Government Report Calls For Comprehensive Privacy Law

Consumers should have more information, control over personal data

A new report on consumer privacy from the Government Accountability Office concludes that there ought to be a comprehensive federal law governing the collection, use and sale of personal information by companies since there currently is none.

The just-released report on "information resellers" was requested in June 2011 by Sen. Jay Rockefeller (D-W.Va.), who last year launched an investigation into the privacy practices of data brokers. Earlier this year, Rockefeller, chairman of the commerce committee, reintroduced his Do Not Track Act. 

The report focuses primarily on the privacy issues related to consumer information used for marketing. Between August and September, the GAO reviewed the current laws, regulations and enforcement actions and talked to representatives from government, consumer and privacy groups, trade associations and data broker companies.

"Congress should consider strengthening the current consumer privacy framework to reflect the effects of changes in technology and the marketplace, particularly in relation to consumer data used for marketing purposes," the report said.

The GAO's conclusion echoes Administration reports released by the Commerce Department in February 2012 that called for a consumer privacy bill of rights, and the Federal Trade Commission's report a month later.

Specifically, the GAO recommended lawmakers consider giving consumers more information about what information is held about them, who holds it, and the ability to access, correct and control that information. A more comprehensive privacy law should also address privacy controls for new technologies, including online tracking and mobile.

Most of the privacy laws in the U.S. are tailored to specific sectors, like those governing online marketing to children or the use of medical and financial information. While the FTC has some authority to prohibit unfair or deceptive practices, the agency doesn't explicitly have the authority to protect privacy unless a company violates its own policies. Very few of the laws address new technologies.

Though the report mentioned the self-regulation programs of the Direct Marketing Association and the Digital Advertising Alliance, the GAO report adopted the view of the FTC's March 2012 report that concluded that self-regulation "had not gone far enough." The FTC opened its probe into data brokers at the end of last year and is expected to release its report from that investigation in early 2014.

To fight off potential legislation, the DMA launched the Data-Driven Marketing Institute and recently released a study quantifying data marketing's $156 billion contribution to the economy. 

In reacting to the GAO report, the DMA was diplomatic. "While we do not share the GAO's opinion … DMA was pleased to see that the report recognizes the important economic benefits that derive from the responsible use of consumer data, and the challenges involved in providing proper privacy safeguards without negatively impacting the benefits that consumers, businesses and society enjoy when innovation is fueled by the responsible sharing of data," said Peggy Hudson, the DMA's svp of government affairs. 

Recommended articles