July 7, 2020

Volume X, Number 189

July 06, 2020

Subscribe to Latest Legal News and Analysis

NTIA Seeks Comment on Federal Consumer Data Privacy Approach

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Notice seeking comments on a proposed federal consumer data privacy approach. In a parallel effort, the Commerce Department’s National Institute of Standards and Technology is developing a voluntary privacy framework to help organizations manage risk.

The NTIA seeks comment on a number of possible principles:

• Organizations should be transparent about how they collect, use, share, and store users’ personal information.
• Users should be able to exercise control over the personal information they provide to organizations.
• The collection, use, storage and sharing of personal data should be reasonably minimized in a manner proportional to the scope of privacy risks.
• Organizations should employ security safeguards to protect the data that they collect, store, use, or share.
• Users should be able to reasonably access and correct personal data they have provided.
• Organizations should take steps to manage the risk of disclosure or harmful uses of personal data.
• Organizations should be accountable for the use of personal data that has been collected, maintained or used by its systems.

In addition, the NTIA seeks feedback on the following high-level goals for federal action which is “non-exhaustive and non-prioritized list of the Administrations’ priorities”:

• Harmonize the regulatory landscape
• Provide legal clarity while maintaining the flexibility to innovate
• Comprehensive application
• Employ a risk and outcome-based approach
• Maintain and enhance Interoperability
• Provide incentives for privacy research
• FTC enforcement
• Scalability

Finally, the NTIA Notice seeks feedback on a range of high level issues, including whether there are additional goal or risks that the agency failed to identify, the appropriate mechanisms deploying the articulated goals, such as via Executive Order or some other manner, and whether given that the FTC is the primary privacy enforcement agency, whether it has the appropriate statutory authority.
Comments on the NTIA Notice are due October 26, 2018.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume VIII, Number 275


About this Author

Katherine Armstrong, Drinker Biddle Law Firm, Washington DC, Data Privacy Attorney

Katherine E. Armstrong is counsel in the firm’s Government & Regulatory Affairs Practice Group where she focuses her practice on data privacy issues, including law enforcement investigations, and research and analysis of big data information practices including data broker issues.

Katherine has more than 30 years of consumer protection experience at the Federal Trade Commission (FTC), where she served in a variety of roles, including most recently as a Senior Attorney in the Division of Privacy and Identity Protection.  In the Division of...