Early 2012 will likely see the publication of at least two important privacy-related documents: the final versions of the preliminary privacy Reports issued by the Federal Trade Commission and the Department of Commerce. One or both may call for new privacy laws at the federal level.
The FTC's December 2010 Report - "Protecting Consumer Privacy in an Era of Rapid Change" - proposed a new framework for the online and offline collection and use of consumer data comprised of the following three principles: (1) privacy by design, (2) simplified choice, and (3) greater transparency. In the preliminary Report, the FTC supported the development of a "Do Not Track" mechanism for online behavioral advertising that would enable people to avoid having their actions monitored online, a move the online advertising industry has opposed. The final version of the Report may confirm this position, and urge Congress to enact legislation in this area, or it may conclude that the self-regulatory framework is preferable but needs to be more robust.
The Department of Commerce's December 2010 Green Paper - "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework" - proposed the recognition of "baseline" consumer privacy rights, a new federal security breach notification law, the establishment of a federal Privacy Policy Office, more self-regulatory programs for various industries, more transparency in privacy notices, and more cooperation with other countries to harmonize international privacy standards. The Green Paper did not take positions on do-not-track or opt in/opt out regimes, two of the biggest issues in the online privacy debate.
Both agencies are reportedly close to completing their review of the final versions of these Reports.
The FTC is also reviewing its COPPA Rule, which spells out requirements for complying with the Children's Online Privacy Protection Act. The FTC issued proposed revisions to its Rule in September 2011; if adopted, these revisions would significantly expand COPPA to include mobile devices and geo-location information.
Finally, across the pond, EU officials are expected to release revisions to the EU Data Protection Directive in late February or early March 2012. Some of these changes are directed at non-EU companies and may significantly impact how U.S.-based entities that interact with EU consumers can collect, store and use consumer data.
We will alert you as soon as these Reports and revisions are announced and will provide summaries of key provisions of each.
This client alert is a publication of Loeb & Loeb LLP and is intended to provide information on recent legal developments. This client alert does not create or continue an attorney client relationship nor should it be construed as legal advice or an opinion on specific situations.
Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.