But even in the face of opposition, Strickling continued to maintain his view that the Obama plan "strikes the right balance between ... the need to innovate ... and addressing direct harms to consumers."
Strickling wasn't coy about the consequences of a failure, though, saying he understands that misuse and theft of personal data can cause financial risk and identity fraud. But there are harms "that go beyond financial," he said, harms that "are more difficult to quantify" because while they may not leave victims poorer, they leave them "filled with embarrassment ... surprised and shocked."
He said privacy regulations must be formed "in a way that will protect innovation" because to do otherwise would hurt the Internet economy.
Strickling reiterated the four-point plan of President Obama's privacy blueprint. First, Congress should take the initiative to codify the "Privacy Bill of Rights" included with the framework into an actual piece of legislation, preferably one with some form of penalties that gives enforcement authority to the Federal Trade Commission (FTC).
The framework's Bill of Rights language was based on d widely recognized privacy principles that can be sourced back as far as the 1970s, he said, calling it "a set of values that have stood the test of time ... and are shared in most countries around the world."
While the goal is for Congress to give them force of law, he said in the drafting process, the National Telecommunications and Information Administration (NTIA), which Strickling heads, was "very careful ... to avoid making them sound like regulation" that came from an administrative process like that of the FTC or Federal Communications Commission. Enacting it into law wouldn't require a complicated bill, he said.
The second point would be to convene a multistakeholder process to determine specifics of how the principles embodied in the privacy Bill of Rights should be enforced absent legislation.
Third, NTIA wants the private sector to "take the lead" in developing "voluntary but enforceable codes of conduct" that could be enforced by the FTC under existing law.
The fourth and final goal will be for the privacy Bill of Rights, its enacting legislation, and the voluntary codes of conduct to be crafted in a way that makes the Obama privacy framework an internationally recognized jumping-off point for cooperation on Internet privacy.