NTIA Seeks Comment on Consumer Privacy Policy, But No Rulemaking Seen

Privacy issues

The Commerce Department’s National Telecommunications and Information Administration has issued a request for public comment “on ways to advance consumer privacy while protecting prosperity and innovation.”  The comment solicitation, NTIA indicated, is unlikely to lead to any rulemaking process at least in the near term.

The deadline for submitting comments will be approximately Oct. 26, depending on when the notice of the request is published in the Federal Register.

NTIA’s solicitation covers Trump administration’s “proposed approach” to advancing consumer privacy including a “set of user-centric privacy outcomes that underpin the protections that should be produced by any Federal actions on consumer-privacy policy,” along with a “set of high-level goals that describe the outlines of the ecosystem that should be created to provide those protections.”

The request for comment, NTIA said, does not call for creation of statutory standards, in part because “the Administration is approaching this subject with humility, an understanding of the complexity of the issues at hand, and a commitment to a transparent process.”

Rather, NTIA said it wants commenters “to respond with details as to how these privacy outcomes and goals can be achieved.”  Public comments, it said, “will help to inform future Administration policy, actions, and engagement on consumer privacy.”

On the first front–user-centric privacy outcomes–NTIA said the administration wants to focus on “outcomes of organizational practices, rather than dictating what those practices should be.”

“The desired outcome is a reasonably informed user, empowered to meaningfully express privacy preferences, as well as products and services that are inherently designed with appropriate privacy protections, particularly in business contexts in which relying on user intervention may be insufficient to manage privacy risks,” NTIA said.

NTIA’s request for comment largely comes down on the side of light regulation, if any at all, as the eventual goal of Trump administration policy.

“Protecting both privacy and innovation requires balancing flexibility with the need for legal clarity and strong consumer protections,” NTIA said. “Being overly prescriptive can result in compliance checklists that stymie innovative privacy solutions. In addition, a prescriptive approach does not necessarily provide measurable privacy benefits. An outcome-based approach emphasizes flexibility, consumer protection, and legal clarity can be achieved through mechanisms that focus on managing risk and minimizing harm to individuals arising from the collection, storage, use, and sharing of their information,” it said.

On the second front–high-level goals–NTIA asks for comment on what it said are a “non-exhaustive and non-prioritized list” of administration priorities including:  harmonizing the regulatory landscape; achieving “legal clarity while maintaining the flexibility to innovate”; comprehensive application of policy to all private sector organizations; employment of a “risk and outcome-based approach” instead of “creating a compliance model that creates cumbersome red tape”; and reserving any enforcement authority for the Federal Trade Commission.

NTIA’s solicitation comes amid growing congressional interest in consumer privacy issues that have led organizations including Google, the Internet Association, and the U.S. Chamber of Commerce to publicize their policy wish-lists for any privacy-related legislation that may emerge.  In addition, the National Institute of Standards and Technology (NIST) said earlier this month it is working on what it called a voluntary privacy framework that will attempt to balance privacy risks and protections.

Recent