Obama administration seeks online privacy rules
NEW YORK—The Obama administration is calling for stronger privacy protections for consumers as mobile gadgets, Internet services and other tools are able to do a better job of tracking what you do and where you go.
Consumer and privacy groups welcomed the effort, though some worried that it won't do enough.
Administration officials outlined a proposed "Consumer Privacy Bill of Rights" on Thursday and urged technology companies, consumer groups and others to jointly craft new protections. Such guidelines will initially be voluntary for companies, but those that agree to abide by them could be subject to sanctions for any violations.
"As the Internet evolves, consumer trust is essential for the continued growth of the digital economy," President Barack Obama said in a statement. "That's why an online privacy Bill of Rights is so important. For businesses to succeed online, consumers must feel secure."
The effort comes as companies have found more sophisticated ways to collect and combine data on your interests and habits. Beginning next week, for instance, Google will start merging data it collects from email, video, social-networking and other services when you're signed in with a Google account.
The growing use of smartphones and tablet computers adds another dimension to the tracking. Location information can give service providers such as Facebook insights into where you spend your time and, if you have friends who use the same services, whom you tend to hang out with in person.
Data collection can help companies improve and personalize services. It can also help advertisers fine-tune messages and reach the people most likely to buy their products and services, often without consumers even realizing it.
That is why the administration is seeking more data protections for consumers in a report issued Thursday.
How strong the protections will be ultimately depends on what rules the different parties involved can agree on. Because legislation to enable traditional regulation would take time, the administration favored an approach that combined input from private companies, advocacy groups, regulators and other parties.
Consumer Watchdog, a nonprofit research and advocacy group in California, said the approach will work only if influential companies don't water down the rules to render them meaningless.
"I am skeptical about the `multi-stakeholder process,' but am willing to make a good-faith effort to try," said John M. Simpson, the group's privacy project director. He's referring to the various parties with competing interests tasked with making the rules.
Last week, the Federal Trade Commission complained that software companies producing games and other mobile applications aren't telling parents what personal information is being collected from kids and how companies are using it. Depending on how the guidelines are crafted, companies could be required to more prominently disclose when they collect such things as location, call logs and lists of friends -- not just from kids, but everyone.
The report is not intended to replace other efforts at offering privacy protections.
Apple, Google, Microsoft and other leading companies in mobile computing agreed Wednesday to require that mobile applications seeking to collect personal information warn users before their services are installed. The guidelines came as part of an agreement with California's attorney general.
Separately, the FTC has recommended the creation of a "Do Not Track" tool to let consumers curb advertisers from studying their online activity to target ads. On Thursday, an alliance representing Google, Yahoo, AOL and other leading ad-delivery companies committed to adopting the Do Not Track technology when it is built into Web browsers, something expected this year. The FTC could punish violators.
Commerce Secretary John Bryson said in a briefing with reporters that the administration's proposal not only protects consumers but also gives businesses better guidance on how to meet consumer expectations.
The proposal expands on widely accepted Fair Information Practice Principles crafted in the 1970s, when the Internet was just an experimental network used primarily by researchers. Those existing guidelines say that consumers should be informed about any data collection and given the option to refuse. They should also be allowed to review and correct data about themselves. The principles have provisions for security and enforcement.
Applying the principles to the Internet era, the administration said data collected in one context should not be used for another, while companies should specify any plans for deleting data or sharing information with outside parties, such as advertisers. Companies also need to be mindful of the age and sophistication of consumers. Disclosures need to be presented when and where they are most useful for consumers.
The idea isn't to give people access to everything a company collects about them, but they should at least be able to review and correct any information that is used to make decisions.
The Commerce Department's National Telecommunications and Information Administration plans to convene companies, privacy advocates, regulators and other parties in the coming months to craft detailed guidelines that reflect those principles. Enforcement will be left to the FTC under existing laws.
The codes of conduct will be specific to particular types of companies. One might cover social networks, for instance, while another might deal with services on mobile gadgets. A company that offers social-networking features on phones might adopt both. New ones could emerge as technology evolves.
Although officials expect many companies will agree to the new codes, allowing them to use that commitment in marketing materials, the report also called on Congress to pass new laws to require remaining companies to adopt such guidelines. Until then, enforcement will be limited to companies that say they would abide by the codes but fail to do so.
The Center for Democracy and Technology, a Washington group that advocates stronger privacy protections, welcomed the voluntary codes as an interim measure, but said legislation ultimately will be needed to fully protect consumers.
Legislation also will be needed for the FTC to give protections to businesses that follow a checklist of good practices. Known as safe harbor, such protections would exempt companies from sanctions if they inadvertently break a code.
The report comes 14 months after the Commerce Department first proposed a privacy bill of rights. The issue was later elevated to the White House and won its endorsement with the release of Thursday's report.
The administration dropped a proposal in the original report to create a federal privacy office within the Commerce Department. Instead, the task of convening parties to craft guidelines is left to the existing National Telecommunications and Information Administration.