Main Nav

Internet Privacy Legislation: What the White House, Federal Trade Commission, and the European Commission Are Recommending

On May 14, 2012, the Congressional Internet Caucus Advisory Committee sponsored the discussion, “New Internet Privacy Legislation: What the White House, Federal Trade Commission and the European Commission are Recommending.”   

Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection, Federal Trade Commission (FTC), presented an overview of the FTC’s Privacy Framework Report released in March.  She stressed that the Report should not be viewed as an alternative to the White House proposal, calling the two papers "complementary and consistent."  While the Administration's policy plan is more focused on implementation, the FTC report provides "a little more guidance" to industry, Mithal said. (See EDUCAUSE Policy blogs on February 23, 2012 and March 26, 2012 for full information on these reports when each was issued.)

Mithal addressed the FTC’s standard for protecting privacy that focuses on any information that can “reasonably be connected to a device or a person.”  The standard takes a broader view of what information is deserving of regulatory protection.  Previous rules and regulations focused on securing personally identifiable information such as names, Social Security numbers, and addresses.  Mithal said she is not concerned that a hazy definition of protected information could lead to a chilling effect on innovation, and she went on to say that industry, not the FTC, should be able to make the right calls. 

Following Ms. Mithal was a panel discussion on a variety of issues including: comprehensive privacy legislation in the U.S., the White House’s multi-stakeholder approach, data breach notification laws, industry codes of conduct, European Union (E.U.) attitudes towards the U.S. privacy framework, and the E.U.’s right to be forgotten.  The panelists included:

  • Justin Brookman, Director, Project on Consumer Privacy - Center for Democracy & Technology
  • Steve DelBianco, Executive Director, NetChoice
  • Rachel Thomas, Vice President, Government Affairs - Direct Marketing Association
  • Peter Swire, Professor of Law, Ohio State University
  • Christopher Wolf, Partner - Hogan Lovells (Moderator)

The panelists returned repeatedly to the pros and cons of self-regulation versus legislation.  There was sentiment among the group that the chance of some form of privacy legislation passing should not be discounted, but the question as to when was unanswered.

The panelists were also asked whether they thought the E.U. would ever recognize the adequacy of U.S. privacy laws unless the U.S. passes comprehensive privacy reform.  While some stated that the U.S. should not change practices merely to please the E.U., others felt that if the U.S. does not find an approach for interoperable privacy practices with Europe, then such companies may have greater reason to use E.U. law as their global default.

Audio of these talks can be found at:

EDUCAUSE will continue to monitor and report on this issue.