Consumer's Privacy Bill of Rights
Abstract
This research aims at conducting a literature review of the Consumer's Privacy Bill of Rights while comparing and contrasting it with the existing legislation. The literature review involves the analysis of the principles on which the Bill is based and the existing legislation on consumer personal data control and privacy. The lesson highlighted in the findings involves the understanding of the Bill is an important step towards ensuring consumers have control over the collection, accuracy, and use of their personal data. The study recommends that future research should focus on how legal and social consensus on privacy values can ensure that commercial values are not curtailed by legal frameworks.
Introduction
The introduction of the Consumer Privacy Bill of Rights was aimed at providing consumers with more privacy by allowing them to control the kind of personal information that firms collected and share and the data to be used. The Bill was grounded on the existing Fair Information Practice Principles (FIPPs) and sought to safeguard consumer's personal data against risks resulting from pervasive collection and usage. There are some regulating policies that existed at the time including Fair Credit Reporting Act (FCRA and Health Insurance Portability and Accountability Act (HIPAA); but the policies were not sufficient in allowing consumers access to information and correct inaccuracies. The aforesaid principles could only ensure consumers have control over their information after they are enacted into law to compel firms to abide by them.
Literature review
The Obama Administration introduced the Consumer Privacy Bill of Rights blueprint with an aim of providing personal privacy in the age of digital platform. The intention of the plan was to provide consumers with the ability to control the kind of personal details or information firms gathered from them and how the ways in which the data could be used. The plan was based on the existing Fair Information Practice Principles (FIPPs), a framework on which the 1974 Privacy Act was founded. The Obama administration wanted to advance the FIPPs so that they could be put into law (Dwork et al. n.d). Big Data Analytics provides important opportunities for scientific research advancement and uses in many other fields especially marketing field.The consumer information collected by companies provide a way of understanding their behavior and tailoring the services and products offered to the needs of the customers in the market (Whitehouse, 2012). However, there are various actual privacy risks that result from the ubiquitous gathering of personal information and the adoption of data analytic methods in business. Some of the major risks include re-identification attacks, inaccuracy in data usage or modeling, biased application of sensitive inferences, chilling effect on the behavior of individuals, increased government power over the public and breaching of data on a large-scale (Dwork et al. n.d).
The Privacy Bill of Rights plan sought to address these risks with some of the major principles including transparency, access, security, respect for information context and accountability poised to play huge roles in respect to big-data issues (Whitehouse, 2012). The transparency principle is important, and its augmentation has to expand beyond visibility into laws, to make it possible for individuals and regulators to check the actual flow and usage of personal information (Whitehouse, 2012). The respect for context code has to be implemented with a specific focus on developing and putting limits on the usage of this data more so in situations where limits on collection and consent are hard to attain. For every privacy risk in big data, the applicable principles found in the Bill provide guidance to come up with tangible responses to the risks in a way that offers clarity for persons and flexibility for applying data analytic (Whitehouse, 2012). Since the applications big data evolution has been rapid, the procedural facets of the Consumer Privacy Bill of Rights provide ways of promptly developing privacy approaches that are principle-based (Dwork et al. n.d). These act as codes of conduct that can be enforced, and are then implemented under the statutory authority already in existence.
In the Individual Control principle, the Consumer Privacy Bill of Rights moves the attention away from the normal notice-and-choice idea to a mechanism that is more flexible and vigorous. The plan aims to have contextual mechanisms for exercising choice while data is being collected so that the process honors the right scale, scope and even sensitivity of the information in question (Lane et al. 2014). The plan also aims to offer additional mechanisms for addressing the application of personal data after it has been collected. The call for individual control considers that the notice-and-choice principle is ineffective in an age where there is increased speed and varied of information collection, and thus, firms ask the consumers for consent frequently using devices that do not provide a suitable platform for deliberation on an informed consent (Lane et al. 2014). In addition, the individual control principle considers that the speed of data entails more sharing of information with third parties that do not have an established direct relationship with the consumer. The Bill seeks to depart from the "one-size-fits-all" notice and where consumers have to either let go of the control for the data or abandon the service (Dwork et al. n.d). The idea is to ensure that there is a fair value exchange between the businesses and consumers by providing consumers with better choices of the amount of information to share with the businesses in exchange for certain benefits or features.
The principle of transparency as per the Bill requires firms to inform the consumers the time and reason for collecting personal data so that individuals can protect their personal information from being misused. Since it is based on this principle, the Consumer's Privacy Bill of Rights allows the policy makers, consumer advocates, press, enforcement agencies, and even the public to take part in criticism and dialogue about the evolution of privacy practices of commercial firms (Brookman, 2015). The society can engage in important dialogue regarding the acceptable practices including those that are socially abnormal or illegal only it is aware of the real privacy practices. The requirement that firms provide details on how they utilize the collected information is weightier in the context of Big Data than the obligation for businesses to just disclose the kind of data they gather. The idea of Respect for Context is developed on the understanding that expecting consumers to read notices before making choices for each collection and usage of personal information is not sustainable. The Bill recognizes that firms may infer consent in some situations and that protection of privacy will depend on making sure that personal information will be used within the context in which it was provided (Nissenbaum, 2014). The principle of Security considers that using personal information has innate risks and thus, obligates the firms to assess such risks and take reasonable caution since lack of trust can limit economic growth driven by information. The principle of Access and Accuracy holds that firms have to ensure consumers are able to access personal data in a format that they can easily use. The chance to access and make a correction to personal information is necessary where the diverse range of firms utilize personal information in making decisions that have an impact on customers (Brookman, 2015). The principle of Focused Collection provides the consumers with the right to limit the information collected and retained by firms, and thus, considers that collection of data that has no apparent relation with the major use of a certain application presents unnecessary risks to consumers. The unnecessary information may lead to unwarranted intrusions into sensitive individual's life details. The accountability principle gives the consumer the right to have private information handles by firms with the right measures that ensure are in line with the Consumer Privacy Bill of Rights (Brookman, 2015).
The transparency principle in this Bill aligns with the existing Fair Credit Reporting Act (FCRA) which details how businesses can collect, give out and use consumer credit information. The FRCA allows individuals to have essential transparency rights providing them with knowledge about how their personal information is being used (Lane et al. 2014). It also gives them the right to have access to and correct such data, and thus, guaranteeing its accuracy. This is similar to the intended aim of the Consumer Privacy Bill of Rights of reducing the risk of making a decision about a person based on information that is inaccurate or incorrect. The high level of transparency is important to ensure that the consumers know their information being used is accurate or choose whether to exclude their data from uses they do not agree to. Another existing law is the Health Insurance Portability and Accountability Act (HIPAA) which also aims at serving the same purpose (Lane et al. 2014). The sectors or industries that are not covered by these laws do not provide consumers the right to have access to and make a correction on their personal data and the federal government hoped that the Consumer's Privacy Bill of Rights would go a long way in filling the gap.
In contrast, the Fair Information Practice Principles have been viewed as having become narrow and legalistic after being translated into law. They present a procedural method of maximizing personal control over information instead of personal and societal welfare and proved to be practically unsuccessful (Obar & Oeldorf-Hirsch, 2018). They have led to meaningless notices and burdened businesses with legal obligations and the attempt to enforce notices that are not read and thus becomes unreliable (Obar & Oeldorf-Hirsch, 2018). Hence, the Consumer Privacy Protection Principles represent efforts aimed at getting back meaningful dialogue regarding privacy regulation while upholding information flow's value in a market that is increasingly globally connected. The Bill would offer protection against categorizing consumers based on their intimate details such as health and family issues and financial hardships which can potentially bring about unfair treatment. Unlike the existing FIPPs, the Bill goes beyond the mere privacy of information. Other policies have been adopted by states attorneys general and Federal Trade Commission on online privacy but such were voluntary, while compliance was optional (King & Forder, 2016). The Consumers' Privacy Bills of Rights seeks to make the policies compulsory for all the companies using personal information.
Findings
In the research, I have learned that the Consumer Privacy Bill of Rights was proposed by the Obama administration with an aim of regulating the collection, sharing and using consumer information, especially by business organizations. Through the research, I have found out that were already existing policies safeguarding consumer personal information such as the Fair Credit Reporting Act (FCRA) and the Health Insurance Portability and Accountability Act (HIPAA). I understood the plan as having been grounded in the Fair Information Practice Principles (FIPPs) which include transparency, access, security, respect for information context and accountability. I have learned the major aim of the Bill was to have an Act that would ensure the implementation of these principles and make sure their application is compulsory to all the business organizations. I see this as a departure from the past policies especially the FIPPs that largely established standards on the collection, sharing and use of consumer personal data but failed to have tangible results in terms of safeguarding the public interests. I have found out that the previous policies were inadequate since they did not provide legal guidelines on how firms should collect, share and use consumer personal information and did not allow them to know about the accuracy of such data or make corrections where necessary. I find the Bill to be an important step towards ensuring that the privacy of the members of the society is safeguarded since the sharing of personal information in this digital age comes with safety and privacy risks.
Recommendations
This research basically focused on relevance and implementation of the Consumer's Privacy Bill of Rights in the society while comparing and contrasting it with existing regulations. It is necessary for the market economy to support the sharing of personal information by consumers for transactions to occur smoothly. This involves various privacy challenges. Hence, future research should focus on how legal and social consensus on privacy values can ensure that commercial values are not curtailed by legal frameworks in an age where there is a rapid speed of extensive data analysis.
Conclusions
The Consumer Privacy Bill of Rights was a plan through which the federal government sought to provide consumers with more privacy by allowing them to control the kind of personal information that firms collected and share and the personal data to be used. The Bill was founded on Fair Information Practice Principles (FIPPs) that were just established standards but could not oblige firms to allow consumers control over their personal information. The Bill was an important step towards safeguarding the privacy of society members and it aligns with the intentions of already existing policies and laws.
References
Whitehouse, (2012).We can’t wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online. Retrieved from:Dwork, C., Kerry, C., Pentland, S., & Vadhan, S. (n.d). Consumer Privacy Bill of Rights and Big Data: Response to White House Office of Science and Technology Policy Request for Information.
Obar, J. A., & Oeldorf-Hirsch, A. (2018). The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication & Society, 1-20.
Lane, J., Stodden, V., Bender, S., & Nissenbaum, H. (Eds.). (2014). Privacy, big data, and the public good: Frameworks for engagement. Cambridge University Press.2-15
Nissenbaum, H. (2014). Respect for context as a benchmark for privacy online: What it is and isn’t. Cahier de prospective, 19.
Brookman, J. (2015). Protecting privacy in an era of weakening regulation. Harv. L. & Pol'y Rev., 9, 355.
King, N. J., & Forder, J. (2016). Data analytics and consumer profiling: Finding appropriate privacy principles for discovered data. Computer Law & Security Review, 32(5), 696-714.