In early February, I noted that a group called the Consumer Privacy Legislative Forum (“CPLF”), which includes companies such as eBay, Microsoft, Google and Hewlett Packard, had released a statement calling for comprehensive harmonized federal privacy legislation and would be outlining recommendations for such legislation this month. Apparently, the CPLF’s focus has shifted. According to a BNA Privacy & Security Law Report, 8 PVLR 331, the CPLF “has decided to abandon efforts to develop a set of principles for omnibus U.S. privacy legislation” and is instead “now focused on crafting an industry-wide self-regulatory framework that can be tested over time with a broad range of organizations.” The group has also changed its name to the Business Forum for Consumer Privacy, although it “is still working out legal issues involved with officially becoming a new organization.”
According to the report, Microsoft’s Chief Privacy Strategist, David Cullen, explained in a recent BNA interview that “[l]egislation is actually the wrong place to start. To provide effective privacy protection, it’s going to potentially require good legislation. But more importantly, it will require good business processes and good accountability.” The group now plans to use an upcoming International Association of Privacy Professionals (IAPP) Privacy Summit held from March 11th through March 13th to outline the work it has done thus far. However, while Microsoft seems to be ready to move in a different direction, it does not appear that all of the members of the forum agree. According to the report, when asked to comment on the forum’s new direction, a Google spokesperson said “our focus in this area has been our commitment to a comprehensive federal privacy law.”
It may disappointing for some to hear that the CPLF is no longer primarily committed to drafting a federal privacy framework. For others this may be good news, given the natural resistance to imposing new regulatory obligations during a time of economic crisis. As businesses struggle with the patchwork of laws being crafted by the states to address information security concerns, we are curious to see the proposed legislation that would emerge from a sophisticated industry group like the CPLF. In any event, it will certainly be interesting to see what the forum presents at the IAPP conference in the comming weeks.
- BNA Privacy & Security Law Report: 8 PVLR 331:
- CPLF Statement of Support of Comprehensive Consumer Privacy Legislation
- The IAPP website and the website of the IAPP’s March 2009 Privacy Summit is available here