President Barack Obama introduced his Consumer Privacy Bill of Rights more than four years ago and updated it in 2015, but Congress still hasn't made it law.
Obama promised in his 2008 campaign that he would establish a cross-industry "common standard" for securing personal data stored on government and private systems. Currently, personal data privacy law and regulation is a hodgepodge of narrow laws, court rulings and Federal Trade Commission decisions.
The proposed Consumer Privacy Bill of Rights Act was intended to establish a baseline standard for personal data protection. Under the proposed law, companies would have to develop internal policies for handling consumer information, and the Federal Trade Commission would make sure those policies met certain requirements.
When Obama proposed the latest version in February 2015, however, Congress didn't bite.
Many privacy advocates said the bill wasn't strong enough, giving companies too much control over their data protection standards, and that it contains exploitable loopholes. Some tech companies said the law would create burdensome regulation.
Mark Stroh, spokesman for Obama's National Security Council, pointed to the Federal Trade Commission's recent work related to consumer privacy as one way some standards have developed during Obama's years in office.
Through its decisions, the commission "has codified certain norms and best practices and has developed some baseline privacy protections," wrote law professors Daniel Solove of George Washington University and Woodrow Hartzog of Samford University in the Columbia Law Review in 2014.
The commission also regularly offers guidance for businesses about how to handle consumer information and data security.
On the federal government side, Obama issued an executive order in 2016 that established a Federal Privacy Council to develop best practices for protecting personal data on government agencies' systems.
And in 2014, he signed an executive order to make payments to and from the government more secure. At the same time, several large retail corporations, such as Target and Walmart, agreed to put chip-card readers in their stores to improve financial transaction security.
Still, there is no singular, comprehensive cross-industry standard for protecting personal data, as Obama promised in 2008. Obama tried to advance this issue, but with an unwilling Congress, he was unsuccessful. We rate this Promise Broken.