Focusing public attention on emerging privacy and civil liberties issues

NTIA Privacy Multistakeholder Process

Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct

Introduction

By notice published in the Federal Register, the National Telecommunications and Information Administration (NTIA), a bureau of the United States Department of Commerce, announced that it would convene a multistakeholder process to develop enforceable codes of conduct for consumer privacy protection. Numerous individuals and groups, including EPIC, EPIC Advisory Board members, consumer protection organizations, and general members of the public submitted comments to NTIA concerning the proposed multistakeholder process. This page chronicles the NTIA Multistakeholder Process, including public comments submitted to NTIA, NTIA's response to public comments, and other developments in the Multistakeholder Process.

Background

In December 2010, the Department of Commerce's Internet Policy Task Force released a Green Paper entitled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. The paper discussed policy considerations affecting consumer data privacy. The paper also recommended ten affirmative steps to bolster consumer trust online, including the adoption of voluntary, enforceable codes of conduct for consumer data privacy:

  • Recommendation #1: Widespread adoption of a baseline commercial data privacy framework built on an expanded set of Fair Information Practice Principles (FIPPs).
  • Recommendation #2: To meet the unique challenges of information intensive environments, FIPPs regarding enhancing transparency, encouraging greater detail in purpose specifications and use limitations, and fostering the development of verifiable evaluation and accountability programs should receive high priority.
  • Recommendation #3: Voluntary, enforceable codes of conduct should address emerging technologies and issues not covered by current application of baseline FIPPs.
  • Recommendation #4: Using existing resources, the Commerce Department should establish a Privacy Policy Office (PPO) to serve as a center of commercial data privacy policy expertise.
  • Recommendation #5: The FTC should remain the lead consumer privacy enforcement agency for the U.S. Government.
  • Recommendation #6: The U.S. government should continue to work toward increased cooperation among privacy enforcement authorities around the world and develop a framework for mutual recognition of other countries’ commercial data privacy frameworks.
  • Recommendation #7: Consideration should be given to a comprehensive commercial data security breach framework for electronic records that includes notification provisions, encourages companies to implement strict data security protocols, and allows States to build upon the framework in limited ways. Such a framework should track the effective protections that have emerged from State security breach notification laws and policies.
  • Recommendation #8: A baseline commercial data privacy framework should not conflict with the strong sectoral laws and policies that already provide important protections to Americans, but rather should act in concert with these protections
  • Recommendation #9: Any new Federal privacy framework should seek to balance the desire to create uniformity and predictability across State jurisdictions with the desire to permit States the freedom to protect consumers and to regulate new concerns that arise from emerging technologies, should those developments create the need for additional protection under Federal law.
  • Recommendation #10: The Administration should review the Electronic Communications Privacy Act (ECPA), with a view to addressing privacy protection in cloud computing and location-based services.
In February 2012, the Obama Administration released the Consumer Data Privacy in a Networked World: a Framework for Protecting Privacy and Promoting Innovation in the Global Economy. The Administration's report builds upon the recommendations of the December 2010 Commerce Green Paper, and contains a Consumer Privacy Bill of Rights. The Administration's report also discussed the development of a multistakeholder process "to develop legally enforceable codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts." By notice published on March 5, 2012, NTIA requested public comments on "substantive consumer data privacy issues that warrant the development of legally enforceable codes of conduct, as well as procedures to foster the development of these codes." The public comment period closed on April 2, 2012.

Public Comments to the NTIA

Documents

News Reports