially concerned that companies and data brokers could be able to deny consumers the right to say no to selling their sensitive information for marketing purposes," he said.
Markey added that he plans to introduce a bill this week that would allow consumers to access and correct any information as well as give them the right to stop data brokers from using, sharing or selling personal information for marketing purposes.
– read the White House's proposed Consumer Privacy Bill of Rights [.pdf]
– read the letter to Obama from the consumer and privacy groups [.pdf]
– read Ed Markey's release regarding the privacy bill