The Department of Commerce has proposed the adoption of a set of principles that the agency says will be comparable to a consumer online privacy "Bill of Rights," recognized by the United States government.

"America needs a robust privacy framework that preserves consumer trust in the evolving Internet economy while ensuring the Web remains a platform for innovation, jobs, and economic growth," declared Commerce Secretary Gary Locke in announcing the initiative. "Self-regulation without stronger enforcement is not enough. Consumers must trust the Internet in order for businesses to succeed online."

As Locke's comment suggests, this is a major initiative towards some kind of Federal oversight of online privacy practices. But the privacy items, yet to be specifically enumerated, won't actually be called anything as fun as the phrase used for the first ten amendments to our constitution.

Instead they'll be dubbed "Fair Information Practice Principles" (FIPPs), intended to promote "increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability."

The DoC's "green paper report" also recommends the creation of a Privacy Policy Office within the Department of Commerce. The PPO would work with the Federal Trade Commission in creating "voluntary but enforceable codes of conduct" for online content providers and social networking sites. They would adopt whichever code they thought appropriate to their service, but bottom line: it would be enforced by the FTC.

Adherence to the code would then provide companies with "safe harbor" protection against complaints about their online data collection practices, the paper recommends.

In addition to obligatory calls for more global cooperation, the document urges Congress to consider a Federal commercial data security breach notification (SBN) law, setting national standards for the protection of commercial information—rather than the hodgepodge of state laws currently in effect.

Bill of FIPPs

The FIPPs concept isn't something that the DoC just pulled out of its hat. It's rooted in the Privacy Act of 1974, which requires a code of fair information practices for federal agencies. As the Federal Trade Commission has interpreted the mandate, it incorporates five protocols: "(1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress."

The Department of Homeland Security has its own set of Privacy Act rules. They include the following.

Transparency: DHS should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of personally identifiable information (PII).

Individual Participation: DHS should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII. DHS should also provide mechanisms for appropriate access, correction, and redress regarding DHS's use of PII.

Purpose Specification: DHS should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used.

Data Minimization: DHS should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s).

Use Limitation: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the Department should be for a purpose compatible with the purpose for which the PII was collected.

So what the Federal government is in effect recommending is the extension of some version of its own internal privacy standards to the commercial Web.

"The FIPPs-based framework that we envision would allow companies to direct resources to the principles that matter most for protecting privacy in a particular technological, business, or social context," the green paper explains. "Establishment of a FIPPs-based framework could occur through action by industry, civil society, the Executive Branch, or Congress, and enforcement agencies can also help this framework take hold."

In other words, the possibility of the White House or Congress implementing this idea is now on the table. The Department of Commerce says it will seek public comment on the report.