Federal Trade Commissioner Julie Brill, considered the federal government’s leading voice on consumer privacy, on Saturday said she was “disappointed” with a week-old White House draft “bill of rights,” while adding that it furthered the discussion on the ever-expanding flow of personal data.
“I do commend the administration for grappling with some complex issues and for really trying to come up with a mechanism for implementing some kind of baseline set of rules that require dealing with some subtle concepts,” Ms. Brill, an Obama administration appointee, told the Pittsburgh Post-Gazette.
“When I look at it as a whole, I am disappointed with the starting point for the discussion,” she added.
The draft Consumer Privacy Bill of Rights Act, floated by the White House on Feb. 27 with little fanfare, aims to create “baseline protections for individual privacy in the commercial arena.” It has been panned by numerous privacy advocacy groups and some data industry representatives, for different reasons.
Ms. Brill’s comments represent an unusually detailed critique from an executive branch appointee.
“One of the fundamental problems I have with the way I think the whole bill would work,” she said, “is there seems to be very little of a bottom line.”
It would create a multi-stakeholder process to draft privacy rules, and would tell data-collecting companies to empanel internal Privacy Review Boards. “I don’t have any problem with those structures and [processes], but never does the bill say, ‘But here’s a line you cannot cross. ... It’s too far beyond what we would allow, or we should allow, absent some sort of consumer choice or notice.’”
Ms. Brill said the draft doesn’t address whether companies should be allowed to collect personal data for one purpose, and then shift it to another purpose without consent.
It does not touch on the growing flow of user-created health information which apps and wearable devices collect and transmit, she said. “If that information is also flowing to ad networks and to data brokers and data analysts, then consumers should know that,” she said.
Similarly, mobile applications that send out precise information on the location of the user should operate under rules, but the bill doesn’t create any, she noted.
The draft would tell hundreds of companies to create internal codes for collecting and using personal information, and would give the FTC the challenging job of reviewing them, she said.
Ms. Brill, who was a high-ranking law enforcement official in Vermont and then North Carolina before joining the FTC, said she was concerned about a plank in the draft bill that would pre-empt state privacy laws. The federal government, she said, should only preempt the states with a “robust” federal law.
She said some of the draft’s details are on target, pointing to its proposed standards for stripping identification information from some data.
She said she wants to work with the White House, industry and privacy advocates on a “correction in course” that would lead to a more consumer-friendly starting point for discussions.
Ms. Brill said she would “strongly support” a bill introduced Thursday by Democratic senators Edward Markey of Massachusetts, Richard Blumenthal of Connecticut, Sheldon Whitehouse of Rhode Island and Al Franken of Minnesota that would regulate the data broker industry.
Data brokers collect, analyze and sell information about people with whom they have no direct relationship. “They’re collecting a lot of deeply sensitive and personal information from consumers and using it to profile them,” to target ads and even warn companies if you are “a risky customer,” she said.
She said the growing data broker industry should swing behind regulation because it will enhance consumer trust.
Ms. Brill appeared at Carnegie Mellon University’s Data Privacy Day Jan. 28, reiterating her prior calls for legislation on consumer privacy, data breaches and data brokers. Since then, proposals in all three areas have emerged, and President Barack Obama has made several major speeches on data privacy and security issues.
Rich Lord: email@example.com or 412-263-1542. Twitter @richelord