For the past month, online companies have considered the privacy legislation discussion draft from Rep. Boucher and Stearns. The legislation is a broad attempt to set privacy defaults for the collection, use and sharing of information on the Internet.
Last Friday, NetChoice submitted comments to Rep. Boucher and Stearns.
While there are some aspects of the bill to like (eg. no private right of action), we’re worried that the bill does too much, too soon, to set opt-in or opt-out defaults. We explored in a previous post why flexibility in setting user defaults is important for continued social network innovation.
Fortunately, open and thoughtful consideration of this matter can continue without undue pressures to find a quick fix for privacy. Because while there have been state legislative proposals on privacy, there is not now a patchwork of state laws creating unworkable compliance challenges for interstate e-commerce. In other words, we can take our time and get this right.
Our comments discuss how the draft bill would interfere with four commonplace scenarios for collecting and using information. Here’s one of ’em:
- The
Operational Purpose exemption in this draft legislation is too narrow, in that it does not permit use of covered information for marketing or advertising to existing customers.
Case 1: A consumer buys a new washer and dryer and writes her email address on a product registration card. That’s an Operational Purpose, so no consent is required to collect the info.
But if the retailer later wants to send an email offering an extended service contract, he has to first obtain consent to send the email, since that’s a use of covered information for marketing purposes.
Continue reading →
Today, the House Committee on Energy and Commerce, Subcommittee on Communications, Technology and the Internet, released its long-awaited online privacy bill discussion draft, requiring that users opt-in to certain types of online data collection. Berin Szoka and I issued the following statement in response:
By mandating a hodge-podge of restrictive regulatory defaults, policymakers could unintentionally devastate the “free” Internet as we know it. Because the Digital Economy is fueled by advertising and data collection, a “privacy industrial policy” for the Internet would diminish consumer choice in ad-supported content and services, raise prices, quash digital innovation, and hurt online speech platforms enjoyed by Internet users worldwide.
Before imposing prophylactic regulation, policymakers should first identify specific consumer harm that requires government intervention. They should next ask whether there are less restrictive alternatives to regulation, such as enhancing enforcement of existing laws, bolstering limitations on government access to online data, education efforts about online privacy, and promoting the development and uptake of technological empowerment solutions that allow users to manage their own privacy preferences.
Continue reading →
By Adam Thierer & Berin Szoka
Opt-in mandates may soon be coming to an Internet near you! Rick Boucher, House Energy & Commerce Committee Chairman, is expected to soon introduce the privacy bill he’s been working on behind closed doors for many months. At the heart of the bill is supposed to be a mandate that websites and services obtain opt-in consent prior to collecting information with users—at least if they plan on sharing that information with any third party or doing with it beyond what a narrow safe harbor would allow.
Boucher is apparently trying to strike the right balance between “protecting privacy” and the benefits to users of advertising and data collection. But there may be significant costs to an opt-in regime that are little appreciated by privacy advocates, who tend to think of opt-out as meaningless and opt-in as the ideal of user empowerment. In their new paper “
Opt-in Dystopias,” Google’s Senior Policy Counsel Nicklas Lundblad and Policy Manager Betsy Masiello provide a sophisticated analysis of the dark side of opt-in. They argue that “mandatory opt-in applied across contexts of information collection is poised to have several unintended consequences on social welfare and individual privacy,” specifically:
• Dual cost structure: Opt-in is necessarily a partially informed decision because users lack experience with the service and value it provides until after optingin. Potential costs of the opt-in decision loom larger than potential benefits,
whereas potential benefits of the opt-out decision loom larger than potential costs.
•
Excessive scope: Under an opt-in regime, the provider has an incentive to exaggerate the scope of what he asks for, while under the opt-out regime the provider has an incentive to allow for feature-by-feature opt-out.
•
Desensitisation: If everyone requires opt-in to use services, users will be desensitised to the choice, resulting in automatic opt-in.
•
Balkanisation: The increase in switching costs presented by opt-in decisions is likely to lead to proliferation of walled gardens.
Lundblad and Masiello discuss each of those concerns in great detail, so read the paper for further elaboration. They do a particularly good good walking the reader through the complexity of even defining what we mean by “opt-in,” which is far trickier than most people imagine.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.