michael gurstein gurstein
Wed Apr 11 08:21:21 EEST 2012

I thought that this might be of interest.
 -----Original Message-----
From: Erik Cecil
Sent: Tuesday, April 10, 2012 9:56 PM

Speaking of leading the way, in preparing for an upcoming webinar on privacy compliance I came across two documents that may be of great interest: 
One is a recent White House publication on "Consumer Data Privacy in a Networked World" http://www.whitehouse.gov/sites/default/files/privacy-final.pdf and the other a recent FTC publication "Protecting Consumer Privacy in an Era of Rapid Change"  http://www.ftc.gov/os/2012/03/120326privacyreport.pdf)

The White House document sets forth much of what we've discussed here and I think provides a springboard for further exploration. It outlines what a Consumer Privacy Bill of Rights might look like:

"The Consumer Privacy Bill of Rights applies comprehensive, globally recognized Fair Information Practice Principles (FIPPs) to the interactive and highly interconnected environment in which  we live and work today. Specifically, it provides (and perhaps begins to address issues JP noted including "data asymmetry" and others, such as consumer empowerment - i.e. a world where there is more even balancing of information rights as Doc is beginning to address with VRM (and his new book) for:

? Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.  

- Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.

? Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.

? Security: Consumers have a right to secure and responsible handling of personal data.

? Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.

? Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.

? Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

The White House and FTC documents also propose a multi-stakeholder process of negotiation in order to ensure that all affected can reasonably participate in the conversation.  That said, because few individual consumers make their individual paychecks handling privacy or through data or are in a position to advocate with the level of skill, money, etc. that larger organizations bring to bear, it is up to government to represent the wider will of the people and the public interest.  Accordingly, I'll offer that in the background of all that we have been discussing, this may be a reasonable start.   

One last point, I think that has been lost in all of this, and one I'd like to personally emphasize:  As I noted along the way in various comments, unless and until the right of the individual is recognized and protected in reasonable, practical and meaningful ways, what we risk losing is individual trust in the entire system of government and of business.  That trust is the underpinning of the economy.  It may not be measurable, but it is real and we know this from recent and historical experience around the globe.

I also think both documents make a good case for the market opportunities that exist in giving users greater control - this is what people desire (and I think related to points Paul and Sara have been making).  Whether perceived or real, there is great value and great money to be had in using networked intelligence to empower individuals.   

It seems to me that information / data may be a commodity, but it is trust that makes markets function and grow.

As a result, if the Internet teaches us anything, it teaches us we're all in the sandbox together.

Kind regards,


Erik J. Cecil, Esq.
SourceLaw, PC
511 E. South Boulder Road
Suite C
Louisville, CO 80027
Tel: 720-319-7328 (fixed / mobile / web)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20120411/b351de98/attachment.htm>

More information about the IRP mailing list