Consumer Privacy Bill of Rights: Notes on the NTIA’s Privacy Multi-stakeholder Meetings in 2012

NTIA multi stakeholder mobile application transparency privacyThe National Telecommunications and Information Administration (NTIA) has been holding regular meetings around mobile app privacy this year that could help shape how personal data is handled in mobile applications in the United States.

John Verdi (@johnverdi) is the Director of Privacy Initiatives at the NTIA and has been blogging about activities at the meetings. In his August 1st, 2012 post, he describes the July multi-stakeholder meeting as a step toward implementing the Consumer Privacy Bill of Rights.

This Bill of Rights is something to keep your eyes on. It was first proposed by the Obama Administration as part of a paper with the lengthy title “Consumer Data Privacy In a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” Gliph is hosting a copy you can download here [.pdf].

In the introduction, Barack Obama quotes Justice Louis Brandeis’ dissenting opinion in Olmstead v. United States which is Americans’ “right to be let alone.” Though he counters, “…privacy is about much more than just solitude or secrecy.”

The rights advanced in the paper cover the following (bulleted paragraphs are quoted from the paper):

  • Individual Control – Consumers have a right to exercise control over what personal data companies collect from them and how they use it. 
  • Transparency – Consumers have a right to easily understandable and accessible information about privacy and security practices.
  • Respect for Context – Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security – Consumers have a right to secure and responsible handling of personal data.
  • Access and Accuracy – Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  • Focused Collection – Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability – Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

The paper was released with the Consumer Privacy Bill of Rights in February of 2012, just weeks after the Path Address Book controversy. Meetings have been happening in Washington DC with participation in-person and remotely from ‘stakeholders’ from industry, consumer groups, government academia and the technical community.

The NTIA’s meetings have helped bring attention to previous efforts such as those from the Future of Privacy Forum’s guide to Transparency [.pdf]. They’ve also shed greater light on recent research around consumer privacy, including University of Pennsylvania Professor Joseph (@JoeProf) Turow’s presentation on The Non-Transparency of Key Online Words [.pdf].

In the deck, Turow makes the observation that “Marketers are using words and actions aimed at calming publics over privacy but that actually change the words’ meanings.” Also, that the targeting of online ads could possibly lead to “increasing social tensions and distrust of institutions (including government) around the issue of who is ‘target’ and who ‘waste.'”

The NTIA meetings are being held in public and are the focused effort of the NTIA’s Office of Policy Analysis and Development (OPAD). You can keep up on the schedule, meeting documents and more by watching the privacy tag on the NTIA website.