FTC Calls for Legislation to Regulate Data Brokers
On Tuesday, the Federal Trade Commission (FTC) released its long-awaited report resulting from an extensive study of “data brokers.” The report, entitled “Data Brokers, a Call for Transparency and Accountability,” presents the findings of the study, and provides recommendations for both legislation and industry best practices. Among the legislative recommendations, the Report calls for substantial transparency requirements to be placed on both first and third party companies, and requirements for consumers to be able to access the correct their records, and to opt-out entirely. In response to the Report, SIIA issued a statement expressing support from increased transparency and consumer access, but cautioned a legislative approach in favor of industry-led self-regulation. SIIA’s statement follows related advocacy, including recent comments to the FTC regarding “alternative scoring” and a 2013 white paper, highlighting the effectiveness of the current Fair Credit Reporting Act regulatory framework to prevent harm to consumers.
Surveillance Reform Legislation Passes House After Key Amendments
Last Thursday, the House passed the USA Freedom Act by a vote of 303-121, but only after several last minute amendments that limited the amount of transparency able to be provided by businesses and expanded a critical definition that, instead of entirely blocking the government’s ability to collect bulk amounts of Internet user’s data, the new bill could potentially allow federal agents to gather information broadly. The measure now moves to the Senate, where Judiciary Chairman Patrick Leahy has promised to make changes to strengthen these areas. While the legislation represents a significant step forward in the efforts to reform the National surveillance laws, there will be continued debate in the weeks ahead on these key details. In response to the bill’s passage, SIIA issued a statement affirming that surveillance reform legislation is an essential part of restoring the public trust and providing support for U.S. businesses internationally, and committing to ensure that the bill does not inadvertently provide for bulk collection of user data on the Internet.
White House Calls for Voluntary Cyber Action, Not Regulation
In a blog last week, White House Cyber Czar Michael Daniel declared that no new cybersecurity regulations are needed at this time, instead stating that “existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to our critical systems and information.” Specifically, the Administration’s internal review by several key agencies – DHS, HHS and EPA – reached the conclusion that existing laws and regulatory authority are sufficient, particularly in light of the voluntary framework. Earlier this year, SIIA hailed the NIST Cybersecurity Framework for creating a voluntary approach to cybersecurity that would preserve IT innovation and technology neutrality, contrasting this with an inflexible regulatory approach, and we applauded the recent Administration conclusion last week.
House adds DOTCOM Bill to National Defense Authorization Act
On May 21, 228 Republican and 17 Democrats voted in favor of the DOTCOM bill with 177 members opposed. The Bill would oblige the GAO to provide a study to Congress within one year of the Commerce Department receiving a proposal on how to transition the Internet Assigned Names Authority (IANA) functions to a multistakeholder managed group, thereby relinquishing the last vestige of U.S. government “control” of the Internet. Currently, the Internet Corporation for Assigned Names and Numbers (ICANN) is contractually responsible (with Verisign doing the work) to the Commerce Department for managing these functions. The study would oblige the GAO to write a report on the following topics: