The National Telecommunications and Information Administration (NTIA) is requesting public comments on consumer data privacy issues that should be included as part of a legally enforceable code of conduct, as well as procedures for the development of such a code (“Request”). Comments are due 20 days after publication of the Request in the Federal Register.
On February 23, 2012, the White House released Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, which included a Consumer Privacy Bill of Rights setting forth the principles that should govern the handling of personal data in commercial sectors (“Framework”). Pursuant to that Framework, NTIA is tasked with convening a multistakeholder process for the development of legally enforceable codes of conduct addressing how the Consumer Privacy Bill of Rights will apply in specific business contexts. The Request is NTIA’s first step in that process.
NTIA is asking for comments on several topics:
First, NTIA seeks comment on what issues should be addressed through the multistakeholder process. Among other things, NTIA is considering an initial multistakeholder process to deal with issues of transparency in the privacy notices for mobile device applications (“mobile apps”). NTIA also seeks comments on other potential topics, including: (a) other issues associated with mobile apps in general; (b) mobile apps that provide location-based services; (c) cloud computing services; (d) accountability mechanisms; (e) online services directed towards teenagers and/or children; (f) trusted identity systems; and (g) the use of multiple technologies to collect personal data.
Second, NTIA seeks comment on how the multistakeholder process should be structured to ensure openness, transparency, and consensus-building. Possible areas for comment include, among others: How can NTIA promote participation by a broad range of stakeholders? How can NTIA ensure transparency in the process? How can NTIA build consensus, and how will NTIA determine when consensus has been reached?
NTIA stated that a company’s decision to adopt the code of conduct will be voluntary, but if a company affirmatively commits to follow it, the commitment will be legally enforceable, provided the company is subject to the jurisdiction of the Federal Trade Commission (“FTC”). NTIA stated that the FTC will likely have the authority to enforce the code under 15 U.S.C. § 45, which prohibits deceptive acts or practices.
NTIA’s Request states that enforceable codes of conduct based on the Framework will “provide consumers clear, understandable baseline protections and give business greater certainty about how agreed-upon privacy principles apply to them.”