As featured in The Wall Street Journal, Money Magazine, and more!

Consumer Privacy Bill of Rights

This article was written by in Consumer. 9 comments.

Last week, the White House released a Consumer Privacy Bill of Rights. This isn’t a law or regulation, but a set of guidelines that could possibly underscore future actions by Congress and enforcement by the Federal Trade Commission. Private, personal information should be private and personal, but when consumers enroll for any type of service, the terms of use of those services often require signing away the rights to this information.

If, for example, you’d like to use Facebook to share photographs with your friends and see what they’ve been doing lately, you must agree to the service’s policies which include the service’s ability to keep your personal data on file and use it to deliver targeted ads and to track the other, non-Facebook websites you visit.

FacebookThe Consumer Privacy Bill of Rights aims to give consumers more control of their personal information. Some of the guidelines are common sense, and many companies already follow these guidelines or come close. Codifying these principles is a positive step towards making consumers aware of expectations for the companies they interact with every day, like social media websites, banks and other financial institutions, and retailers.

Here are the main points:

Consumers have a right to exercise control over what personal data companies collect from them and how they use it.

  • Companies should give consumers choices about how companies collect, use, and share personal data.
  • The ability to make these choices should be easy to use and easily accessible.
  • The ability to change these choices after initially selecting them should be just as easy to use and accessible.

Consumers have a right to easily understandable and accessible information about privacy and security practices.

  • Companies should clearly explain how personal information is collected and used internally and with third-parties.
  • Companies should clearly define the policy for deleting private customer data.

Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.

  • Companies should not provide consumers’ personal information to third parties who will use that information for a different than it was intended. For example, if I, as a Facebook user, “like” the band Pink Floyd, I shouldn’t begin receiving emails from advertising Pink Floyd albums.
  • Companies have a right to ask whether any particular customer would consent to this type of information sharing.

Consumers have a right to secure and responsible handling of personal data.

  • From the text of the Privacy Bill of Rights: “Companies should assess the privacy and security risks associated with their personal data practices and maintain reasonable safeguards to control risks such as loss; unauthorized access, use, destruction, or modification; and improper disclosure.”

Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.

  • Companies should ensure the data they collect is accurate and current.
  • Consumers should be able to review and correct stored information.
  • Consumers should be able to request stored information be deleted.

Consumers have a right to reasonable limits on the personal data that companies collect and retain.

  • Companies shouldn’t collect more information than necessary.
  • Companies should securely dispose of information when no longer needed.

Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

  • Consumers should expect companies to follow these guidelines.
  • Both companies and consumers should expect the employees of companies collecting users’ personal information to follow these guidelines.

Time, CNN

Published or updated February 27, 2012.

Email Email Print Print
About the author

Luke Landes is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about Luke Landes and follow him on Twitter. View all articles by .

{ 9 comments… read them below or add one }

avatar 1 Anonymous

Was this called the “anti-integration” act or the “anti-Google” act by any chance? How is any of this enforceable? And even if the idea is not to be enforceable, the language is so vague, and the Internet so vast, how can this ever make a real impact on how social media sites integrate their information? This looks like a lot of smoke to me.

Reply to this comment

avatar 2 Luke Landes

It’s not meant to be enforceable, as it’s not a regulation or law or Act. It’s a set of guiding principles that the White House is recommending to be used when creating or changing legislation, and that’s why it’s intentionally vague. It’s a set of “best practices.”

Reply to this comment

avatar 3 Anonymous

The key for me will be accessing data in a usable format and changing it. I’d like to get in the Facebook database and remove my birthday info and where I’ve lived. This is data I’ve long since removed but know they still have somewhere. Sadly, not likely to happen.

Reply to this comment

avatar 4 Anonymous

Thanks for sharing this information and helping your readers become more informed consumers!

Reply to this comment

avatar 5 wylerassociate

those are good principles in theory but this america and principles in theory are not followed by members of the government.

Reply to this comment

avatar 6 Anonymous

This just creeps me right out. So “big brother”esque. I am afraid to see what this world will be like 50 or 100 years from now…

Reply to this comment

avatar 7 Luke Landes

I don’t see consumer protection as big-brotheresque at all. The government’s ability to record citizens’ phone conversations without reasonable suspicion of illegal activity in the name of “anti-terrorism” would be big-brotheresque. This serves only to tip the balance of power between large corporations and citizens just a little bit back towards the consumer — already heavily unbalanced in favor of corporations.

Or maybe you were referring to corporations’ ability to keep tabs on their customers. I guess I’m not sure exactly what you meant; usually the concept of “Big Brother” refers to government powers, after George Orwell’s usage of the term.

Reply to this comment

avatar 8 Ceecee

“Should” and “Shouldn’t” seem to be the keywords in these suggestions. Short of a citizen’s revolt, I think these companies will do whatever boosts the bottom line.

Reply to this comment

avatar 9 Anonymous

You can’t get around the law of unintended consequences. Should these so-called “best practices” become legislation, which is apparently the ultimate aim, the companies that currently dominate the social network and data-mining for marketing fields will be effectively granted a semi-monopoly, since this kind of regulation raises the bar considerably for start-ups.

It would be funny, if it weren’t so tragic, that almost all “consumer protections” serve to consolidate market share in the biggest corporations, who can afford to maintain massive compliance and IT departments, at the same time that the people who promote these “consumer protections” complain loudly about the power of Big Business. The ultimate end will be a nation where Big Business and Big Government are joined at the hip, with individuals having fewer and fewer choices for opting out.

Reply to this comment

Leave a Comment

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.