Privacy groups call for ‘strong and resonant’ data law

Privacy and civil liberties advocates are calling for a tough federal law to protect people’s personal data.

“Americans now face a formidable commercial surveillance infrastructure over which they have little control,” organizations including the American Civil Liberties Union, Center for Digital Democracy and Consumer Federation of America said in comments submitted to the government on Tuesday. “Data collection and sharing is ubiquitous, invisible, intrusive and largely unregulated.”

The organizations told the Commerce Department’s National Telecommunications and Information Administration (NTIA) that the country needs to enact a baseline privacy law “that implements a strong and resonant” privacy bill of rights, which would be “the single most effective way to answer the public’s call for basic online privacy rights, ensure trust in the online marketplace and create a level playing field for online businesses.”

The NTIA has asked for comments about how companies’ ability to analyze massive amounts of information — called “big data” — impacts people’s privacy, as well as a 2012 privacy framework released by the Obama administration. The NTIA's call came in response to a White House report on the issue, which urged President Obama to push new legislation in Congress.  

In their comments, the privacy groups said that the new law should be “consequential,” recognize the “significant and immediate” risks when databases of personal information are hacked and carve out special protections for information about people’s health, finances or other sensitive areas.

Tech companies also weighed in at the NTIA.

The Information Technology Industry Council, which represents giants like AOL, Microsoft and Google, called for focus to be paid on how data is used more than how it is collected. That would provide “a mechanism to enable organizations to fully consider the privacy issues involved in decisions about data,” the trade group said.

The group also called for companies to be held accountable for their privacy commitments and urged the administration to strongly push for a national law outlining how firms need to notify consumers after a data breach.