Consumer Privacy Bill of Rights

On Thursday, the White House announced a set of principles designed to protect consumers’ online privacy. I am pleased that the President is supporting such an effort - including a number of consumer protection measures I've proposed and worked to achieve - and I look forward to working with the White House and my colleagues in Congress to pass comprehensive privacy legislation.

The President’s Consumer Privacy Bill of Rights includes the following principles:

  • The right to control how one’s data is collected and used;
  • The right to understandable information about companies’ privacy and security practices;
  • An expectation that companies will collect and use consumer information in ways that are respectful of the context in which consumers provide the data;
  • The right to secure and responsible handling of personal data;
  • The right to access and correct one’s data;
  • The right to reasonable limits on companies’ collection and retention of personal data; and
  • The right to have one’s personal information handled by companies with appropriate measures in place to assure adherence to the Consumer Privacy Bill of Rights.

Several bills that have been introduced this Congress would fulfill these principles. My Personal Data Protection and Breach Accountability Act, for example, would require companies that handle consumers’ personal information to safeguard that information or face penalties. It would also require companies to implement practices that minimize the amount of personal data that is collected and retained. The Do-Not-Track Online Act, which I’ve cosponsored, would allow consumers to specify whether they wish to have their personal information collected online. 

Consumers have a fundamental right to protect their privacy online. We have seen far too many instances of companies misdeeds, whether by failing to safely handle or dispose of sensitive personal information, secretly collecting and selling consumers’ information, or employing misleading or deceptive privacy practices that prevent a consumer from fully understanding whether or how his data isbeing collected.

I applaud the President’s call for action to protect consumers’ online privacy. I also applaud the companies that have promised to work with the President, Congress, and consumer advocates to adopt best practices for online privacy. However, I believe that voluntary compliance is not sufficient to protect consumers. That’s why I am heartened that the President has called for Federal Trade Commission enforcement of companies’ commitments to privacy. I also believe that enforcement by individuals, that is the consumers themselves, is necessary to ensure compliance by companies.