• by Wendy Davis , November 22, 2010

As the Department of Commerce readies recommendations about online privacy, the advocacy group World Privacy Forum is raising questions about the agency's track record.

A new report, "The US Department of Commerce and International Privacy Activities: Indifference and Neglect," states that the agency's history "indicates a lack of rigor regarding enforcement and compliance in the privacy programs it administers." Specifically, the World Privacy Forum criticized Commerce's handling of the current "safe harbor" program, which allows U.S. companies to export consumers' data from the European Union (where privacy laws protect a broad array of data) provided that the companies certify that they follow certain standards.

The World Privacy Forum says in its report that at least three separate studies conducted in the last decade show that Commerce is not adequately administering that program. For instance, a 2008 study revealed that 1,597 organizations were listed as enrolled in the program, but only 1,109 of those groups had current memberships, according to the World Privacy Forum report. "This in itself is an astonishing finding," the report states.

The World Privacy Forum paper, released today, comes as the Commerce Department is preparing to release recommendations about online privacy. A leaked version of Commerce's report indicates that the agency will propose baseline legislation, based on fair information practices principles -- which generally require that people be notified about data collection and given the opportunity to consent.

Commerce also is expected to call for a new federal privacy office, but will not recommend giving the office enforcement authority. Instead, the office "would work with the FTC in leading efforts to develop voluntary but enforceable codes of conduct." Companies that adhere to those voluntary principles reportedly would be given safe harbor protection.

Some privacy advocates welcome the recommendations, saying that legislation setting minimum privacy standards would mark an improvement over the current unregulated state of online data collection. But others argue that the Commerce Department proposal would more or less mimic a proposal floated by Rep. Rick Boucher (D-Va.) -- which many consumer advocates criticized as weak.

The White House also reportedly recently created an Internet privacy task force, to be led by Cameron Kelly, Commerce Department general counsel (and brother of Sen. John Kerry (D-Mass.) and Christopher Schroeder, Department of Justice assistant attorney general.

Pam Dixon, executive director of the World Privacy Forum, says that the newly formed task force should also be led by a representative from the Federal Trade Commission, to focus on consumer protection. "The mission of the Department of Commerce is commerce, not consumers," she says.

Dixon adds that she is wary of giving the Commerce Department additional oversight over privacy matters. "Safe harbor has been a disaster for the Department of Commerce," she says.