Internet companies support a federal, economy-wide privacy law that provides consumers meaningful control and the ability to access, correct, delete, and download data they provide to companies. Americans should have consistent experiences and expectations across state lines and industries – regardless of where they live or the type of company they interact with. IA supports a national privacy framework that is consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.
As policymakers and stakeholders work on an American approach to privacy, we must ensure that a national privacy framework:
Protects individuals’ personal information and fosters trust by enabling individuals to understand their rights regarding how personal information is collected, used, and shared.
Meets individuals’ reasonable expectations with respect to how the personal information they provide companies is collected, used, and shared.
Promotes innovation and economic growth, enabling online services to create jobs and support our economy.
Demonstrates U.S. leadership in innovation and tech policy globally.
Is mindful of the impact of regulation on small- and medium-sized companies.
Applies consistently across all corporate entities, to the extent they are not already regulated at the federal level.
Internet Association Privacy Principles
These privacy principles aim to protect an individual’s personal information, which we define as any information capable of identifying a specific individual or a device that belongs to that individual.
The adoption of the principles identified above would enhance individuals’ personal privacy and their ability to trust that companies place appropriate limits on the use of personal information. To ensure the effectiveness of a national privacy framework, these principles must be balanced against: (1) competing individual rights, including freedom of speech and expression; (2) other parties’ privacy interests; (3) data security interests; (4) companies’ needs to protect against fraud or other unlawful activity, or individual safety; (5) companies’ requirements to comply with valid law enforcement requests or judicial proceedings; (6) whether the exercise of the rights afforded individuals are unduly burdensome or excessive in specific instances; and (7) whether individuals’ exercise of their rights would require companies to collect or process additional personal information about that individual.