Photo: Thomas Trutschel/Photothek via Getty Images
A leading tech lobbying group in Washington Monday introduced a plan for regulations to protect user privacy online, becoming the latest player to try to shape new legislation that the industry sees as increasingly likely.
The big picture: Lawmakers in Washington — spurred on by new rules enacted in Europe and California — are trying to craft their own privacy legislation. Industry groups are laying out their own guidelines for policymakers as they look to shape the debate.
Details: The framework from ITI, whose members include Google and Facebook, is designed to guide policymakers in the U.S. and around the world as they weigh concerns about data privacy online, said ITI president Dean Garfield.
- It suggests that consumers should have to opt in to the use of their sensitive data, which it defines as “personal data consisting of ethnic origin, political affiliation, religious or philosophical belief, trade union membership, genetic data, biometric data, health data, sexual orientation, certain data of known minors, and precise geolocation data," except in cases where "such use is necessary based on the context or otherwise permitted under applicable law."
- The restriction wouldn’t apply to data that used an artificial identifier and was protected or that was fully anonymous. Garfield said he hopes that would push the industry to make such anonymization a standard practice.
- "Individuals should have the right to exercise control over the use of their personal data where reasonable to the context surrounding the use of personal data," the document says, saying that these "individual control rights, consistent with the rights and legal obligations of other stakeholders, include the right to access, correct, port, delete, consent, and object to the use of personal data about themselves."
The document also offers guidance in other areas, including how companies should manage risks to privacy and allow customers to move their data to other platforms.
- Garfield said the organization embraced the ideas of greater federal rulemaking in the privacy arena. Right now, the Federal Trade Commission isn’t able to set regulations in the same way that many other agencies can, including the Federal Communications Commission.
- He said ITI supports providing more resources for the FTC, as well.
What they’re saying: “We go deeper than any of the other [privacy proposals] that have been developed to date," Garfield said.
- He said the trade association had held “dozens” of meetings with outside groups and policymakers as it developed the document, and said that experts at some of the organization’s member companies had been central to the process.
What’s next? Key lawmakers have indicated they are interested in exploring privacy legislation during the next congressional session, with some urgency driven by California's privacy law, which goes into effect in 2020.
- Big Tech prepares for privacy rules
- Tech companies want privacy rules, but on their own terms
- Americans don't trust tech companies on data privacy
Editor's note: This piece was clarified to better define the FTC’s current rulemaking authority and how the restriction on opt-in consent doesn't apply to pseudonymous data.