The ad industry is urging the Commerce Department to scrutinize new privacy laws in California and the EU as part of an initiative to develop a new framework for online privacy.
“We encourage the NTIA to address the emerging fragmentation in state privacy laws,” the Association of National Advertisers, American Association of Advertising Agencies, American Advertising Federation, Interactive Advertising Bureau and other industry groups write in a letter submitted Friday. “If inconsistent approaches at the state and local level are not harmonized, such laws will create patchwork regulation of the Internet that consumers will not understand and that will not serve their interests.”
Their letter comes in response to the NTIA's call for comments about potential approaches to online privacy. The agency said in September it wants to move away from the current notice-and-choice framework -- which often involves presenting people with lengthy privacy policies and allowing them to opt out of certain uses of their data -- to a so-called "risk-based approach."
The ad groups say they support a “risk management” approach that they believe would differ from the new laws in California and Europe.
California recently enacted a privacy law that will allow consumers to learn what personal information about them is held by businesses, and to opt out of the sale of that information. That measure won't take effect until 2020.
In the EU, the General Data Protection Regulation requires ad companies to obtain consumers' opt-in consent in many circumstances.
The ad groups write that their proposed framework involves different requirements for different types of information, as opposed to a “one-size-fits-all privacy standard for every piece of data or for every kind of data practice regardless of risk, context, or the sensitivity of the data.”
In addition, they say the Federal Trade Commission should enforce the privacy principles as a “single national standard” that would override state laws.
FTC staff previously endorsed the idea that ad companies obtain consumers' explicit consent before drawing on their "sensitive" data -- but also said that type of data could include search queries, email messages, social media posts, and titles of books read or movies viewed.
The ANA also argues in separate comments that the NTIA should say some uses of data are “per se” reasonable, and others “per se” unreasonable.
Included among the proposed per se reasonable is collecting “non-sensitive” data for ad purposes. “Such advertising practices benefit consumers, are non-harmful, and enjoy longstanding First Amendment protections,” the ANA writes.