Storm Brewing: Commercial Data Bill Of Rights Introduced
Senators John Kerry, and John McCain introduced a bill to the Senate floor last week entitled “The Commercial Privacy Bill Of Rights” that would reform and codify how Internet user data could be used online.
On the surface, this seems like the type of altruistic bill that falls in to the no-brainer area of Congressional legislation. Privacy, protection, trust, accountability. All the good political buzzwords apply. Yet, it is not that simple. Data is the lifeblood of the Web and the use of consumer data and the bill would allow the Federal Trade Commission and the Department of Commerce to have a significant hand in regulation of how data is collected and used by companies. Advertisers, innovators and consumer groups are concerned with the bill, not so much because of the wording of the legislation, but rather the amount of control it places in the hands of the FTC and whether or not that is necessary.
The right to security and accountability:
Collectors of information must implement security measures to protect the information they collect and maintain.
The right to notice, consent, access and correct information:
The collector must provide the ability for an individual to opt-out of any information collection that is unauthorized by the Act and provide affirmative consent (opt-in) for the collection of sensitive personally identifiable information.
The right to data minimization, distribution constraints and data integrity:
Holds companies to use the data they collect only for specific purposes of conducting business within a set timeline hold any third-party accessors of that data to the same standards as the collector.
Voluntary Safe Harbor Programs:
Companies can opt-out of portions of the bill if they set policies that are equally as stringent as the bill.
How will it affect the advertising ecosystem?
The advertising community feels that this law is unnecessary because the industry has been crafting its own privacy policies for some time and think that the market can regulate itself.
“We’ve set up a system; now they are going to replace it with the FTC,” Dan Jaffe, executive vice president of the Association of Nationals Advertisers said in and AdWeek interview. “It basically undermines the momentum last December when botht he FTC and Commerce Department scolded the industry for not moving fast enough.”
Kaliya Hamlin, the executive director of the Personal Data Ecosystem Consortium, believes the bill is absolutely necessary. Foremost, she says, it will bring American privacy laws in to correlation with those of the European Union, which would allow for greater international commerce as currently U.S. sites that do not comply with European privacy laws either cannot operate there or have to change their data handling processes to accommodate European law.
“Our consortium has a point of view about how the future could be and it doesn’t have to be the way it is,” Hamlin said. “It is totally possible to advertise (and potentially even more effective then today) in an ecosystem that gets re-wired to respect people and their information – that seeks to build with them and connect them to offers and opportunities that are relevant to them.”
Hamlin noted that on a recent trip to Europe that she encountered many pop-ups on sites that telling asking if her information could be used. It is likely that if this bill is passed similar pop-ups could be coming to the United States.
Will it stifle innovation?
Hamlin does not think so.
“So there are currently 20+ startups innovating around developing personal data banks and services around them,” Hamlin said. “So, where is the stifling?”
Yet, social network data hacker and ReadWriteWeb contributor Pete Warden, told our editor Marshall Kirkpatrick last week that “these regulations will deter startups from building new tools like Mint.com or Rapportive, while the big corporations can devote whole departments to working around any new rules,” Warden said.
There is clearly a split in the tech community on if and how the bill would affect innovation. It is notable that the United States leads Europe in volume and quality of innovation. Is that because of the culture on the other side of the pond? The amount of regulation by the European Union?
A group of the largest tech companies, including Microsoft, Intel and e-Bay signed an agreement last week supporting the bill. Notably, Facebook and Google have not weighed in on the bill.
CNET pointed out last week that the bill will not apply to the government or law enforcement, which brings up an interesting double standard in how the government views itself in relation to business. Internet consumers are as wary of the government and how it uses their information as they are of businesses. When it comes to the day-to-day processes of government function, it does not operate all that different from a large enterprise corporation yet yields more power over the lives of American’s than almost all corporations put together.
In the long run, start-ups and innovators will learn to deal with the new regulations if the bill passes. It comes down to a matter of trust. How much do consumers trust the businesses that use and control their data? This bill would help companies gain and keep the trust of consumers.
But, the question becomes: does the federal government need to legislate that trust or is it something that companies have to craft and earn on their own?