Clarification required for NTIA’s ‘Fair Information Principles’

In May 2018, the National Telecommunications and Information Administration (NTIA) issued a request for public comment regarding the advancement of consumer privacy, while protecting prosperity and innovation.

The recent response by the Centre for Information Policy Leadership (CIPL) suggests that any proposed privacy framework should clearly define certain terms to negate any legal uncertainty, or gaps in coverage. Furthermore, that the adequacy requirements of the GDPR are duly considered and implemented in the US, in order to benefit companies that trade internationally.

Transparency, data governance and privacy notices

The appropriate level of transparency is critical to maintaining trust amongst consumers. However, transparency must vary, based on context and audience, and therefore cannot be absolute.

To deliver effective user-centric transparency, companies must be able to demonstrate to privacy regulators that repeatable and robust processes have been implemented. Moreover, transparency should be evident to consumers, as well as privacy regulators.

The choice of which controls to offer, and how they should be enabled must be contextual. For example, there may be circumstances where is it not feasible to provide consumer control, choice or consent for certain types of information processing.

There may be contexts where consumers do expect to be given control and clear choices, such as how they want their personal data and posts to be viewable and shared on social media. Another example is where people share sensitive or private data such as health, race, religion, or sexual orientation.