Last week, the National Telecommunications and Information Administration (NTIA) published a request for comments on how it should approach consumer privacy policy. NTIA noted that federal action is needed because a growing number of countries and U.S. states have adopted distinct policy approaches with respect to consumer privacy, which risks a fragmented regulatory regime that will harm innovation.
NTIA’s proposed approach for which it seeks comment consists of two parts. First, a set of user‑centric privacy outcomes, which are the intended results of any federal consumer privacy policy. These outcomes are transparency, control, reasonable minimization, security, access and correction, risk management, and accountability. NTIA states that adopting an outcome-based approach (rather than prescribing specific organizational practices) allows users and organizations to balance privacy and innovation. Second, a set of high-level goals for any federal action. These goals include harmonizing the regulatory landscape, providing legal clarity while maintaining flexibility to innovate, employing a risk- and outcome-based approach, incentivizing privacy research, and ensuring that the FTC can effectively enforce consumer privacy laws.
In addition to requesting comments on the approach described above, NTIA also is seeking comments regarding the steps it should take to achieve the approach’s outcomes and goals—for example, executive actions, statutory changes, or changes to the FTC’s resources, processes, or statutory authority. NTIA noted, however, that the request for comments does “not call for the creation of a statutory standard” nor does it “propose changing current sectoral federal laws.”
Comments are due October 26, 2018.