The Commerce Department weighed in on online consumer privacy Thursday with a report that makes several recommendations, including a set of principles for how companies collect and use peoples' data and privacy protection for cloud computing and location-based services.

The report is intended to serve as a framework for Congress as it considers privacy legislation in the next session. "While our primary goal is to update the domestic approach to online privacy, we are optimistic that we can take steps to bridge the different privacy approaches among countries, which can help us increase the export of U.S. services and strengthen the American economy," Commerce Secretary Gary Locke said in a statement.

One of the recommendations is the development of a clear set of principles that companies would have to follow when collecting and using personal information for commercial purposes. The issue has made headlines recently, from reports of Facebook data being sold to third-party ad networks to questions about what kind of things search engines like Google are collecting about you when you surf the Web.

These principles would serve as a "Privacy Bill of Rights," Commerce said, and are intended to promote more corporate transparency and put clearer limits on data usage.

To monitor the situation, the agency suggested creating a privacy policy office within Commerce, which would work with the White House, other agencies, and stakeholders to keep tabs on commercial use of personal information and evaluate if any gaps exist. The agency also pushed for greater international collaboration "to find practical means of bridging differences in our privacy frameworks."

Keeping tabs on breaches, meanwhile, can be difficult with disparate state laws, so Commerce suggested an overarching federal law that would inform businesses how best to contact customers in the event of a data breach. That law would authorize FTC enforcement, but also preserve state authorities' existing enforcement power, and would not pre-empt federal notification laws for specific sectors like healthcare.

Finally, Commerce urged the White House to review the Electronic Communications Privacy Act (ECPA) to address privacy protection in the cloud and as it relates to location-based services. The goal should be to extend privacy protections to emerging services, the agency said.

Commerce will open up the report to public comment, and consider publishing a revised copy in the future. The release comes about two weeks after the FTC released its own assessment of online privacy, which included a call for "do not track" technology in Web browsers. The FTC plan also serves as a framework for Congress, and the agency is also seeking public comment.

Consumer groups applauded the Commerce report.

"The Department of Commerce report lays out a creative and flexible approach to develop enforceable privacy protections for consumers," said Justin Brookman, director of the Center for Democracy & Technology's Privacy Project. "Now it's time for Congress to step up and pass the legislation needed to enact a baseline consumer privacy law that is built on the strong recommendations contained in the Commerce and FTC privacy reports."

James Steyer, CEO of Common Sense Media, backed the idea of a privacy policy office.

"Canada and Europe already have privacy officers responsible for constantly working with key stakeholders to keep privacy policies up to date with ever-changing technologies," Steyer said. "This position would be an important step forward in protecting the privacy of consumers in this country, especially our youngest consumers - kids and teens, who also need new laws and broader protections to keep their personal information safe - and we believe it is something that the industry should fully support."