Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Enough of the Patchwork: Tech Industry Group Calls for a National Privacy Framework

Share

The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”

In describing the context for the principles the IA noted that its members comply with the range of strong federal privacy, data security, consumer protection, and anti-discrimination laws. Coupled with following state laws, and self-regulatory principles that govern how they do business, this “patchwork” leads to inconsistent experiences for individuals. Accordingly, a new, comprehensive national framework would create more “consistent privacy protections that bolster consumers’ privacy and ease compliance for companies.”

The IA’s six principles include:

  • Transparency – Individuals should have the ability to know if and how personal information they provide is used and shared, who it’s being shared with, and why it’s being shared.
  • Controls – Individuals should have meaningful controls over how personal information they provide to companies is collected, used, and shared, unless that information is legally required or is necessary for the basic operation of the business.
  • Access – Individuals should have reasonable access to the personal information they provide to companies. Personal information may be processed, aggregated, and analyzed to enable companies to provide services to users.
  • Correction – Individuals should have the ability to correct the personal information they provide to companies, except where companies have a legitimate need or legal obligation to maintain it.
  • Deletion – Individuals should have the ability to request the deletion of the personal information they provide to companies when it’s no longer necessary to provide services, except where companies have a legitimate need or legal obligation to maintain it.
  • Portability – Individuals should have the ability to take the personal information they provided to one company and provide it to another company that provides a similar service.

Further, the IA identified key components of a National Privacy Framework to include:

  • Fostering privacy and security innovation.
  • A national data breach notification law.
  • Technology and sector neutrality.
  • Performance standard-based approach.
  • Risk-based framework.
  • A modern and consistent national framework for individuals and companies.

The IA’s principles could be a response to the recently imposed compliance obligations imposed by the EU’s General Data Protection Regulation, as well as the recently enacted California Consumer Privacy Protection Act that will become effective in 2020. At the same time, NIST has announced plans to collaborate with industry to develop a voluntary, enterprise-level Privacy Framework, much like its popular Cybersecurity Framework. A recently released survey from the National Telecommunications and Information Administration (NTIA) noted that privacy and security online continues to be a major issue for many Americans. The NTIA survey noted that nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks. One third said such worries caused them to hold back from some online activities.

Finally, the U.S. Senate Committee on Commerce, Science, & Transportation will hold a hearing examining consumer privacy protection on September 26, 2018. Currently, the witnesses listed to testify include senior executives from internet and technology companies:

  • Len Cali, Senior Vice President—Global Public Policy, AT&T Inc.
  • Andrew DeVore, Vice President and Associate General Counsel, Amazon.com, Inc.
  • Keith Enright, Chief Privacy Officer, Google LLC
  • Damien Kieran, Global Data Protection Officer and Associate Legal Director, Twitter, Inc.
  • Guy (Bud) Tribble, Vice President for Software Technology, Apple Inc.
  • Rachel Welch, Senior Vice President, Policy & External Affairs, Charter Communications, Inc.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

September 17, 2018
Written by: Discerning Data Editorial Board
Category: Privacy
Tags: GDPR, Internet Association, national privacy framework, National Telecommunications and Information Administration, NIST, NTIA, Science, Senate Commerce Committee

Post navigation

Previous Previous post: Security Recommendations for Mobile Health Apps
Next Next post: Sixth and Second Circuits Rule In Favor of Insurance Policy Holders in Computer Fraud Provisions Cases

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT