Ten Principles for a Revised US Privacy Framework

Our economies and societies are in the midst of the 4th industrial revolution, with digitalization and datafication transforming the way we live, work and interact. This transformation has brought into sharp focus the question of how we should regulate data use, governance and privacy to enable us to reap the benefits of data driven innovation while mitigating the risks associated with ubiquitous and massive data use. In response, many countries have updated or are in the process of updating their data privacy laws and frameworks. Some are introducing data protection and privacy requirements for the first time. The US has long regulated data in specific sectors. More recently, the US has started to follow the path toward generally applicable data protection regulation with the passage of the California Consumer Privacy Act (CCPA) in 2018, similar legislative proposals in other states and numerous proposals for a comprehensive federal privacy law by various groups, including federal legislators on both sides of the political spectrum.

CIPL believes that the use of personal information and privacy can be most effectively regulated at the federal level. Thus, this paper focuses on principles for a potential US federal privacy law.

This federal law should have the dual objectives of providing appropriate privacy protections for consumers and enabling the digital economy and innovation to ensure US leadership and competitiveness. CIPL believes that the following principles will help ensure that these dual goals are met:

• Accountability
• Risk-Based Approach
• Innovative and Contextual Transparency
• Individual Empowerment
• Controller/Processor Distinction
• Global Interoperability
• Supportive of Responsible Innovation
• Oversight and Smart Regulation
• Effective Enforcement
• Comprehensive and Harmonized Framework

Download Now