USA: Draft of a "Commercial Privacy Bill of Rights"
Category: NachrichtenBy: M. Schröder - 2B Advice GmbH - the privacy benchmark
Clearly the willingness in the US to set out binding data protection rules is growing. Several draft bills seem to point this way. Most recently Sen. John Kerry presented a draft data protection law for business. The draft law, known as the "Commercial Privacy Bill of Rights Act" intends to create a comprehensive framework for data protection under the supervision of the Federal Trade Commission (FTC).
The preamble to the draft bill stresses that a fragmentary approach to data protection regulation should be avoided in the US. In contrast to the situation only a few years previously, technology now allows for the compilation of comprehensive profiles on individuals. People are often not aware of what is going on, since data collection often takes place covertly, especially online. Those affected only very rarely have information on who receives their data and for what purposes. That is why the time has come for binding information and transparency requirements for companies.
While the European Data Protection Directive does without a precise description of what constitutes 'personal data', section 3 of the draft bill provides for such a schedule. Also of interest is the fact that pursuant to section 3, subsection 4 lit. vii of the draft bill unique permanent IDs are to be classified as constituting personal data. These may include customer numbers in cookies, user IDs, processor serial numbers or other corresponding features. Should the draft bill be passed, this will constitute definitive regulation with significant ramifications for the internet.
The draft bill envisages the FTC drawing up rules for the safety of personal data. The draft bill leaves it up to the FTC whether or not to enact specific measures (section 102). The draft bill would require companies to inform individuals concerned about the collection, processing and in particular about the forwarding of their personal data. This information would also have to be easily accessible for the individuals concerned. The FTC would have to develop a procedure which would provide those concerned with an easy opportunity to object to data processing (opt-out).
European observers are likely to be puzzled that the draft bill in section 406 explicitly excludes the possibility of individuals concerned launching proceedings against companies themselves. The individuals concerned would thus have to rely on the institutions entrusted with the regulation of personal data processing fulfilling their duties of supervision and imposing sanctions against companies which violate data protection law.
Sources:
www.mediapost.com/publications/
www.hldataprotection.com/uploads/file/KerryDraft%281%29.pdf
(1200 times viewed)