Â
by Nestor E. Arellano
United States President Barak Obama created quite a stir yesterday when he unveiled a proposed framework for an designed to protect consumers’ privacy online.
The document called the Consumer Data Privacy in the Networked World essentially adapts for the commercial Internet environment, some globally recognized principles of privacy. Not surprisingly the White House’s framework released yesterday shares some principles outlined by Canada’s Privacy Commissioner Jennifer Stoddart in December last year when she unveiled a (OBA).
Unfortunately, Obama’s framework and Stoddart’s guidelines also share some common weaknesses.
Both zero in of data collection activities carried out by companies and marketers. Essentially they seek to provide people with greater control over the personal data on the Internet, how it is collected, retained and used.
The Canadian guidelines focus squarely on tracking tools used by companies and opt-out mechanisms for consumers. The guidelines include:
- Individuals must be made aware of the purposes behind the collection of data and tracking of their online activities. This warning must be made obvious, easily accessible and understood.
- People must be made aware of the data collection before the time of collection. Individuals must also be told of the various parties involved in the OBA.
- An opt-out mechanism must be made available to individuals, ideally before the data collection begins. The opt-out should take effect immediately and persistently.
- Technology that makes it impossible to opt-out should not be used.
- Opting-in should not be used as a condition for accessing service.
- Information collected should be limited and must not include sensitive personal information.
- Information or links between information and a person’s identity should be destroyed as soon as possible.
- Organizations should avoid knowingly tracking children and conducting tracking on Web sites aimed at children.
The White House framework includes the following principles:
- Consumers have a right to exercise control over what personal data companies collect from them and how they use it
- Consumers have a right to easily understandable and accessible information about privacy and security practices
- Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data
- Consumers have a right to secure and responsible handling of personal data
- Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate
- Consumers have a right to reasonable limits on the personal data that companies collect and retain
- Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights
Both initiatives have the potential to seriously impact the operation and bottom line of large and small businesses that rely on current Internet data mining schemes and online advertising and marketing techniques. Businesses from Google (), Apple () and Microsoft () to Canadian Tire which recently , to even small businesses asking for customer email addresses are all after customer data.
There is simply no way the government can totally cut off businesses from their source of precious data. Both U.S. and Canadian governments realize that data is vital for businesses. The most that can be done is to find a balance between the business need and the need for individual privacy.
Both initiatives are very commendable, but however well-intentioned they may be, the main challenge for the Obama framework and Canadian OBA guideline is implementation.
It is still uncertain if the White House’s proposed Internet Bill of Rights will ever be made into law or remain a mere declaration. Canada’s OBA guidelines are just that – guidelines.
Of course the privacy commissioner said that businesses that fail to comply with the guidelines could face disciplinary measures. “We have the powers to investigate businesses and conduct an audit. We can get to federal courts to compel organizations to comply or fine them and we can publicly name erring businesses,†Stoddart said.
But largely, these two online privacy measures rely on voluntary compliance and industry self policing.
Implementation and monitoring will likely also be very expensive for both governments.
Despite these challenges, I am rooting for both initiatives. Canadian and U.S.agencies out to secure online privacy have their work cut out for them. They’ve both taken small steps towards protecting consumers. They are small steps, but important steps.
             Â
Â