Limited Praise For Government Web 2.0 Policies
Civil liberties advocates are pleased some of their recommendations were included in new privacy policies that allow agencies to use Web site-tracking tools and third-party applications, but they are disappointed the guidelines omit more important safeguards that could better protect the public, Nextgov.com reported.
On Friday, the Office of Management and Budget ended a 10-year ban on cookies, which monitor what a user does on a Web site, and updated privacy notice requirements for sites such as Facebook and YouTube that incorporate nongovernment social networking tools. The regulations give agencies the green light to install online interactive features that citizens typically encounter on commercial sites, but the agencies must follow a strict set of conditions.
For example, sites using cookies to gather personally identifiable information that can be traced back to an individual's name, such as the location of an Internet server, must delete this data within a year. Cookies are files saved on users' computers when they visit a Web site and often store a visitors' login information and remember their preferences, as well as monitor a site's traffic volume and visitor demographics. Under the rules announced Friday, agencies that use third-party services to collect personally identifiable information also must conduct multiple privacy impact assessments to determine whether controls are in place that meet federal privacy regulations.
"I will say that they certainly listened," said Chris Calabrese, legislative counsel for the American Civil Liberties Union. "The cookie policy is very good in a lot of ways and bad in one major way," because it exempts law enforcement, national security and intelligence activities from the privacy limits.
"An individual shouldn't fear tracking if they want to get information on government services," he said. "In many cases the government is the authoritative source for information. Anybody should be able to get that anonymously and without concern about what might [happen] because they are interested in that information."
OMB officials said the policy does not create exceptions. Rather, pre-existing laws, including the 1978 Foreign Intelligence Surveillance Act, and executive orders forbid such OMB privacy policies from applying to law enforcement, national security and intelligence organizations. Officials also pointed out agencies cannot collect personally identifiable information unless a user opts-in to divulge such information, a policy Calabrese applauded. Many commercial sites automatically gather personally identifiable information from visitors, unless the individual takes action to opt-out.
The memo tries to cover all possible categories of personally identifiable information by not restricting the definition to a laundry list of items such as e-mail addresses, Social Security numbers and ZIP codes. Instead, determining what it is "requires a case-by-case assessment of the specific risk that an individual can be identified," the memo stated. "It is important for an agency to recognize that non-personally identifiable information can become personally identifiable information whenever additional information is made publicly available -- in any medium and from any source -- that, when combined with other available information, could be used to identify an individual."
The Electronic Privacy Information Center, which OMB also consulted, asked the Obama administration to stick with the traditional tracking prohibitions aimed at protecting civil liberties and was disappointed with the policy.
"It is stunning that the White House could develop these policies and make no mention of the federal privacy act," said EPIC Executive Director Marc Rotenberg. "That law regulates the collection and use of personal information by federal agencies. Without a legal basis for these policies, it remains unclear what force they will have, or how readily they could be changed." To read more, click here.
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus