Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in News & Events

The Latest on the Prospects for Federal Privacy Legislation


Representative Cliff Stearns (R-FL), the co-sponsor of the first major legislative proposal on privacy in the last session of Congress,  the Boucher-Stearns bill,  spoke yesterday at an event on Capitol Hill about his plans to re-introduce the legislation in modified form.  While not providing many details, he said the legislation he plans to introduce will be focused on "broad privacy goals" like giving consumers clear disclosures about the data that is collected online about them.  The framework reportedly would allow the FTC to approve five-year self-regulatory programs from industry.  In a press release, the Congressman said "This draft is based on legislation I introduced in 2005, H.R. 1263. This draft takes a different approach, but one I think balances privacy with innovation."

According to BNA,  Congressman Stearns "told reporters that he is currently in the process of seeking cosponsors, both Democratic and Republican, and is not yet ready to formally introduce the measure or to talk to House Energy and Commerce Committee Chairman Fred Upton (R-Mich.) about moving it forward."  Thus, it is unlikely the Stearns revision of the Boucher-Stearns privacy bill will be considered in Congress anytime soon.
This article from BNA describes the broader privacy legislative landscape and recaps a program earlier this week featuring Chris Wolf and Tim Tobin from the Hogan Lovells Privacy and Information Practice and Jules Polonetsky, Co-Chair and Director of the Future of Privacy Forum:
Internet Privacy Will See More Hill Debate, But Open Issues Likely to Delay Any New Law
Federal lawmakers, particularly members of a newly created Senate technology privacy subcommittee, appear poised to again discuss—but probably not pass—comprehensive privacy legislation this session, D.C. privacy attorneys predicted March 2.

Federal lawmakers have already introduced a pair of online privacy bills this year—Rep. Bobby Rush (D-Ill.)’s Best Practices Act (H.R. 611) and Rep. Jackie Speier (D-Calif.)’s Do Not Track Me Online Act (H.R. 654)(16 ECLR 266, 2/23/11)—and Sen. John Kerry is expected to introduce a comprehensive privacy bill soon, as well (16 ECLR 108, 1/19/11).
What’s more, the newly created Senate Judiciary Subcommittee on Privacy, Technology and the Law is focused solely on technology privacy issues (16 ECLR 284, 2/23/11).
But despite the clear interest in online privacy on Capitol Hill, it appears that more work needs to be done before a comprehensive privacy proposal could potentially weave its way toward final passage.
Complicated legislation, which online privacy legislation undoubtedly is, takes several cycles to develop, Jules Polonetsky, co-chair and director of the Future of Privacy Forum, noted. “They will have hearings but significant work needs to be done on language, coverage, and nailing down details,” he added.
Despite broad-based support for some sort of comprehensive privacy legislation from both consumer advocates and many technology companies, there is not yet a consensus about what types of information it should cover—PII or more general information that might be associated with a computer or device—how far it should reach, whether it should cover data collection or merely use, and who should be able to enforce it.
Christopher Wolf, director of Hogan Lovells LLP’s privacy and information management practice, expressed a similar view. “The climate is right for something to happen, but I doubt it will happen this year.” However, the situation could change if a major privacy breach occurs, Wolf remarked.
The attorneys spoke at What to Expect From Washington in Privacy Law in 2011, a webinar sponsored by BNA LegalEdge.
Potential Do-Not-Track Standards in the Works
In the meantime, companies are expanding their online privacy offerings at a rapid pace, Polonetsky noted.
Browser developers, including Firefox and Microsoft, have announced plans to build header-based do-not-track options into their new browsers, he remarked.
In addition, the World Wide Web Consortium (W3C), an open standards group, announced Feb. 24 that it could take up a standards-making project on “Do Not Track” online privacy controls. The group made the unofficial announcement in connection with Microsoft Corp.’s “Web Tracking Protection” submission.
“This Submission comes at a time of significant public discussion of Web tracking techniques and possible countermeasures. As a result of its strategic planning exercise for 2011, W3C had already decided to strengthen its focus on privacy,” Thomas Roessler, Technology and Society Domain Leader wrote on W3C’s behalf.
The group will hold a workshop April 28-29 to assess the degree of support for work on do-not-track standards development.
“We expect to engage a broad set of stakeholders, including implementers from the mobile and desktop space, large and small content delivery providers, advertisement networks, search engines, policy and privacy experts, experts in consumer protection, and developers and operators of Services on the Web that make use of consumer tracking.”
More Expected From FTC, Commerce
Both the Federal Trade Commission and the Department of Commerce will do more online privacy policymaking this year.
Both agencies recently published and solicited feedback on proposed privacy frameworks, and should publish firmer proposals later this year.
Comments on the Commerce report, which were due Feb. 28, are expected to expected to assist the White House’s Privacy and Internet Policy Subcommittee in preparing a final policy document—most likely a white paper—that could be released by the spring, Daniel Weitzner, NTIA associate administrator for policy, told BNA in a recent interview (16 ECLR 154, 1/26/11).
In it, the Commerce Department called for a set of basic principles, or a “privacy bill of rights,” to serve as the foundation for commercial data privacy protection in the United States. The report emphasized a multistakeholder approach to online privacy policymaking.
In somewhat of a surprise to observers, the Commerce Department seemed more supportive of comprehensive privacy legislation than the Federal Trade Commission, Polonetsky noted.
The FTC, among other things, explored the possibility of an industry-driven “Do Not Track” option. FTC staff also said that businesses have to do more to clearly and conspicuously inform consumers about their data collection and usage practices.
It is expected that the commission will finalize the report in the latter part of 2011, Timothy P. Tobin, with Hogan Lovells LLP, added.
Full text of H.R. 611
Full text of H.R. 654
Reproduced with permission from Daily Report for Executives, 42 DER A-23 (Mar. 3, 2011). Copyright 2011 by The Bureau of National Affairs, Inc. (800-372-1033)  http://www.bna.com