Livetweeting Final FTC Privacy Roundtable Today

by on March 17, 2010 · 2 comments

I’m livetweeting today’s final FTC Privacy Roundtable (check out the #FTCPriv hashtag on Twitter). Check out the day’s agenda or watch the webcast here. Adam Thierer and I expressed our concerns about the rush to regulation at the First Roundtable back in December—see my written comments and Adam’s summary of his remarks. David Vladeck, Director of the Bureau of Consumer Protection offered the following summary of the Roundtable process at the kick-off this morning:

  1. Benefits & risks of technology. “March of technology has blurred and threatens to obliterate the distinction between PII [personally identifiable information) and non-PII.... It's getting harder and harder for users to choose anonymity."
  2. Privacy challenges raised by emerging business models. What do consumers know? Consumers are often presented with confusing and unfamiliar situations. Consumers understand little about how their information is handled.
  3. Innovation in disclosure. Industry is testing privacy icons.
  4. Privacy policies are too vague, too long, too complicated and too hard to find. We need effective ways to disclose what information is being collected and to give consumers a meaningful way to control its use. There's no way to put the genie back in the bottle once information has been shared.

On the critical question of next steps, Vladeck claims the agency isn't certain where it will go and plans to "sit back" and think about the detailed record before making public a set of detailed recommendations on which the public will be invited to provide input. I'd like to believe him and I hope the agency really does think long and hard about the evidence provided in this process as to the trade-offs inherent in increased regulation, the complexity of this space, and the need for a cautious approach when it comes to tinkering with the data flows that are the lifeblood, both technological and financial, of the Internet. But based on their recent public statements, I fear that Vladeck and FTC Chairman Jon Liebowitz have already made up their minds about the need for regulation, and that this process is really just paving the way for a report this summer that will call for sweeping new legislation—just as the FTC did back in its 2000 Report to Congress.

The FTC would do well to remember two sage pieces of advice:

  • "First, do no harm." - The Hippocratic Oath
  • “The curious task of economics is to demonstrate to men how little they really know about what they imagine they can design." - F.A. Hayek

I'd particularly like to hear more focus on technological solutions that could do more to empower users to make choices for themselves—which the first panel is currently discussing. In particular, if the central problem lies in the failure of today's privacy policies, why not focus on making privacy disclosures machine readable by browser tools so that users don't actually have to find and read lengthy, legalistic documents? Tools built on P3P could make disclosure actionable. As I've been saying, that kind of innovation offers a much better solution than simply giving up on disclosures and concluding that preemptive, prophylactic regulation is the only option.

The ideal state of affairs would be to create a system of tools and data disclosure practices that would empower each user to implement their personal privacy preferences while also recognizing the freedom of those who rely on advertising revenues to “condition the use of their products and services on disclosure of information”—not to mention the viewing of ads!

Self-regulatory efforts can be refined, especially through technological innovation to better satisfy the concerns of policymakers, privacy advocates, and average consumers. For example, if websites and ad networks participating in a self-regulatory framework supplemented their current “natural language” privacy policies with equivalent “machine-readable” code [e.g., P3p], that data could be “read” by browser tools that would implement pre-specified user preferences by blocking the collection of information depending on whether the privacy policies of certain websites or ad networks met the user’s preferences about data-use. Such robust and granular disclosure, if implemented for behavioral advertising, would exceed the wildest dreams of those who argue that users currently do not read privacy policies—without disrupting the browsing experience or cluttering websites. But this system would only work if users had to make real choices about “paying+ for ‘free’ content and services by disclosing their personal information.”

  • http://www.underpenaltyofcatapult.com/ Skip Oliva

    I'm sure nobody at the FTC roundtable will address one of the biggest anti-privacy firms in the world: the Federal Trade Commission. Ask any business that has ever been the target of an FTC investigation, and you'll hear some real horror stories. FTC investigators demand documents indiscriminately–it's not unusual for a small business to reproduce tens of thousands of pages of confidential documents–and there are no real protections built into the system to prevent abuses.

    Just one story: The FTC dragged out a merger review for almost two years. The companies involved produced hundreds of thousands of pages of documents at a cost of over $10 million. The line was finally drawn when the FTC wanted to see confidential personnel files–which had no relevance to competitive concerns about the merger. That's when the companies basically gave up.

  • http://www.underpenaltyofcatapult.com/ Skip Oliva

    I'm sure nobody at the FTC roundtable will address one of the biggest anti-privacy firms in the world: the Federal Trade Commission. Ask any business that has ever been the target of an FTC investigation, and you'll hear some real horror stories. FTC investigators demand documents indiscriminately–it's not unusual for a small business to reproduce tens of thousands of pages of confidential documents–and there are no real protections built into the system to prevent abuses.

    Just one story: The FTC dragged out a merger review for almost two years. The companies involved produced hundreds of thousands of pages of documents at a cost of over $10 million. The line was finally drawn when the FTC wanted to see confidential personnel files–which had no relevance to competitive concerns about the merger. That's when the companies basically gave up.

Previous post:

Next post: