Live from IAPP Global Privacy Summit in D.C.: FTC Weighs in on Consumer Privacy Bill of Rights
McDonald Hopkins national Data Privacy and Cybersecurity attorneys are live in Washington, D.C. for the IAPP Global Privacy Summit 2015.
At IAPP, I had the opportunity to hear from the Director of the FTC Bureau of Consumer Protection, Jessica Rich, as she weighed in on the Consumer Privacy Bill of Rights Act of 2015 recently released by the White House (click here for a discussion draft of the Bill). Ms. Rich made it clear that although the FTC was pleased that President Obama took the steps to come up with the Bill, the FTC is not endorsing it!
The FTC is not supporting the bill for many reasons, but Ms. Rich hi-lighted her main concerns at IAPP:
- The Bill will not provide the strong protections needed and it contains "fuzzy" requirements that are hard to enforce;
- The lengthy definition of "context" to decide whether "choice" has to be offered to consumers is a road block;
- If a company changes their privacy policy, the Bill does not require that the company obtain updated "opt ins" from consumers after the change is implemented;
- The Bill does not contain any special treatment for sensitive data;
- The Bill preempts state laws, but there is a two year term when the bill cannot be enforced, leaving a serious gap; and
- There is an 18-month window where civil penalties cannot be enforced by the FTC.
Overall, Director Rich (and the FTC) believes that the current protections that are in place will become weakened if this Bill passes.
We'll continue to monitor the Consumer Privacy Bill of Rights Act and provide timely updates.