NTIA Privacy Multistakeholder Process

Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct

• Introduction |
• Background |
• Public Comments to the NTIA |
• Documents |
• News Reports |

Introduction

By notice published in the Federal Register, the National Telecommunications and Information Administration (NTIA), a bureau of the United States Department of Commerce, announced that it would convene a multistakeholder process to develop enforceable codes of conduct for consumer privacy protection. Numerous individuals and groups, including EPIC, EPIC Advisory Board members, consumer protection organizations, and general members of the public submitted comments to NTIA concerning the proposed multistakeholder process. This page chronicles the NTIA Multistakeholder Process, including public comments submitted to NTIA, NTIA's response to public comments, and other developments in the Multistakeholder Process.

Background

In December 2010, the Department of Commerce's Internet Policy Task Force released a Green Paper entitled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. The paper discussed policy considerations affecting consumer data privacy. The paper also recommended ten affirmative steps to bolster consumer trust online, including the adoption of voluntary, enforceable codes of conduct for consumer data privacy:

• Recommendation #1: Widespread adoption of a baseline commercial data privacy framework built on an expanded set of Fair Information Practice Principles (FIPPs).
• Recommendation #2: To meet the unique challenges of information intensive environments, FIPPs regarding enhancing transparency, encouraging greater detail in purpose specifications and use limitations, and fostering the development of verifiable evaluation and accountability programs should receive high priority.
• Recommendation #3: Voluntary, enforceable codes of conduct should address emerging technologies and issues not covered by current application of baseline FIPPs.
• Recommendation #4: Using existing resources, the Commerce Department should establish a Privacy Policy Office (PPO) to serve as a center of commercial data privacy policy expertise.
• Recommendation #5: The FTC should remain the lead consumer privacy enforcement agency for the U.S. Government.
• Recommendation #6: The U.S. government should continue to work toward increased cooperation among privacy enforcement authorities around the world and develop a framework for mutual recognition of other countries’ commercial data privacy frameworks.
• Recommendation #7: Consideration should be given to a comprehensive commercial data security breach framework for electronic records that includes notification provisions, encourages companies to implement strict data security protocols, and allows States to build upon the framework in limited ways. Such a framework should track the effective protections that have emerged from State security breach notification laws and policies.
• Recommendation #8: A baseline commercial data privacy framework should not conflict with the strong sectoral laws and policies that already provide important protections to Americans, but rather should act in concert with these protections
• Recommendation #9: Any new Federal privacy framework should seek to balance the desire to create uniformity and predictability across State jurisdictions with the desire to permit States the freedom to protect consumers and to regulate new concerns that arise from emerging technologies, should those developments create the need for additional protection under Federal law.
• Recommendation #10: The Administration should review the Electronic Communications Privacy Act (ECPA), with a view to addressing privacy protection in cloud computing and location-based services.

In February 2012, the Obama Administration released the Consumer Data Privacy in a Networked World: a Framework for Protecting Privacy and Promoting Innovation in the Global Economy. The Administration's report builds upon the recommendations of the December 2010 Commerce Green Paper, and contains a Consumer Privacy Bill of Rights. The Administration's report also discussed the development of a multistakeholder process "to develop legally enforceable codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts." By notice published on March 5, 2012, NTIA requested public comments on "substantive consumer data privacy issues that warrant the development of legally enforceable codes of conduct, as well as procedures to foster the development of these codes." The public comment period closed on April 2, 2012.

Public Comments to the NTIA

• Electronic Privacy Information Center (EPIC)
• Senator Al Franken
• Senator John D. Rockefeller IV
• Professor Helen Nissenbaum
• Abine, Inc.
• American Business Media
• American Civil Liberties Union
• American Legislative Exchange Council's Communications and Technology Task Force
• American Psychoanalytic Association
• America's Health Insurance Plans
• Application Developers Alliance
• Association for Competitive Technology
• AT&T Inc.
• Australian Privacy Foundational International Committee
• Business Software Alliance
• Center for Democracy & Technology
• Center for Digital Democracy
• Centre for Information Policy Leadership
• Centre for Spatial Law and Policy
• U.S. Chamber of Commerce
• Common Sense Media
• Computer & Communications Industry Association
• Computing Technology Industry Association
• The United States Conference of Catholic Bishops
• Consumer Data Industry Association, Consumer Electronics Association, National Business Coalition on E-Commerce and Privacy, National Retail Federation, NetChoice, and U.S. Chamber of Commerce
• Consumers Union
• Consumers Union Survey Comments
• Consumer Watchdog
• Consumers Union, Consumer Federation of America, Privacy Times, and The Benton Foundation
• Council of Europe Secretariat
• CTIA-The Wireless Association
• Data Security Council of India
• Deloitte Services LP
• Digital Advertising Alliance
• Direct Marketing Association
• eBay Inc.
• Facebook
• Future of Privacy Forum
• Go Daddy Operating Co., LLC
• Hewlett-Packard
• Information and Privacy Commissioner, Ontario, Canada
• Information Technology & Innovation Foundation
• Information Technology & Innovation Foundation Report
• Intel Corporation
• Interactive Advertising Bureau
• Internet Commerce Coalition
• LifeLock, Inc.
• Microsoft Corporation
• Mozilla
• National Advertising Review Council
• NetChoice
• National Association of Realtors
• National Business Coalition on E-Commerce and Privacy
• National Cable & Telecommunications Association
• NetCoalition
• Online Trust Alliance
• Privacy Rights Clearinghouse
• Professor Ira Rubenstein and Professor Dennis Hirsch
• U.S. Public Policy Council of the Association for Computing Machinery
• Retail Industry Leaders Association
• Jason Schultz et al.
• Software & Information Industry Association
• Professor Peter Swire
• Symantec Corporation
• TechAmerica
• TechFreedom
• Technology Policy Institute
• The United States Telecom Association
• Telecommunications Industry Association
• TRUSTe
• Verizon
• viaForensics
• Visa Inc.
• World Privacy Forum
• World Privacy Forum et al.
• World Wide Web Consortium Staff
• Zix Corporation

Documents

• Federal Register Request for Comments: Multistakeholder Process To Develop Consumer Data Privacy Codes of Conduct (Mar. 2012)
• White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Economy (Feb. 2012)
• U.S. Dep't of Commerce, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework (Dec. 2010)

News Reports

• Commerce Department’s first-ever privacy meeting underwhelms, Abine, (Jul. 16, 2012)
• Grant Gross, Privacy groups question NTIA's focus on mobile privacy transparency, IT World, (Jul. 12, 2012)
• John Eggerton, Privacy Stakeholders Air Public Differences, Broadcasting & Cable, (Jul. 12, 2012)