Commerce Department Seeks Comments On 'Risk-Based' Privacy Approach

On the eve of a Senate hearing addressing online privacy, the Commerce Department issued a call for comments about the topic.

"The time is ripe for this Administration to provide the leadership needed to ensure that the United States remains at the forefront of enabling innovation with strong privacy protections," the National Telecommunications and Information Administration writes.

The NTIA says the administration wants to move away from the current notice-and-choice framework -- which often involves presenting people with lengthy privacy policies and allowing them to opt out of certain uses of their data -- to a so-called "risk-based approach."

"The desired outcome is a reasonably informed user, empowered to meaningfully express privacy preferences, as well as products and services that are inherently designed with appropriate privacy protections, particularly in business contexts in which relying on user intervention may be insufficient to manage privacy risks," the NTIA writes. "Using a risk-based approach, the collection, use, storage, and sharing of personal data should be reasonable and appropriate to the context. Similarly, user transparency, control, and access should be reasonable and appropriate relative to context."



The NTIA's proposal, like the upcoming Senate hearing, comes as recent controversies -- including Cambridge Analytica's harvesting of data from up to 87 million Facebook users -- are fueling momentum for new privacy laws.

The federal initiative is also driven by Europe's General Data Protection Regulation -- which requires ad companies to obtain consumers' opt-in consent in many circumstances -- and California's recently enacted privacy law.

California's law, slated to take effect in 2020, will allow consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information. Soon after California passed the law, tech companies reportedly began pressing Congress to develop a federal privacy law that would trump individual state laws.

The NTIA says it hopes a new federal framework will result in a less fragmented approach in the U.S.

"A growing number of foreign countries, and some U.S. states, have articulated distinct visions for how to address privacy concerns, leading to a nationally and globally fragmented regulatory landscape," the agency writes. "The Administration hopes to articulate a renewed vision, one that reduces fragmentation nationally and increases harmonization and interoperability nationally and globally."

Next story loading loading..