The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at an six weeks from now, according to Peter Cullen, Microsoft's chief privacy officer.

The companies have been working for the past three years to encourage the adoption of federal consumer data-privacy laws and to answer the question of what federal legislation should look like, Cullen said in an interview. Other forum members include Google, Oracle, Procter & Gamble and Eli Lilly.

One idea is that laws should make it easier for consumers to understand what they're getting into when they share their personal data with Web sites, Cullen said. "The whole focus on consent really puts an unfair burden on the consumer," he said. "My mom doesn't know what an IP address is."

The recommendations will cover rules around data use and the ability of consumers to correct inaccurate data. And they will cover data breach notification, which is now covered by a patchwork of state laws.

Simplifying breach-notification laws by creating a single federal standard is important, Cullen said Wednesday while speaking at a discussion of privacy policy in San Francisco. "It's not that there is no privacy law. There's actually too much privacy law," he said. "If you think about data-breach notification laws just as an example, there are 38 state laws, many of them very different."