Posts Tagged ‘privacy bill’

Consumer Privacy: Can the FTC Enforce a Voluntary Code of Conduct?

March 9th, 2012 03:00 admin View Comments

White House motif (150 px).jpg“There is no Federal regulation at the end of the process,” reads the White House framework document promoting the creation of a Consumer Privacy Bill of Rights, “and codes will not bind any companies unless they choose to adopt them.” This is how the Obama Administration refers to the creation of new codes of conduct for private companies that run Web sites and collect information about their users.

So if it’s not a regulation, then exactly what is it that the Federal Trade Commission would be expected to enforce? If you’re expecting some government agency to answer that question, you may be surprised to discover that earlier this week, the Dept. of Commerce’s NTIA opened up the question to public comments. That’s right – perhaps you have the answer.

The Administration launched the initiative to craft the Privacy Bill last February 23. A section of its Framework document entitled “Protecting Privacy Through Effective Enforcement” (complete PDF document available here) reads as follows: “The Administration also takes enforcing statutory privacy rights seriously. Federal agencies with law enforcement authority have taken action against those who violate privacy rights.”

Insert Statute Here

The key word there is “statutory,” meaning a part of the law – typically meaning, not something a citizen or a corporation adheres to voluntarily. On Wednesday, NTIA launched a public comments period, calling upon stakeholders in systems that may exchange personally identifiable data to volunteer their ideas on the creation of codes of conduct that may then be legally enforceable. The comments period closes on March 26.

“The privacy multi-stakeholder process is voluntary. A code of conduct will not be binding on a company unless and until that company affirmatively commits to follow it,” reads the call for comments as printed in the Federal Register (PDF available here). “NTIA expects that a company’s public commitment to follow a code of conduct will be legally enforceable, provided the company is subject to the Federal Trade Commission’s jurisdiction.”

The Washington, D.C. law firm of Mintz Levin contributed to the National Law Review a document which attempts to condense the White House’s 52-page explanation into fewer words. In it, three of the firm’s attorneys make the case that any company that makes a public commitment to its customers without the intention of keeping that commitment, may be subject to a fraud indictment.

“Once a code of conduct is complete, companies to which the code is relevant may choose to adopt it,” the attorneys write. “The Administration expects that a company’s public commitment to adhere to a code of conduct will be enforceable under the FTC’s authority to prevent deceptive acts or practices, just as a company is bound today to follow its privacy statements.”

The Administration’s document is vague, perhaps intentionally, with regard to the question of how Congress can be expected to “codify” language in such a way that it may or may not apply to businesses that choose to participate. One naturally assumes that entry by a company into the stakeholder process would be a kind of covenant that one could not then opt out of. But this may be uncharted waters for the Administration, which is trying to craft a regulation that calls itself not a regulation, and a set of rights which may be void where inapplicable.


Pull This Switch to Opt Out

After the publication of the Framework, the worldwide law firm of Gibson Dunn published its interpretation, suggesting that companies that do not adopt the so-called “statutory” code of conduct may yet be upheld to other principles, perhaps of their own choosing. While stating that the Administration will attempt to hold parties accountable under Section 5 of the FTC Act, the attorney’s present this curious alternative: “The Administration recommends giving the FTC authority to grant a ‘safe harbor’ (forbearance from enforcement of the statutory Bill of Rights) if the company complies with a Code of Conduct that the FTC has reviewed and approved.”

This alternative, according to the Framework, would give a company the option to submit an alternative code of conduct to the FTC for its approval, which should take no longer than 180 days. However, the Framework goes on, that period should be open for public inspection and comments, during which time stakeholders in the statutory code of conduct would be allowed to submit its opinions on the matter.

Thus theoretically, if a search engine that exchanges personal data with an advertising provider were to opt out of the process and submit its own guidelines instead, for it to obtain safe harbor from an FTC indictment, it would effectively have to submit its alternative for inspection by its competitors – which may include a major social network. Or vice versa. While those competitors would not be granted rights of approval, they may be able to make public claims against their competitor for – again, theoretically – attempting to bypass the regulatory process. This while the company may claim legitimate exceptions to the public process – perhaps, for any number of technical reasons, the statutory code could not apply to it specifically.

But then the Gibson Dunn attorneys add this: “Companies that choose not to adopt an applicable Code of Conduct would be subject to the general obligations of the Bill of Rights.” Whether this means a company whose submitted alternative code is rejected by the FTC must then be forced to follow guidelines established by its competitors, is unclear and perhaps, as yet, undetermined. What’s more, the reference to “general obligations” implies that even the statutory code may include exceptions or exemptions.

As attorneys from the New York law firm of White & Case wrote last week, “This is an important balance because a number of online industries have flourished as the government chose to not legislate in this area and what is proposed, while not usual to citizens of other countries, would represent a significant change in the law for American citizens and businesses. Businesses would simply need, and should receive, adequate time to adapt.”

Source: Consumer Privacy: Can the FTC Enforce a Voluntary Code of Conduct?

Obama’s Privacy Bill of Rights: Just a Beginning

February 23rd, 2012 02:13 admin View Comments


jfruh writes “Last night the White House hastily arranged a phone conference at which a ‘Privacy Bill of Rights’ was announced. It’s an important document, not least because it affirms the idea that our data belongs to us, not to companies that happen to collect it. But it has a number of shortcomings, not least among them the companies aren’t required to respect the rules laid out.”

Source: Obama’s Privacy Bill of Rights: Just a Beginning

Lawmakers Get Involved In “Locationgate,” Propose Data Privacy Law

June 15th, 2011 06:11 admin View Comments

The “Locationgate” scandal that saw so much coverage back in April hasn’t been in the news much lately, but that hasn’t stopped lawmakers from trying to prevent similar situations. Two senators, Al Franken of Minnesota and Richard Blumenthal of Connecticut, have proposed a mobile privacy bill today hoping to strengthen the level of consent needed for app developers and device makers to collect and share location data.

In case you’ve been living under a rock (in a location already stored on your phone, no doubt), it all started when two researchers in Britain discovered that Apple’s iPhone and iPad had been recording location data, and storing it on the device. This had people up in arms, of course, and it was only a matter of time until Google was discovered to be doing the same thing. Since then, people have been pretty peeved about it, so much so that the long arm of the law is getting involved.

Read more…

Source: Lawmakers Get Involved In “Locationgate,” Propose Data Privacy Law

Storm Brewing: Commercial Data Bill Of Rights Introduced

April 18th, 2011 04:15 admin View Comments

privacybilllogo.jpgSenators John Kerry, and John McCain introduced a bill to the Senate floor last week entitled “The Commercial Privacy Bill Of Rights” that would reform and codify how Internet user data could be used online.

On the surface, this seems like the type of altruistic bill that falls in to the no-brainer area of Congressional legislation. Privacy, protection, trust, accountability. All the good political buzzwords apply. Yet, it is not that simple. Data is the lifeblood of the Web and the use of consumer data and the bill would allow the Federal Trade Commission and the Department of Commerce to have a significant hand in regulation of how data is collected and used by companies. Advertisers, innovators and consumer groups are concerned with the bill, not so much because of the wording of the legislation, but rather the amount of control it places in the hands of the FTC and whether or not that is necessary.

From the summary of the bill:

The right to security and accountability:
Collectors of information must implement security measures to protect the information they collect and maintain.

The right to notice, consent, access and correct information:
The collector must provide the ability for an individual to opt-out of any information collection that is unauthorized by the Act and provide affirmative consent (opt-in) for the collection of sensitive personally identifiable information.

The right to data minimization, distribution constraints and data integrity:
Holds companies to use the data they collect only for specific purposes of conducting business within a set timeline hold any third-party accessors of that data to the same standards as the collector.

Voluntary Safe Harbor Programs:
Companies can opt-out of portions of the bill if they set policies that are equally as stringent as the bill.

How will it affect the advertising ecosystem?

The advertising community feels that this law is unnecessary because the industry has been crafting its own privacy policies for some time and think that the market can regulate itself.

“We’ve set up a system; now they are going to replace it with the FTC,” Dan Jaffe, executive vice president of the Association of Nationals Advertisers said in and AdWeek interview. “It basically undermines the momentum last December when botht he FTC and Commerce Department scolded the industry for not moving fast enough.”

Kaliya Hamlin, the executive director of the Personal Data Ecosystem Consortium, believes the bill is absolutely necessary. Foremost, she says, it will bring American privacy laws in to correlation with those of the European Union, which would allow for greater international commerce as currently U.S. sites that do not comply with European privacy laws either cannot operate there or have to change their data handling processes to accommodate European law.

“Our consortium has a point of view about how the future could be and it doesn’t have to be the way it is,” Hamlin said. “It is totally possible to advertise (and potentially even more effective then today) in an ecosystem that gets re-wired to respect people and their information – that seeks to build with them and connect them to offers and opportunities that are relevant to them.”

Hamlin noted that on a recent trip to Europe that she encountered many pop-ups on sites that telling asking if her information could be used. It is likely that if this bill is passed similar pop-ups could be coming to the United States.

Will it stifle innovation?

Hamlin does not think so.

“So there are currently 20+ startups innovating around developing personal data banks and services around them,” Hamlin said. “So, where is the stifling?”

Yet, social network data hacker and ReadWriteWeb contributor Pete Warden, told our editor Marshall Kirkpatrick last week that “these regulations will deter startups from building new tools like or Rapportive, while the big corporations can devote whole departments to working around any new rules,” Warden said.

There is clearly a split in the tech community on if and how the bill would affect innovation. It is notable that the United States leads Europe in volume and quality of innovation. Is that because of the culture on the other side of the pond? The amount of regulation by the European Union?

A group of the largest tech companies, including Microsoft, Intel and e-Bay signed an agreement last week supporting the bill. Notably, Facebook and Google have not weighed in on the bill.

CNET pointed out last week that the bill will not apply to the government or law enforcement, which brings up an interesting double standard in how the government views itself in relation to business. Internet consumers are as wary of the government and how it uses their information as they are of businesses. When it comes to the day-to-day processes of government function, it does not operate all that different from a large enterprise corporation yet yields more power over the lives of American’s than almost all corporations put together.

In the long run, start-ups and innovators will learn to deal with the new regulations if the bill passes. It comes down to a matter of trust. How much do consumers trust the businesses that use and control their data? This bill would help companies gain and keep the trust of consumers.

But, the question becomes: does the federal government need to legislate that trust or is it something that companies have to craft and earn on their own?

Source: Storm Brewing: Commercial Data Bill Of Rights Introduced

Obama Calls For New Privacy Bill of Rights

March 16th, 2011 03:34 admin View Comments


CWmike writes “The Obama Administration is backing a new data privacy bill of rights aimed at protecting consumers against indiscriminate online tracking and data collection by advertisers. I recent times, high-profile examples of a need for improving privacy laws include Facebook’s personal data collection practices and Google’s problems over its Street View Wi-Fi snooping issue. In testimony prepared for the Senate Committee on Commerce Science and Transportation, the Commerce Department’s assistant secretary, Lawrence Strickling, said that the White House wants Congress to enact legislation offering ‘baseline consumer data privacy protections.’ Strickling said the administration’s call for new online privacy protections stems from recommendations made by the Commerce Department in a paper released in December. The administration’s support for privacy protections is very significant, said Joel Reidenberg, a professor at Fordham Law School who specializes in privacy issues. ‘This is the first time since 1974 that the U.S. government has supported mandatory general privacy rules,’ Reidenberg said.”

Source: Obama Calls For New Privacy Bill of Rights