Responding to Requests for Comments (better known as RFCs) on proposed federal agency regulations or laws, is a major part of EPIC’s work. Public commenting periods are granted by legal authority under the Administrative Procedures Act – to increase transparency and gather important feedback during the rulemaking process.
On September 25, 2018, the National Telecommunications and Information Administration (NTIA)—the agency that advises the White House on telecommunications and information policy—released a RFC on a new framework for consumer data privacy. The NTIA framework outlines seven “desired outcomes” for the processing of personal data: (1) transparency, (2) control, (3) minimization, (4) security, (5) access and correction, (6) risk management, and (7) accountability. The NTIA framework is similar to many Fair Information Practices framework, such as the OECD Privacy Guidelines, but does not outline a strategy for implementation and enforcement.
Dr. Travis Hall, Telecommunications Policy Specialist for NTIA’s Office of Policy and Development, stopped by to answer general questions about the comment process.
“We are shooting for a more outcome-based approach.” Hall said, “We are scant on details because we are really truly looking for good proposals.”
While the RFC does leave opportunity to shape good policy, there is concern that whatever is adopted may not go far enough. “Notice and consent have no practical value.” Marc Rotenberg, EPIC President, said – noting that enforcement is often where the Federal Trade Commission misses the mark.
Hall understood EPIC’s position, but also wanted to reinforce the goal of this Administration. “We really are trying to spur a conversation and push it in different directions.” Hall said.
He offered open questions to consider:
- How do you articulate considerations of harm that are not just between the corporation and individuals?
- How do you get companies to internalize the risk of their data flows?
- What are the enforcement mechanisms that need to be in place?
EPIC will be submitting comments to the NTIA on this issue.
For more information visit www.EPIC.org. Defend Privacy. Support EPIC.