privacy tango presentation

8/2/2019 Privacy Tango Presentation

1/23

+

Washington s Privacy TangoSearching For the Elusive Consensus

Bennet Kelley Internet Law Center


2/23

+

Founder of Internet LawCenter in Santa Monica

Former Co-Chair of Cal. Bar

Cyberspace CommitteeHost of Cyber Law & BusinessReport on WebmasterRadio.fm(Weds at 10-11AM PT)

Publisher of Cyber Reportnewsletter which won topprize at 2011 LA Press Club

Awards and named a topsource for internet law


3/23

+This Debate Is Not New

OK, Not Quite That Old

Since Advent of Internet

What Has ChangedReach/Breach

Acceptance of SomeRegulation

Number of Players andTechnologies Involved


4/23

+The Framers and the Myth of Sisyphus

1.2%11.4%

67.6%

Congress 2011

Public LawPassedThe Rest

Futility by Design


5/23

+1999: SPOTLIGHT ON ONLINE

PROFILING1999: FTC Conference

1999: Network AdvertisingInitiative launched to stop

regulation2000: Report to Congress


6/23

Commends NAI but . . .

[Recommends] legislation that would set forth a basic level of privacyprotection for all visitors to consumer-oriented commercial Web sites withrespect to profiling.

Basic standards of practice governing the collection and use ofinformation online for profiling, and provide an implementing agencywith the authority to promulgate more detailed standards

[Including] authority to grant safe harbors to self-regulatory principleswhich effectively implement the standards of fair information practicesarticulated in the legislation and subsequent rulemaking.


7/23

+2001-2006: Other Priorities Spam (2003) Spyware (2004)


8/23

+ 2007-2009 Dancing OverSelf-Regulation 2007: FTC Releases Self-Regulatory

Principles for Behavioral Targeting 2008: Industry Pushes Back 2009: Leibowitz Warns Industry Action is

Coming Industry Responds with IAB, DMA, AAAA

Guidelines


9/23

+2007 Proposed Principles

Every website where data is collected for behavioral advertising should provide aclear, concise, consumer-friendly, and prominent statement that

(1) data about consumers activities online is being collected at the site for use in providingadvertising about products and services tailored to individual consumers interests, and(2) consumers can choose whether or not to have their information collected for suchpurpose

Any company that collects and/or stores consumer data for behavioral advertisingshould provide reasonable security for that data,

Companies should retain data only as long as is necessary to fulfill a legitimatebusiness or law enforcement need.

Before a company can use data in a manner materially different from promises thecompany made when it collected the data, it should obtain affirmative express consentfrom affected consume.

Companies should only collect sensitive data for behavioral advertising if they obtainaffirmative express consent from the consumer to receive such advertising


10/23

+2008 Industry Self-Regulatory

Principles Education Principle calls for organizations toparticipate in efforts to educate individuals andbusinesses about online behavioral advertising.

The Transparency Principle calls for clearer andeasily accessible disclosures to consumers aboutdata collection and use practices associated withonline behavioral advertising.

The Consumer Control Principle providesconsumers with an expanded ability to choose

whether data is collected and used for onlinebehavioral advertising purposes. This choice willbe available through a link from the noticeprovided on the Web page where data iscollected.

The Data Security Principle calls for organizationsto provide reasonable security for, and limitedretention of data, collected and used for onlinebehavioral advertising purposes.

The Material Changes Principle calls onorganizations to obtain consent for any materialchange to their online behavioral advertising datacollection and use policies and practices to datacollected prior to such change.

The Sensitive Data Principle recognizes that datacollected from children and used for onlinebehavioral advertising merits heightenedprotection, and requires parental consent forbehavioral advertising to consumers known to beunder 13 on child-directed Web sites. ThisPrinciple also provides heightened protections tocertain health and financial data when attributableto a specific individual.

The Accountability Principle calls for developmentof programs to further advance these Principles,including programs to monitor and reportinstances of uncorrected non-compliance withthese Principles to appropriate governmentagencies.


11/23

+ Emergence of theCreepiness Factor Is it legal? Probably. Do I think it's a good ideaand it makes sense? No. I don't think it passes the creepy factor, and this market isn't ready

for stuff that doesn't pass the creepy factor,

We are not in a place where we an do dumbthings and stupid things like that, even if they're effective. Dave Morgan - TacodaFounder


12/23

+ 2009-2011: Lawyers of theRoundtable Tenth Anniversary of Online Profiling

Conference Industry Still Fighting Regulation Complexity Increases . . . Oh and there s that Social Networking

thing too.


13/23

+ Personal Data Eco-System Any questions????


14/23

+FTC Privacy Report

Our report and law enforcementaction send a clear message toindustry: despite some good actors,self-regulation of privacy has notworked adequately and is notworking adequately for Americansconsumers . We deserve far betterfrom the companies we entrust ourdata to, and industry, as a whole,must do better.

FTC Chairman Jon Leibowitz


15/23

+DOC Privacy Report

Endorses baseline commercial dataprivacy principles that would fill anygaps in existing U.S. law;

Safe harbors against FTCenforcement for practices definedby baseline data privacy or self-regulatory codes;

Limited rulemaking authority overcertain baseline fair information

privacy practices principles if it isestablished that market failuresrequire prescriptive regulatoryaction; and

National Data Breach Standards


16/23

+Market Reaction

Browser Wars

Privacy Competition

Industry Begins PolicingItself


17/23


18/23

+Meanwhile . . .

No Consensus

Other Internet Battles

Net Neutrality

SOPA


19/23

+Consumer PrivacyBill of Rights

Individual Control:

Transparency

Respect for Context:

Security:

Access and Accuracy:

Focused Collection: and

Accountability

Enforcement by FTC

Safe Harbors for ApprovedCodes of Conduct

Federal Data Breach Law


20/23

+Half Empty Relies on agreed upon self-regulatory

principles and passage of comprehensiveprivacy legislation neither of which is

on the horizon. Little different that where we were in 1999


21/23

+Half Full Jump starts moribund legislative process Got industry backing of do-not track on

browser level Industry is engaging in self-regulation

and enforcement already Substantial movement in industry s

approach since 1999


22/23

+ Internet Law Center100 Wilshire Blvd., Suite 950, Santa Monica, CA 90401(310) [email protected]

www.internetlawcenter.net
mailto:[email protected]://www.internetlawcenter.net/http://www.internetlawcenter.net/mailto:[email protected]


23/23

+Links

1999 Workshop on OnlineProfiling

2000 Report to Congress on

Online Profiling

2007 Self RegulatoryPrinciples (staff report)

2008 Industry Self Regulatory

Principles

2010 FTC Staff Report

2010 Department of Commerce Green Paper

2011 CyLaw Report Why

Johnny Cant Opt Out

2012 Consumer Privacy Bill of Rights Proposal

2012 White House Summary of

Privacy Proposal
http://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.ftc.gov/os/2010/12/101201privacyreport.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ftc.gov/os/2010/12/101201privacyreport.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htm

privacy tango presentation

Documents