Department of Commerce Seeks Public Comment on Data Privacy Rules
The National Telecommunications and Information Administration of the Department of Commerce published a notice on September 26, 2018, requesting public comment on “ways to advance consumer privacy while protecting prosperity and innovation.”
The NTIA stated that data privacy laws were nationally and globally fragmented and that the Administration hoped to increase harmonization of these laws. The NTIA further stated that the Administration believed that consumers should be able to benefit from the use of their information and that consumers expected organizations to minimize risks to the consumers’ privacy. Therefore, the NTIA requested comments that would assist Commerce in laying out a set of user-centric privacy outcomes and high-level goals for federal action.
In considering user-centric privacy outcomes, the NTIA requested commenters focus on: (1) allowing users to understand how an organization collects, stores, uses, and shares personal information by being transparent; (2) users’ ability to exercise reasonable control over the collection, use, storage, and disclosure of personal information; (3) reasonable minimization of data collection, storage length, use, and sharing by organizations; (4) security safeguards that should be employed by organizations; (5) users’ ability to access, correct, or delete data; (6) risk management; and (7) organizations’ accountability in the collection, maintenance, and use of consumer data.
Additionally, the NTIA requested commenters provide feedback on the Administration’s goals for federal action which focus on: (1) harmonizing the regulatory landscape; 2) ensuring legal clarity while maintaining the flexibility to innovate; (3) comprehensive application to all private sector organizations that collect, store, use, or share personal data in activities that are not covered by sectoral laws; (4) employing a risk and outcome based approach; (5) interoperability across borders; (6) incentivizing privacy research; (7) establishing the FTC as the primary agency to enforce consumer privacy; and (8) scalability.
The NTIA requested all comments be submitted within 30 days of the notice being published.
The Federal Register Notice can be found here.