Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
The White House has released a draft of the Consumer Privacy Bill of Rights Act of 2015. It outlines the steps companies need to take to tell people what data they’re collecting and what they’re doing with that information. It also suggests data opt-out options for identifying details like email addresses and passport numbers. The bill also mandates that companies give people information about how they store the data they collect, for how long, and how consumers can view those details.
Here are some of the key points:
- Employee data is excluded from these disclosure requirements, as is information collected to fend off a cybersecurity threat.
- Companies must give people information for who they can contact at the organization regarding any privacy questions.
- If a person withdraws his or her consent for data collection, the company has 45 days to delete the specific information on the user.
- Companies need to thoughtfully design their privacy notifications for users, considering everything from the size of the device displaying the notification to the timing when these notices appear.
- Companies must delete user data after it has fulfilled its purpose.
- Smaller businesses which have five or fewer employees are exempt from these requirements.
There’s plenty more to parse in the 24-page document, which is chock-full of words like “clear” “transparent” and “individual control.” Some politicians have already spoken out against the draft, saying it puts consumers at risk by lessening, not increasing their protections. The Hill reported that one Democratic official argued that the White House’s bill takes away some of the Federal Trade Commission’s power to prosecute companies that abuse consumer data.
This is an early draft that will go through several revisions before being voted on by the House and Senate. If passed, it will hold tech companies accountable for the way they treat consumer privacy. The FTC, state attorney generals, and people who use the technology will have the power to bring civil suit against those organizations that violate the bill.