WASHINGTON — The Commerce Department is calling for the creation of a "privacy bill of rights" for Internet users to set ground rules for companies that collect consumer data online and use that information for marketing and other purposes.
The proposal, outlined in a report Thursday, is intended to address growing unease about the vast amounts of personal information that companies are scooping up on the Internet – from Web browsing habits to smart phone locations to Facebook preferences. That data is often mined to target advertising.
The new report is intended to guide lawmakers, industry and a White House group looking at the issues surrounding Internet privacy.
It comes two weeks after the Federal Trade Commission recommended the creation of a "Do Not Track" tool to let consumers stop or restrict advertisers from studying their online activity – including the websites they visit, the links they click, their Internet searches and their online purchases – in order to target ads.
The Commerce Department report proposes the creation of a broad framework for industry behavior to ensure that companies give consumers clear notice about what personal data they are collecting and exactly how they are using it.
It would require companies to give consumers the opportunity to "opt out" of, or decline, some or all of that data collection and to correct errors in the information. And it would set clearer limits on the use of this information and require companies to secure the data they gather.
These so-called "fair information principles" would require congressional action to become binding. At least one key lawmaker, Senate Commerce Committee Chairman John D. Rockefeller, D-W.Va., said Thursday that he supports such legislation.
The Commerce Department report also envisions specific codes of conduct for particular types of companies, such as social network sites; services that deliver location-based pitches to mobile devices; and Web publishers and marketers that target ads based on a consumer's online behavior.
Those codes of conduct would be voluntary, but enforceable. The FTC could take actions against companies that commit to abide by them and then don't comply.
In what could become one of the more controversial elements of the Commerce Department proposal, the codes would be developed by Internet advertising networks, Web publishers and marketers, social networking sites and other online services, as well as government officials, consumer groups, privacy watchdogs and others concerned about Internet privacy.
The report recommends the formation of a federal privacy office inside the Commerce Department to bring these stakeholders together to hammer out the new codes of conduct.
While the proposal to create such an office signals that the Obama administration is elevating the importance of Internet privacy, the decision to place it inside Commerce has alarmed some privacy watchdogs.
They complain that the department is more concerned about protecting corporate interests, than consumer needs – as evidenced by its willingness to let the industry help write the new rules.
"Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse," said Jeff Chester, executive director of the Center for Digital Democracy, a privacy group.
Meanwhile, the Interactive Advertising Bureau, which represents the online advertising business, praised the new Commerce Department report for recognizing the importance of including the industry in developing rules to safeguard consumer privacy online. IAB added that the report validates the industry's own efforts at self-regulation.
The report, which has been approved by the White House, is intended to guide Internet companies and marketers as well as lawmakers and policy makers as they develop a new framework to safeguard consumer privacy on the Internet without stifling Internet commerce.
It also will inform the work of a subcommittee on privacy and Internet policy that was created inside the White House's National Science and Technology Council in October and shares the same goal.
"Consumers must trust the Internet in order for businesses to succeed online," Commerce Secretary Gary Locke said in a statement.
Commerce officials hope their report will also lay the groundwork for discussions with foreign governments to align global standards for acceptable industry behavior. The European Union, for one, has said it plans to update its privacy regulations to give consumers more control over their online data.
The Commerce Department report does not take a position on the FTC's Do Not Track proposal, which is at the center of a debate over how to give consumers more control over their online information. The tool would most likely take the form of a browser setting that would let consumers signal to websites that they do not want to be tracked or want only limited tracking.
Although privacy watchdogs have welcomed the FTC proposal, the online advertising industry has warned that allowing consumers to turn off all online tracking could have unintended consequences because tracking is used to deliver all sorts of personalized Web content – from sports scores to stock prices – and not just Internet ads.
Other recommendations in the Commerce Department report include establishing national standards on data breaches that would require companies to notify consumers in the event of a breach. Most states already have such laws, but those laws are often inconsistent.
The report also called for a review of the Electronic Communications Privacy Act, a 1986 law that extended wiretapping restrictions to e-mail messages and other data files, but is now considered out of date.