In 2012, President Barack Obama promised legislation to protect Americans from misuse of their personal data, a growing worry in an age in which purchases and page views are monitored by strangers out to profit from the information.
The long-awaited proposal wasn’t worth the wait. It offers feeble protection to consumers, mystifyingly lets data companies craft their own rules and allows only the Federal Trade Commission — not individuals or states — to sue companies that overstep their bounds. Throw this one out, Mr. Obama, and try again, this time with feeling.
Ninety-one percent of Americans believe they have lost control of their personal data, according to a Pew Research Center survey. The Consumer Privacy Bill of Rights Act was supposed to restore their power and provide recourse for abuse. But as written, the proposal looks more like a Data Monger Bill of Rights.
It talks vaguely of offering control to consumers who don’t want information about their store purchases, magazine subscriptions or Web surfing analyzed or sold. But it’s generous with caveats. Individuals can ask to see the information collected about them, but data companies can refuse to provide it if they deem the request “frivolous or vexatious.” And if something’s incorrect, they don’t have to change it, unless the consumer can prove harm.
Data companies must offer consumers ways to opt out, but “in proportion with the privacy risk.” If they agree to delete a file, compliance “need not be less than 45 days” from the time of the request. A company can sell a lot of data within 45 days.
Given that the federal government has admitted tracking Americans’ phone calls and cars — and is the largest collector of financial data on its citizens, via the IRS — a U.S. president proposing privacy standards must be careful in the words he chooses. But when even Democrats, including Sens. Al Franken of Minnesota and Ed Markey of Massachusetts, denounce the proposal as weak, it’s time to ditch it and write another bill with teeth.