Create a Data Policy Office Not a Privacy Policy Office

While consumers have a vocal advocate for increased privacy regulation in the federal government with the Federal Trade Commission (FTC), they currently lack an advocate for reducing barriers to the free flow of information. To remedy this, the Department of Commerce, whose mission it is to advance economic growth, jobs and opportunities for all Americans, should become the champion of pro-innovation information policies, rather than focus on the more narrow issue of consumer privacy at the expense of other goals.

This lack of focus by the Department of Commerce can be seen in one of the recommendations in the Internet Policy Task Force’s recent green paper “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework” which calls for creating a Privacy Policy Office (PPO). As described in the report, the purpose of the PPO would be to 1) act as a convener of diverse stakeholders, and 2) serve as a source of expertise on privacy policy for the administration.

The Task Force writes:

…we recommend establishing a Privacy Policy Office (PPO) in the Department of Commerce. The PPO would continue the work of the Department’s Internet Policy Task Force by acting as both a convener of diverse stakeholders and a center of Administration commercial data privacy policy expertise.  The PPO would work with the FTC in leading efforts to develop voluntary but enforceable codes of conduct.  Companies would voluntarily adopt the appropriate code developed through this process.  This commitment, however, would be enforceable by the Federal Trade Commission.  Compliance with such a code would serve as a safe harbor for companies facing certain complaints about their privacy practices.  The dynamic process of voluntary code development would provide a greater measure of certainty than many companies are currently able to obtain, but it would also be flexible enough to keep pace with commercial innovations.

Focusing exclusively on commercial data privacy, the PPO would be distinct from the existing roles and authorities of OMB and the senior privacy officers of Federal agencies.  Similarly, the work of the PPO would not overlap with the Privacy and Civil Liberties Oversight Board’s mission to protect privacy and civil liberties in government collection and use of information in the exercise of its law enforcement, counter-terrorism, and foreign intelligence authorities.  The PPO would work closely with OMB and other agencies and would coordinate with the FTC, which will continue to serve independent enforcement, rulemaking, agency policymaking, and education roles.

The recommendation is reasonable, but misguided. Yes, it is important for the Commerce Department to look at issues surrounding the use of personal data and creating an office to serve as a resource for policy expertise in this area is a useful step. And as Peter Swire notes in his filing, there are important reasons to have an office like this in the executive branch, and not just in the FTC, an independent agency. However, as I argued in the comments ITIF filed last week with the Task Force, rather than creating a Privacy Policy Office with a limited agenda, the Department of Commerce should establish a Data Policy Office that can focus on broader issues related to the information economy.

Establishing a Data Privacy Office in lieu of a Privacy Policy Office would be more than a mere change in name. The focus of the Data Policy Office would be to encourage data policies that foster economic activity, including policies that increase data sharing, reduce barriers to global information flows, and protect consumer privacy. For example, the Data Privacy Office could evaluate the impact of data regulations on competition and innovation, fund research on important issues like data anonymization, and work with other nations to improve international frameworks for sharing data across borders. This office could also take the lead on information policy issues such as anti-competitive cloud computing policies, sharing data for medical research, and developing industry standards for sharing geo-location data. The Data Privacy Office would help ensure that beneficial uses of data are not curtailed by overly-restrictive data privacy policies.

By creating an office that looks at data issues more broadly, rather than narrowly focusing on privacy, the Department of Commerce would be able to play a more strategic long-term role in encouraging economic growth in the United States in important data-intensive business sectors. The end result will be better policies that benefit American consumers through lower prices, more innovation and more choice.

Print Friendly

About the author

Daniel Castro is a Senior Analyst with ITIF specializing in information technology (IT) policy. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security and accessibility. Before joining ITIF, Mr. Castro worked as an IT analyst at the Government Accountability Office (GAO) where he audited IT security and management controls at various government agencies. He contributed to GAO reports on the state of information security at a variety of federal agencies. He has a B.S. in Foreign Service from Georgetown University and an M.S. in Information Security Technology and Management from Carnegie Mellon University.