Privacy & Cybersecurity Law Blog

On December 16, 2010, the U.S. Department of Commerce Internet Policy Task Force issued its “Green Paper” on privacy, entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”  The Green Paper outlines Commerce’s privacy recommendations and proposed initiatives, which contemplate the establishment of enforceable codes of conduct, collaboration among privacy stakeholders, and the creation of a Privacy Policy Office in the Department of Commerce.  Noting that “privacy protections are crucial to maintaining the consumer trust that nurtures the Internet’s growth,” the Green Paper “recommends reinvigorating the commitment to providing consumers with effective transparency into data practices, and outlines a process for translating transparency into consumer choices through a voluntary, multistakeholder process.”

In summary, the Green Paper’s key proposals include:

• Enhancing consumer trust online by adopting a comprehensive set of Fair Information Practice Principles (“FIPPs”) “to protect the privacy of personal information in commercial contexts not covered by an existing sectoral law”
• Encouraging the development of voluntary, enforceable privacy codes of conduct that leverage innovation and expertise in the private sector to develop trustworthy privacy practices and flexible rules that can “evolve with new technologies and business models”
• Establishing a Privacy Policy Office (“PPO”) within the Department of Commerce “to help provide the Administration with greater expertise and a renewed focus on commercial data privacy”
• Renewing the U.S.’s commitment to leadership in the global privacy policy debate by promoting “low-friction, cross-border data flow through increased global interoperability of privacy frameworks” and finding “practical means to bridge differences”
• Ensuring “nationally consistent security breach notifications rules” by recommending the consideration of a “Federal commercial data security breach notification law that sets national standards, addresses how to reconcile inconsistent State laws, and authorizes enforcement by State authorities”
• Reviewing the Electronic Communications Privacy Act (“ECPA”), particularly to address privacy protection in cloud computing and location-based services.

The Green Paper is a result of the “comprehensive review of the nexus between privacy policy and innovation in the Internet economy” conducted by the Department of Commerce’s Internet Policy Task Force, which has included months of consultations, a notice of inquiry in April and a symposium in May.

The Green Paper follows the White House’s announcement regarding the launch of a new Subcommittee on Privacy and Internet Policy under the National Science and Technology Council.  The interagency task force is co-chaired by Commerce Department General Counsel Cameron Kerry and Assistant Attorney General of the Department of Justice, Christopher Schroeder.

Lawrence Strickling, the Assistant Secretary for Communications and Information, U.S. Department of Commerce, announced in his October 27 speech at the International Conference of Data Protection and Privacy Commissioners in Jerusalem, that Commerce would be publishing policy recommendations in a “Green” Paper, named as such “not because of its environmental impact, but because it contains both recommendations and a further set of questions on topics about which [the Department] seek[s] further input.”  The Department of Commerce is requesting comments on the Green Paper by the end of January.

On December 1, the Federal Trade Commission (“FTC”) issued its long-awaited report on online privacy entitled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

In a recent briefing of Hunton & Williams and Centre for Information Policy Leadership representatives, a Department of Commerce official noted that input provided by the Centre for Information Policy Leadership (the “Centre”) was influential in the development of the Green Paper. In June of this year, we reported on the Centre’s proposed recommendations in response to the Commerce Department’s initial inquiry.  The Centre’s work on accountability has played a pivotal role in the ongoing global privacy dialogue.

A more in-depth analysis of the Green Paper is forthcoming.