WASHINGTON – Today, ITI released a legislative roadmap that advances the privacy rights of consumers and defines the responsibilities of companies in using personal data while continuing to enable the innovations that transform our lives. The new Framework to Advance Interoperable Rules (FAIR) on Privacy includes specific recommendations that give consumers more control and a clearer understanding about how their personal data is used. It also includes measures to promote security and hold companies accountable to ensure companies use personal data responsibly and transparently.
“Consumer trust is a key pillar of innovation, and our industry must do everything we can to deepen that trust and meet consumers’ expectations when it comes to protecting their privacy and personal data,” said Dean Garfield, President and CEO of ITI. “This framework moves us toward that goal by enhancing transparency, increasing individual control, establishing company accountability, promoting security, and fostering innovation. We expect this framework will continue to take shape as we work alongside lawmakers and consumers to develop meaningful privacy legislation in the United States and across the world.”
This framework is intended to work the way people use technology and live their lives by providing both meaningful privacy protections and value for consumers regardless of location. It offers an interoperable solution that can serve as a model for governments worldwide and a workable alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.
It builds on the strengths of other global approaches and principles to:
- Enhance Transparency. The framework ensures individuals are informed when their personal data is collected or used so they have a better understanding of what they are or are not consenting to.
- Increase Consumer Control. The framework gives individuals the right to expressly and affirmatively consent to the use of their sensitive personal data, and further allows individuals to access, correct, port, delete, and object to the use of their personal data where it is appropriate to the context of the use of such personal data.
- Establish Company Accountability and Expands Responsibility. The framework lays out clear mechanisms for regulators to hold companies responsible for their data practices, including recommending subjecting companies in violation of a national privacy law to a meaningful penalty on the first offense. It also requires companies to identify, monitor and document uses of known personal data, and ensure all uses are legitimate as defined by that law.
- Promotes Security. The framework mandates companies put into place comprehensive security programs that support and protect their operations, activities and the sensitive information they control.
Read the full framework here.