Enough of the Patchwork: Tech Industry Group Calls for a National Privacy Framework
Monday, September 17, 2018
Intrernt association requests privacy framework to be set up.

Related Practices & Jurisdictions
Print Mail Download info_icon_img/>i

The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”

In describing the context for the principles the IA noted that its members comply with the range of strong federal privacy, data security, consumer protection, and anti-discrimination laws. Coupled with following state laws, and self-regulatory principles that govern how they do business, this “patchwork” leads to inconsistent experiences for individuals. Accordingly, a new, comprehensive national framework would create more “consistent privacy protections that bolster consumers’ privacy and ease compliance for companies.”

The IA’s six principles include:

  • Transparency – Individuals should have the ability to know if and how personal information they provide is used and shared, who it’s being shared with, and why it’s being shared.
  • Controls – Individuals should have meaningful controls over how personal information they provide to companies is collected, used, and shared, unless that information is legally required or is necessary for the basic operation of the business.
  • Access – Individuals should have reasonable access to the personal information they provide to companies. Personal information may be processed, aggregated, and analyzed to enable companies to provide services to users.
  • Correction – Individuals should have the ability to correct the personal information they provide to companies, except where companies have a legitimate need or legal obligation to maintain it.
  • Deletion – Individuals should have the ability to request the deletion of the personal information they provide to companies when it’s no longer necessary to provide services, except where companies have a legitimate need or legal obligation to maintain it.
  • Portability – Individuals should have the ability to take the personal information they provided to one company and provide it to another company that provides a similar service.

Further, the IA identified key components of a National Privacy Framework to include:

  • Fostering privacy and security innovation.
  • A national data breach notification law.
  • Technology and sector neutrality.
  • Performance standard-based approach.
  • Risk-based framework.
  • A modern and consistent national framework for individuals and companies.

The IA’s principles could be a response to the recently imposed compliance obligations imposed by the EU’s General Data Protection Regulation, as well as the recently enacted California Consumer Privacy Protection Act that will become effective in 2020. At the same time, NIST has announced plans to collaborate with industry to develop a voluntary, enterprise-level Privacy Framework, much like its popular Cybersecurity Framework. A recently released survey from the National Telecommunications and Information Administration (NTIA) noted that privacy and security online continues to be a major issue for many Americans. The NTIA survey noted that nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks. One third said such worries caused them to hold back from some online activities.

Finally, the U.S. Senate Committee on Commerce, Science, & Transportation will hold a hearing examining consumer privacy protection on September 26, 2018. Currently, the witnesses listed to testify include senior executives from internet and technology companies:

  • Len Cali, Senior Vice President—Global Public Policy, AT&T Inc.
  • Andrew DeVore, Vice President and Associate General Counsel, Amazon.com, Inc.
  • Keith Enright, Chief Privacy Officer, Google LLC
  • Damien Kieran, Global Data Protection Officer and Associate Legal Director, Twitter, Inc.
  • Guy (Bud) Tribble, Vice President for Software Technology, Apple Inc.
  • Rachel Welch, Senior Vice President, Policy & External Affairs, Charter Communications, Inc.
© 2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

Current Public Notices

Current Legal Analysis

More from Faegre Drinker

SCOTUS Denies Certiorari in Cases Concerning FCA Liability Requirement, Objective Falsity Circuit Split Remains Intact
by: Commercial Litigation Practice Group
Groundbreaking Fourth Circuit Decision Upholds Private Plaintiff’s Successful Effort to Unwind a Consummated Merger
by: Kathy L. Osborn , Emily E. Chow
Travel Bans and Quarantine Hotels: Traveling to the U.K. During COVID-19
by: Hodon Anastasi
TCPA Plaintiff Argues he wasn’t Injured in Attempt to Dodge Federal Jurisdiction
by: Marsha J. Indych , Renée M. Dudek
Silver Lining: COVID-19 Engagements Allow More Time for Premarital Financial Planning
by: Jaime A. Quick
Biden EPA Makes First Moves to Address PFAS in Drinking Water
by: Bonnie Allyn Barnett , Brandon W. Kirkham
Predicting the Enforcement Priorities of the Biden DOJ
by: Thomas J. Kelly , Daniel E. Pulliam
New York City Council Imposes Stricter Discipline Requirements on Fast Food Employers
by: Gerald T. Hathaway
Disclosure of Binding Arbitration Not Required In Consumer Warranties, Says Florida Supreme Court
by: Traci T. McKee , Lexi C. Fuson
FCC Order Causes Confusion Regarding Consent Required for Informational Calls to Residential Landlines
by: Matthew M. Morrissey

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins