Regulators and Business to Work on Privacy Bill of Rights

Ad industry to honor do-not-track browser header

The Obama administration's long wait for a "consumer privacy bill of rights" is finally over, and it can't wait to get moving.

"We need strong online protections for consumers," Secretary of Commerce John Bryson said. He spoke during a press conference with reporters Wednesday evening in advance of a White House event on Thursday. "Businesses need principles. We need this now; we cannot wait."

The Commerce Department is releasing the first of two anticipated reports from the federal government on consumer privacy on the Internet. The Federal Trade Commission, which released its draft over a year ago, is expected to release a final privacy document in the next two weeks.

The administration lays out a public-private approach for the development of a voluntary privacy code of conduct enforced by the Federal Trade Commission. It recommends the adoption of seven privacy protections that consumers should expect, such as individual control over personal data, what is collected and how it is used.

The government doesn't expect to go it alone. The Commerce Department is planning to work with Internet companies, data collection companies, ad networks, privacy advocates and consumer groups.

As if to underscore the importance of private industry's role in developing and adopting privacy policies, regulators shared the podium with the Digital Advertising Alliance, a coalition of ad industry organizations. The DAA announced it was expanding its self-regulation program for behaviorally targeted advertising to include a "do not track" header on browsers that would be honored by its members, which represent 90 percent of the ad business community.

"The DAA is stepping up to our challenge," said Jon Leibowitz, the chairman of the Federal Trade Commission, which proposed a "do not track" option in its draft report over a year ago. "This is a significant step forward."

The DAA members already serve an in-ad privacy icon to give consumers the opportunity to opt out of ads and have already been talking with the browser companies about adopting a consistent approach to the proposed  "do not track" header. "We hope to have it uniform within nine months," said the DAA's Stu Ingis, a partner with the law firm Venable.

Getting online privacy guidelines adopted hasn't been easy. Nearly a dozen bills have been circulating around Congress, but none of them have advanced and few expect any to get passed in an election year. So the federal government's approach to involve industry members seems like a practical approach.

"We've been waiting so long for privacy legislation, but that's not likely to happen this year. So the [FTC and Commerce] might as well release papers and begin implementing something on a regulatory and industry self-regulatory basis," said Amy Mushahwar, a privacy attorney with Reed Smith. 

No one believes this is the end of privacy rule making.

"We think businesses will step up, but it doesn't solve the entire problem. The blueprint will give us a way to engage with Congress to develop legislative protections. We called on Congress last year; we expect to deepen that engagement," said Daniel Weitzner, the White House's deputy chief technology officer.