Note the Commerce Department didn't call for legislation or any Do Not Track rules.
The Commerce Department also recommended that companies adopt commercial data privacy framework so there's a baseline expectation for consumer trust and fill gaps in existing policies.
This framework would be modeled after Department of Homeland Security rules that govern the use of personally identifiable information. The key points include:
- Companies need to be transparent about data use.
- Organizations should seek individual consent to collect, use, disseminate and maintain their information.
- Companies should spell out how data will be used.
- Data minimization should be deployed.
- Companies should use personal data only for the use disclosed.
- Personal data should be secure, accurate and audited.
Of those aforementioned points, the transparency item stuck out. The Commerce Department called for the end of privacy statements that are too complicated to understand. The Feds said:
Here's how this framework and the PPO would work together:
The Commerce Department said that it's time for a more comprehensive privacy plan.
Privacy protections are crucial to maintaining the consumer trust that nurtures the Internet’s growth. Our laws and policies, backed by strong enforcement, provide effective commercial data privacy protections. The companies that run the digital economy have also shown a willingness to develop and abide by their own best practices. As we entrust more personal information to third parties, however, we can strengthen both parts of this framework.