Should Congress enact a Privacy Bill of Rights?

Since it was introduced in early 2012, the notion of the Consumer Privacy Bill of Rights has been a talking point for lawmakers, businesses and consumer advocates alike. While some argue that a bill of rights is a long awaited piece of legislation, as far as privacy protection goes, others believe that it would make no difference in the arena of personal privacy. This article delves deeper into the possibility of a Consumer Privacy Bill of Rights.

What is the Privacy Bill of Rights?

Back in February 2012, the Obama administration announced its plans to work with Congress to develop a Consumer Privacy Bill of Rights, legislation designed to protect individuals’ online privacy. The announcement coincided with very vocal criticism against technology companies, such as Google and Apple, for not doing enough to protect consumers’ online privacy rights. The issue was only magnified with the widespread use of mobile devices and apps used on them that kept track of people’s personal communications, physical whereabouts, address books and other sensitive personal information.

The proposed Consumer Privacy Bill of Rights would give Internet users the right to:

  • Control what data is being collected
  • Determine how their personal data is used and shared
  • Avoid having information collected in one context, then used for another purpose
  • Have data held securely
  • To know who is accountable for the misuse of their data

The Bill of Rights would apply to personal data, meaning any data (including aggregations of data) that is linkable to a specific individual.

In a statement from the White House, President Obama said,

“American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online.” He continued, “For businesses to succeed online, consumers must feel secure. By following this blueprint, companies, consumer advocates and policy makers can help protect consumers and ensure the Internet remains a platform for innovation and economic growth.”

The Commerce Department’s National Telecommunications and Information Administration would work with Internet companies and consumer advocates to develop codes of conduct that would align with the new bill of rights. The FTC’s safe harbor regulations would provide companies with the “flexibility necessary for continuing innovation.”

The code of conduct would be enforceable under the existing FTC authority, however the administration also pledged to work with Congress to create legislation providing the FTC and State Attorneys General the specific authority to enforce the Consumer Privacy Bill of rights.

According to the official White House statement,

“The president’s privacy framework assures that as new Internet services develop privacy rules will keep up with, and not hamper, the pace of innovation. This framework takes advantage of the flexibility of self-regulatory processes but assures that new codes of conduct are guided by a comprehensive, forward-looking set of privacy principles and that all interested parties such as consumer advocates have a voice in the process.”

Disagreement Ensues

In April 2012, Sen. Richard Blumenthal and Rep. Mary Bono Mack argued over whether Congress should enact the proposed Privacy Bill of Rights. According to Sen. Blumenthal, “A privacy bill of rights is absolutely appropriate.” Blumenthal went on to say that the idea of preserving personal privacy is a notion that harkens back to the Founding Fathers. “People understand about tracking, about algorithms that identify them, about being pregnant before they may have even told their parents or their husband,” said the Senator.

Rep. Mack took a different position, having held hearings on privacy-related issues in her House energy and commerce subcommittee. “A bill of rights could perhaps go too far,” she commented. “If Congress jumps in too quickly and too heavy handed, it could harm innovation.” As an alternative Rep. Mack proposed a self-regulatory model with FTC enforcement.

While Sen. Blumenthal believed that a new federal agency created to preventing cyberattacks would be a good idea, Rep. Mack disagreed. “I don’t know that our constituents believe that if you create a new agency that they will be any safer. The creation of the Department of Homeland Security did not help secure the nation’s chemical facilities,” Mack pointed out.


In February 2012, the Obama administration announced a “Consumer Privacy Bill of Rights,” as part of a comprehensive approach to protecting individuals’ online privacy rights and provide Internet users with greater control over how their personal information is being handled. The Consumer Privacy Bill of Rights would give Internet users the right to: 1) Control what data is being collected; 2) Determine how their personal data is used and shared; 3) Avoid having information collected in one context, then used for another purpose; 4) Have data held securely; and 5) To know who is accountable for the misuse of their data. This article takes a look at some of the disagreements caused by the proposed bill of rights.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, as well as the Certified Information Privacy Professional/ US Government (CIPP/G) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Technologies with privacy impacts (CIPP/IT; VI.)
  • Privacy as a core value in US government (CIPP/G; I..A.b.i.)
  • US public and private sector information privacy laws (CIPP/G; I.B.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>