Matthew Lasar at Ars Technica has news and details of an interesting proposal from the US Department of Commerce. In practice, it won’t be called a bill of rights.
Instead they’ll be dubbed “Fair Information Practice Principles” (FIPPs), intended to promote “increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability.”
As Lasar further explains, the framework suggested builds on principles found in the Privacy Act of 1974 which applies primarily to government agencies. The key difference is that this set of rules would be voluntary though once taken on by a web site or service operator would be enforced by the FTC. A form of safe harbor from complaints would even apply for sites adhering to their policies.
This is a good bit of rhetoric and includes ideas that haven’t to my knowledge been advanced in a proposed law previously. The proof will be in the implementation. After all, the US government has been snarled in its own share of privacy complaints and data breaches. A set of principles, no matter who well couched, isn’t going to be enough.
I guess I am most interested in this story because it has the potential for establishing some basic expectations in the realm of privacies on which both consumer and business choices could be based on more empirical negotiated.
US calls for online privacy “Bill of Rights”, Ars Technica