New Privacy Measures Announced by the White House and the California Department of Justice

Two new privacy measures are likely to impact organizations that collect information about their customers online.

At the federal level, the Obama administration released a report proposing a framework for American privacy and data protection policy.  The report, entitled “Consumer Data Privacy in a Networked World:  A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” includes a Consumer Privacy Bill of Rights that sets forth individual rights for consumers and corresponding obligations for companies that collect personal data. 

Although the White House report remains a blueprint and does not include enforceable regulations, the administration signaled that it will immediately begin convening companies, privacy advocates and other stakeholders to develop and implement codes of conduct based on the Consumer Privacy Bill of Rights. If an organization were to voluntarily adopt such codes of conduct, then, according to the White House, that organization’s public commitment to adhere to such codes of conduct would “become enforceable under Section 5 of the FTC Act.”

The Obama administration also indicated that it will work with Congress to craft legislation based on the Consumer Privacy Bill of Rights, and empower the FTC and State Attorneys General to enforce it.

Specifically, the Consumer Privacy Bill of Rights provides that consumers have the following rights:

• to exercise control over what personal information is collected by organizations, and how they use it
• to have access to understandable and accessible details about privacy and security practices
• to expect companies to collect, use and disclose data in ways that are consistent with the context in which consumers provided the data
• to have data handled in a secure manner
• to access and correct data
• to have reasonable limits on the data that organizations collect and retain
• to have their data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

In addition, the California Department of Justice last week announced a Joint Statement of Principles (the “Principles”) with the leading operators of mobile app platforms to improve privacy protections for consumers.  Under the Principles, Amazon, Apple, Google, Hewlett-Packard, Microsoft and RIM (the “Platforms”) committed to taking steps to increase awareness among mobile app developers about their privacy obligations under California law, and to promoting transparency in privacy practices.

Specifically, the Principles call for the Platforms to (i) include, in the app submission process, optional data fields for developers to submit the text of, or links to, their privacy policies, (ii) enable end user access to the privacy policies submitted by developers, and (iii) give end users tools to report non-compliant apps to the Platforms, and to implement processes to respond to these reports. 

In the release accompanying the Principles, California’s Justice Department noted that the Principles were designed to ensure that mobile app developers comply with the California Online Privacy Protection Act, which requires operators of online services (including mobile apps) that collect personal information about Californians to conspicuously post a privacy policy.

If you have any questions about the new privacy initiatives, or about other privacy and eCommerce issues, please contact Glen Westerback at gwesterback@fkks.com or 212.826.5563 or any other member of Frankfurt Kurnit’s Technology, eCommerce and Privacy Group.