The Commerce Department today edged toward endorsing new federal laws regulating companies' data collection practices and requiring that customers be notified of data breaches.
In an 88-page report (PDF), the department also suggested rewriting a 1986 privacy law to address "privacy protection in cloud computing and location-based services," but didn't offer any details. That broad approach is backed by tech companies including Google, Microsoft, AT&T, and eBay, but is likely to be opposed by the Justice Department.
All of these ideas have been advanced before, of course: California's data breach notification law took effect more than seven years ago, and a pair of House of Representatives committees approved similar legislation back in 2006. No fewer than 46 states, plus the District of Columbia and Puerto Rico, have followed California's lead.
The Federal Trade Commission released its own 122-page report on these topics only two weeks ago--it, too, served up a generally similar set of recommendations, including that consumers should have "reasonable access to the data that companies maintain about them."
Officially, today's Commerce Department report is the public product of a task force that Secretary Gary Locke convened in April. Unofficially, it marks a turf battle with the FTC over which agency will emerge as a leader on this topic, especially at a time when privacy concerns on Capitol Hill are growing after flaps this year involving Facebook, personal data collection, and behavioral advertising.
"The Department of Commerce is uniquely positioned," the report argues, "to provide continued leadership and to work with others inside and outside government to consider a new framework."
It also appears to mark a change from a historically laissez-faire approach. Ever since the days of the Clinton administration, executive branch agencies have generally not pushed for new regulations targeting private companies.
Now at least one executive branch agency--today's report is carefully couched as suggestions that "the administration should review" certain areas, meaning other agencies may have different ideas--is veering in a different direction. (The department stresses that its "green paper does not express a commitment to specific policy proposals.")
"Industry self-regulation has largely failed," said Sen. Jay Rockefeller (D-WV), chairman of the Senate Commerce Committee. "And I hope that the Department of Commerce in its final report will reach the conclusion that legislation is necessary to protect consumers."
The Center for Democracy and Technology's Justin Brookman said in a statement that today's report "lays out a creative and flexible approach," which should be followed by Congress enacting "a baseline consumer privacy law."