Obama administration issues a draft Privacy Bill of Rights

The text of the draft privacy Bill of Rights, labelled a ‘discussion draft’, would severely restrict the collection and processing of consumer data. This wide-ranging bill, based on the existing Fair Information Practice Principles (FIPPs), would need a congressional sponsor to become officially introduced.

The Center for Democracy & Technology (CDT) welcomed the draft saying that it is glad to see the Obama administration continue to provide needed leadership on privacy, but a number of elements need to be improved. It commented: “One very important element of the bill is that many of the FIPPs-based protections described above only apply in proportion to the ‘privacy risk’ the data poses. The bill defines ‘privacy risk’ fairly narrowly — it is the potential that data could ‘cause emotional distress, or physical, financial, professional or other harm to an individual.’ This is a significant shift away from a rights-based formulation adopted in other privacy legislation.”

The Consumer Privacy Bill of Rights Act, published on 27 February, would exempt government agencies and employment data, but would apply to the not-for-profit sector.

US-based law firm, Arnall Golden Gregory (headed by Robert Belair who has monitored privacy Bills in Congress since the 1970’s) commented in its news alert that while the proposal goes well beyond even the most restrictive proposals that have been introduced in Congress, it believes that the chances of something even close to this getting enacted are close to zero: “Privacy was not an issue that Congress was likely to tackle before the release of this draft, and we do not believe that this will ‘move the needle’ much, if at all.”

“Congress likely will continue to focus on data breach notification, and appears highly unlikely to want to tack privacy provisions on to that.”

The discussion draft