White House pushes for new privacy codes of conduct

Business participation in the privacy codes will be voluntary, but may be in their best interest, officials say

The U.S. White House will push for online businesses to adopt new privacy codes of conduct, including consumer rights to control what information websites collect about them and a right to see what data is being collected, officials there said.

Members of President Barack Obama's administration will officially announce details about its so-called privacy bill of rights on Thursday, with the effort focused on government working with private businesses, privacy groups and other experts to develop voluntary privacy codes of conduct.

While the Obama administration will propose privacy legislation to the U.S. Congress, the U.S. Department of Commerce will move ahead with voluntary codes of conduct that could be implemented without congressional action, administration officials said in a press briefing late Wednesday. Legislation would put consumer privacy rights into law.

"American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," Obama said in a statement. "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. For businesses to succeed online, consumers must feel secure."

If a company commits to following a privacy code of conduct, that commitment will be enforced by the U.S. Federal Trade Commission, said Daniel Weitzner, the White House's deputy CTO.

While adopting the privacy codes will be voluntary, many online businesses will want to consider them in an effort to retain the trust of their customers, officials said.

"We certainly think a lot of businesses will step up, and have stepped up, but we don't expect that solves the entire problem," Weitzner said. The White House will push for Congress to expand privacy protections, he added.

During the official White House announcement Thursday, the Digital Advertising Alliance (DAA), a coalition of U.S. media and marketing trade associations, will commit to honoring do-not-track requests made by Web users through their browsers. Most major browsers now offer do-not-track options, but compliance with the requests has been uneven.

Nearly 90 percent of U.S. businesses that deliver behavioral advertising, including Google, Yahoo, Microsoft and AOL, are members of the groups that make up the DAA, said Stu Ingis, the DAA's general counsel. Most DAA members should begin honoring the do-not-track requests within nine months, after working with browser makers to develop consistent do-not-track standards, he said.

"The DAA is committed to making choices work for all consumers," Ingis said.

FTC Chairman Jon Liebowitz praised the DAA for committing to honoring do-not-track requests in browsers. "This is a big step," he said.

With the DAA commitment, Web users should expect that if they set their browsers to prohibit websites and online advertising networks from tracking them, that one request will be honored across the Web, Weitzner said. Consumers should be able to make the choice once and not have it expire, he added.

The White House privacy proposal focuses on giving Web users choices about whether websites and advertising networks collect their personal information and what they do with it. Web users have a right to expect that Web businesses collecting their personal information will keep it secure and will limit the type of information they collect.

Consumers have a right to "easily understandable and accessible information about privacy and security practices," the White House privacy paper said. In addition, consumers have a right to access and correct personal data held by online companies, the paper said.

The Department of Commerce has been calling for new privacy protections for more than a year, but Thursday's announcement, and the accompanying 60-page paper, represent the most concrete plan the Obama administration has released.

The announcement comes as privacy groups and state officials have raised concerns about changes that Google is planning to its privacy policy. Google plans to consolidate user identities across its services on March 1.

In recent days, privacy groups have also criticized Google for allegedly circumventing privacy controls in the Internet Explorer and Safari browsers.

Liebowitz said he's aware of the concerns about Google's privacy policy, but he declined to comment on any potential FTC action.

Privacy group Consumer Watchdog praised the White House privacy announcement, although the group had not seen the proposals as of Wednesday evening.

"From what I understand to be in it, the report may represent real progress," said John Simpson, privacy project director for the group. "Enforceable codes of conduct could matter.  Baseline privacy legislation could make a difference."

Simpson said he's skeptical of an effort that will allow online companies to participate in the writing of privacy codes of conduct, and he questioned whether the Department of Commerce, with the job of promoting U.S. businesses, is the right agency to drive the privacy standards.

"The real question is how much influence companies like Google, Microsoft, Yahoo and Facebook will have in their inevitable attempt to water down the rules that are implemented and render them essentially meaningless," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

More about AOLFacebookFederal Trade CommissionFTCGoogleIDGMicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts