It’s been a difficult year for online privacy. Facebook changes its rules (again!) and Google completely overhauled its privacy policy. Now, the federal government wants to step in and create a Consumer Bill of Rights that companies will have to abide by in the future.
But just what would a “Consumer Bill of Rights” consist of exactly?  Would it be a document that would genuinely protect consumers or a collection of hot air statements lost in a barrage of legalese?  The White House is constructing the new Bill of Rights around six tenets, according to Mashable, so how can each one increase consumer protection?

The Tenets

“Transparency: Companies policies regarding security should be easily understandable to consumers.”
It’s hard to understand exactly how this would concretely change privacy policies. For example, Google’s new privacy policy is easy to read (though long) and consumers understand the changes. Facebook also claims its privacy policy is transparent, though that case is becoming harder and harder to make each day. Ultimately, it’s pretty easy for a company to argue that it is “transparent” unless they blatantly hide some of their activities from users.

“Respect for Context: Consumers should expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide such data.”
Media companies are making the notion of context increasingly irrelevant on the internet. For example, Google is integrating its data sharing and privacy policies across 60 different services.  Their argument is that by doing that they can integrate user preferences and better serve the consumer. But would most consumers agree that their late night searches are contextually relevant to and should impact what ads they see when they log onto their personal computer at work?  Likely not. Facebook is even trickier because users do so many different things using their same Facebook profile; how will a Bill of Rights ever determine what is contextually relevant in that case?

“Security: Personal data should be handled securely and responsibly.”
Every company tries to handle its data securely. But, this tenet could be relevant if it is used to stop major data collectors like Facebook from selling user information to certain types of companies. For example, debt collection companies would pay dearly for collective consumer information in the future. But would that be a secure transfer of data under the Consumer Bill of Rights?

“Access and Accuracy: Consumers should be able to access and correct personal data.”
This tenet is by far the most compelling and interesting. Up until now, data collecting companies have kept their consumer data secret because sharing it might reveal what they collect, how they collect it, and what kind of information they are looking for from consumer records. But if consumers had access to that data, their methods of collection would have to radically change. Of course, getting any of those companies to agree to let consumers manually sift through their data records will probably be impossible. If change is coming in this area, it will have to come from an Executive Order or a new federal law.

“Focused Collection: Data collection should be held within 'reasonable limits.'”
The idea of “reasonable limits” is broadly defined but this is likely a reaction to new allegations that Google tracked user data through their iPhones.  It may also affect how much search and purchase data can be collected and stored because that information gives companies an unsettlingly clear picture of individual consumer habits.  If there are concrete limits in the Bill of Rights defining what is reasonable, it could have a real impact.

"Accountability: Consumers have the right to have their personal data handled by companies and organizations that adhere to the Consumer Privacy Bill of Rights."
So, the question is: who will sign on to the Bill of Rights?  Will companies like Google and Facebook be explicitly forbidden from selling data to companies that don’t sign on to the agreement?  Presumably, seedier organizations, like debt collection agencies or data miners, would be reluctant to agree to a Consumer Bill of Rights.  If this tenet can effectively keep them out of the data equation, it could help protect consumers.

Going Forward

So what is the verdict?  The new Consumer Bill of Rights is intriguing but needs serious work to be an effective tool for consumer protection.  In particular, “secure handling” and “reasonable limits” need to be more narrowly defined and the Bill of Rights needs to be attached to a document with some legal power.  Otherwise, it will just become another government advisory tool that companies quietly ignore.