Saper Law explains the Consumer Privacy Bill of Rights

Saper Law clients, like most companies, depend on their website to generate revenue.  They also utilize their website to collect private client information or, inevitably, gain access to private client information (like credit card numbers) through the sales process.

Responsible business owners ask their attorneys to craft privacy policies to ensure that their customers are apprised of the collection of any personal information. The problem, however, is that there are no uniform privacy rules.  Attorneys need to consult a slew of Federal and State laws to ensure privacy laws are not being violated.

To solve this problem, the Obama Administration recently issued the Consumer Privacy Bill of Rights on February 23, 2012.

Read Saper Law’s explanation of the Consumer Privacy Bill of Rights below:


Online retail sales in the United States total $145 billion annually and there were 845 million active Facebook users as of December of 2011. The result is an abundance of data being analyzed and shared across services and third parties. Much of the personal data used on the Internet, however, is not subject to comprehensive Federal statutory protection, because most Federal data privacy statutes apply only to specific sectors, such as healthcare, education, communications, and financial services. Inconsistent privacy protection can lead to the violation of individual rights, discrimination, and identity theft estimated to cause economic losses of more than $15 billion in a single year. The White House report Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy seeks to prevent these injuries by filling the gaps in consumer privacy protection and clarifying how companies collect and use personal information.

The Report

The report contains a Consumer Privacy Bill of Rights including individual control, transparency, respect for context, security, access and accuracy, focused collection and accountability. Both public and private sector participants—companies, trade groups, privacy advocates, academics, State Attorneys General, Federal civil and criminal law enforcement representatives, and international partners— will define how the bill’s principles are translated into real standards through a multi-stakeholder process. The resulting guidelines may be passed into law by Congress, or in the absence of Federal legislation, be a voluntarily adopted code of conduct enforced by the Federal Trade Commission.

The Debate

Supporters of the bill are optimistic that transparency and consistency will increase consumer trust and ensure the Internet remains a platform for innovation and economic growth. Most notably, companies that represent the delivery of nearly 90 percent of online behavioral advertisements, including Google, Yahoo!, Microsoft, and AOL have agreed to comply when consumers choose to control online tracking via a Do Not Track option.

Others doubt whether the bill will have enough of an impact to reach the desired goals, either as a voluntary measure or once made into law. Concern is raised over the influence of companies like Google, Microsoft, Yahoo!, and Facebook in potentially watering down the rules through the multi-stakeholder process. Inevitably, companies will have difficulty determining how to comply given that the bill will not implement an exact template for privacy standards. Additionally, skepticism looms over the Federal Trade Commission’s ability to enforce the bill due in part to its limited action against Do Not Call violators.

Both sides agree the bill serves as a message from the current administration and sheds light on the growing need for online data protection.

Impact on Your Business

Because the bill serves only as a blueprint for a future code of conduct, it is unclear how the potential legislation will affect our clients’ endeavors. As outlined in the report, the rights require that companies provide clear descriptions of what personal data they collect, why they need the data, how they will use it, when they will delete the data or de-identify it from consumers. Businesses could have to face the choice of adopting FTC regulations and facing enforcement measures, or refraining from participating and potentially losing customers due to lack of trust.

The bill also indicates that when a company wants to use personal data for purposes inconsistent with the context in which consumers provide the data, such as sharing with third parties, it must first ask and provide heightened measures of transparency and individual choice. For many clients, this has potential to harm the advertising business model of selling analytics if large numbers of consumers opt-out of tracking. Additionally, the bill requires companies to safeguard consumer information using reasonable measures. In the event of a data breach, how courts will define the standard and find fault is sure to be an area of contention. As the multi-stakeholder process progresses it will be exceedingly important for companies to clarify their data collection processes and comply with industry expectations.

Contact Saper Law at 312.527.4100 or if you have specific questions about the Consumer Privacy Bill of Rights, privacy policies, terms of use, or doing business online.