Updated: Oct 19, 2018
The prospective federal policy consists of two goals: 1) a set of user-centric privacy outcomes that represent the goals of any Federal Actions on consumer-privacy policies; and 2) a set of high-level goals that outline the ecosystem that should be created to provide those protections.
The RFC lists the desired outcomes of the new policy as: transparency for users to understand how their personal information is used and stored; expanding users’ ability to exercise reasonable control, access, and correct the personal information they provide; reasonably minimizing the extent to which organizations can collect, store, and use private information; improving the security of private information and mitigating risk; and holding organizations accountable for the use of personal information.
The RFC also lists goals that will set the broad outline of what Federal action should be taken. These goals include: harmonizing the regulatory landscape by avoiding duplicative and contradictory obligations for organizations; providing clear rules and allow organizations the flexibility to innovate; creating a comprehensive application of any action to all private sector organizations that collect, store, use, or share personal data but are not covered by sectoral laws; employing risk-based regulations focused on user-centric outcomes; supporting interoperability with international norms and frameworks; incentivizing research into developing products and services that improve privacy protections; naming the FTC as the appropriate federal agency to enforce consumer privacy regulations; and scaling these regulations in proportion to the scope of the information an organization is handling.
Specifically, the RFC seeks comment on the core privacy outcomes and goals that are listed and what additional steps should be taken to effectuate these outcomes. Comment is also sought on whether any key terms listed in the RFC require more precise definitions, whether changes need to be made with regard to the FTC’s statutory authority in order for it to continue as the Federal consumer privacy enforcement agency, and whether there are other ways to achieve these goals that are not included in this RFC.
On October 11, 2018, the National Telecommunications and Information Administration (“NTIA”) extended the deadline to submit comments on the administration’s approach to consumer privacy from October 26 to November 9, per a Federal Register notice. NTIA began soliciting comments in late September on ways to advance consumer privacy while protecting prosperity and innovation.
Comments are now due Friday, November 9, 2018 and may be submitted via email to [email protected], Docket No. 180821780-8780-01.
Please Contact Us if you have any questions.