News & Resources

Publications & Media

“Proposed data privacy legislation at the federal level may be a step in the right direction, but falls short of consumer advocacy groups’ expectations”

Safe and Sound By Heather L. Buchta

More than a month after announcing plans to build on cyber security infrastructure, President Obama released a draft of new data privacy legislation—once again stirring the debate on the best approach to protecting consumer data.

The new legislation—the Consumer Privacy Bill of Rights—places several notable requirements on companies. Among these requirements, companies would have to use “concise and easily understandable language” in explaining their privacy and security practices to consumers. They would also have to allow individuals to see, correct and delete information that companies hold about them. And the legislation would prohibit companies from reselling or reusing data in ways that would cause consumers fear or surprise. Industries as a whole would also have obligations under the new rules in that they would have to establish “codes of conduct” around data. Companies themselves would also have to create privacy review boards, which the Federal Trade Commission would oversee.

On its face, the proposed legislation appears comprehensive. But as data privacy continues to be a growing concern among consumer advocacy groups and politicians across the country, some believe the legislation still hasn’t gone far enough.

In an email he sent to the Wall Street Journal, Senator Ed Markey (D-Mass.) said “Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally-enforceable rules that companies must abide by and consumers can rely upon.” And Consumer Watchdog along with other consumer advocacy groups sent a letter to the president on March 3 with a bulleted list (11 total) of the bill’s shortcomings, including—among many others—that it “does not adequately define what constitutes sensitive information,” “does not protect large categories of personal information” and “gives companies broad leeway to determine the protections that consumers will receive.”

Robust data privacy legislation has been a long time coming from the Obama Administration. And some think it can’t get here fast enough. A recent Pew Research Center survey showed that 91 percent of consumers believe they have lost control over how technology companies and the government collects and uses their personal information.