White House Privacy Proposal Sets Stage for Web Regulation

Yesterday, the White House released a framework for online consumer privacy with the aim of enacting federal standards. While the report rightly does not make an outright call for heavy regulation, it does set the stage for federal action – whether legislatively or through agencies – that could create burdens on web companies and fundamentally upend the way consumers use the Internet today.

Last year, at least six different privacy-related bills were introduced in Congress, all with varying degrees of heavy-handedness. At the same time, the Federal Trade Commission’s consumer privacy proceeding largely stalled, but paved the way for a larger discussion for an onerous, top-down, and largely unworkable “Do Not Track” federal law.

The White House framework restarts the debate by calling for a “Consumer Privacy Bill of Rights” that is based on European standards for online data collection. This includes laws giving Internet users control over what personal information is collected about them, how it is used, and how it can be altered or corrected. A multi-stakeholder process would eventually lead to recommendations that – as the White House hopes – could be sent through Congress and signed into law.

Companies are already taking “self-regulatory” steps to protect consumer privacy. At the same time the White House unleashed its report, web giants dominating the browser market were announcing new “No Track” features. Retaining the trust of web users is critical for a web company to succeed, and in that sense the market already has a mechanism for consumer protection. Investigative reporting on the methods for collecting data, such as Google’s recent creative use of cookies to track Apple iPhone users, prompts natural backlash and creates checks-and-balances between consumers and business. While the process outlined by the White House could build off a self-regulatory model, it could also invite privacy extremists seeking to regulate some web companies out of existence into the room.

Ultimately, the best tool for protecting privacy online is the consumer. Consumers already have the ability to stop tracking by disabling cookies, using ad-blocking software, reading privacy policies, and avoiding certain services or companies. Organizations, such as the Family Online Safety Institute, provide help for users to better understand web responsibility. The Internet is a two way street. Being a “web citizen” means taking responsibility for how you choose to use the web and share your information. A “right to be forgotten” law, for example, dissolves consumer responsibility, while taking with it a variety of services on the market today.

Upending a digital world where services carry a $0 price tag (Gmail, Facebook, etc.) in the name of protecting privacy means that companies will not be able to rely on user data for revenue. This translates to less online innovation, consumers having to pay for services, and more.

There are two sides to privacy: what information do companies whose services I use know about me and what information does government know about me. Unfortunately, while the White House appears dedicated to regulating companies, it appears equally dismissive of tying its own hands to protect our privacy.

While a “Consumer Privacy Bill of Rights” would constitute a complete new set of laws about how companies collect and use our information, the 4th Amendment already exists for how government uses our information. The problem is that the law surrounding the Fourth Amendment is woefully out of date. For example, the state largely does not require a warrant to collect our GPS location information on our cell phones, skim through our emails stored with third parties like Gmail or Hotmail, or view files stored in the cloud with companies like Dropbox.

Legislation has already been introduced to update 4th Amendment rights for the online world, and this year’s ruling in U.S. v. Jones prompted at least one U.S. Supreme Court Justice to agree that the law is out-of-date. It’s simply unfortunate the White House doesn’t feel government should be restrained by privacy laws that it’d like to shackle on web companies.