Yesterday, President Obama introduced a framework for his planned US data protection regulations. It combines elements from the self-regulation efforts of market participants, which are controlled by the FTC, and integrates them with legislative initiatives.
In the document’s introductory words, President Obama is quoted stating:
“Never has privacy been more important than today, in the age of the Internet, the World Wide Web and smart phones. In just the last decade, the Internet has enabled a renewal of direct political engagement by citizens around the globe and an explosion of commerce and innovation creating jobs of the future. Much of this innovation is enabled by novel uses of personal information. So, it is incumbent on us to do what we have done throughout history: apply our timeless privacy values to the new technologies and circumstances of our times.
I am pleased to present this new Consumer Privacy Bill of Rights as a blueprint for privacy in the information age. These rights give consumers clear guidance on what they should expect from those who handle their personal information, and set expectations for companies that use personal data. I call on these companies to begin immediately working with privacy advocates, consumer protection enforcement agencies, and others to implement these principles in enforceable codes of conduct. My Administration will work to advance these principles and work with Congress to put them into law. With this Consumer Privacy Bill of Rights, we offer to the world a dynamic model of how to offer strong privacy protection and enable ongoing innovation in new information technologies.”
The bill tries to combine technical developments and the private sphere. That can, for example, be seen in the call for a “Do Not Track” mechanism which, with the single touch of a button, allows users to opt out and be excluded from tracking mechanisms. Google, Microsoft, Yahoo, AOL and others have already announced that they will implement the “Do Not Track” button in the future through voluntary self-regulation efforts (and enforced by the FTC).
The legislative push made by the White House can also be interpreted within the context of the proposed EU data protection rules that were officially introduced last month: While the European Commission’s proposal focuses more on comprehensive Internet regulation, the US – through government-controlled self-regulation and broader definitions – is trying to combine technology and data protection more strongly (for a general comparison of the current differences between the two approaches, please see the following article in German by heise.de).