Privacy & Information Security Law Blog

As previously reported, on December 16, 2010, the U.S. Department of Commerce released its Green Paper “aimed at promoting consumer privacy online while ensuring the Internet remains a platform that spurs innovation, job creation, and economic growth.”

During a press teleconference earlier that morning announcing the release of the Green Paper, Secretary Gary Locke commented on the Green Paper’s recommendation of adopting a baseline commercial data privacy framework, or a “privacy bill of rights,” built on an expanded, revitalized set of Fair Information Practice Principles (“FIPPs”).  He indicated that baseline FIPPs would respond to consumer concerns and help increase consumer trust.  The Secretary emphasized that the Department of Commerce would look to stakeholders to help flesh out appropriate frameworks for specific industry sectors and various types of data processing.  He also noted that the agency is soliciting comments on how best to give the framework the “teeth” necessary to make it effective.  The Secretary added that the Department of Commerce is also open to public comment regarding whether the framework should be enforced through legislation or simply by conferring power on the Federal Trade Commission.

Central to the press conference discussion was the proposed creation of a Privacy Policy Office (“PPO”) within the Department of Commerce.  Danny Weitzner, Associate Administrator for the Office of Policy Analysis and Development in Commerce’s National Telecommunications and Information Administration, indicated that the PPO would be guided by the privacy bill of rights and would identify areas for the development of best practices.  The PPO would serve as a convenor, bringing together key stakeholders and acting as a source of expertise in the broader, ongoing policy debate.  When asked why such an office would be situated within the Department of Commerce and not be established as an independent agency, Commerce officials remarked that the creation of an independent agency would require waiting for Congressional approval, while forming the PPO within the Department of Commerce responds to the urgent need to move the policy agenda forward without delay.

With respect to global privacy, Weitzner commented on the significant burden that international compliance imposes on business, noting not only the cost, but the “innovation-thwarting impact” of the need to comply with multiple, often conflicting cross-border requirements.  He emphasized that an important part of the Department of Commerce’s initiative is to ensure that the U.S. is able to engage in a constructive, respectful dialogue with trading partners on this issue.  Weitzner cited remarks by Peter Hustinx, European Data Protection Supervisor, at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem, where he stated that in spite of differences in the past, the U.S. and the EU now stand poised to learn from each other in a renewed dialogue.  When questioned on the subject, however, Weitzner emphasized that the U.S. framework would not be presented to the EU for approval.  Rather, he indicated that the framework would serve as a centerpiece of the exchange with European and other partners in bilateral negotiations and multilateral forums such as the Organization for Economic Cooperation and Development and the Asia Pacific Economic Cooperation.

Weitzner asserted that, because resolution of privacy and data protection issues has major implications for American business, the agency plans to act as quickly as possible after reviewing comments on the Green Paper, which are due January 28, 2011.  He noted that preliminary steps have already been taken to establish the Privacy Policy Office.