Today I’ll be testifying at a Senate Commerce Committee hearing on online privacy and commercial data collection issues. In my remarks, I make three primary points:
- First, no matter how well-intentioned, restrictions on data collection could negatively impact the competitiveness of America’s digital economy, as well as consumer choice.
- Second, it is unwise to place too much faith in any single, silver-bullet solution to privacy, including “Do Not Track,” because such schemes are easily evaded or defeated and often fail to live up to their billing.
- Finally, with those two points in mind, we should look to alternative and less costly approaches to protecting privacy that rely on education, empowerment, and targeted enforcement of existing laws. Serious and lasting long-term privacy protection requires a layered, multifaceted approach incorporating many solutions.
The testimony also contains 4 appendices elaborating on some of these themes.
Down below, I’ve embedded my testimony, a list of 10 recent essays I’ve penned on these topics, and a video in which I explain “How I Think about Privacy” (which was taped last summer at an event up at the University of Maine’s Center for Law and Innovation). Finally, the best summary of my work on these issues can be found in this recent Harvard Journal of Law & Public Policy article, “The Pursuit of Privacy in a World Where Information Control is Failing.” (This is the first of two complimentary law review articles I will be releasing this year dealing with privacy policy. The second, which will be published early this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.”) Continue reading →
I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)
The new
Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.
If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. Continue reading →
The Federal Trade Commission (FTC) has just released its final privacy framework proposal, “Protecting Consumer Privacy in an Era of Rapid Change.” The agency released a draft report with the same title back in late 2010 and then asked for comments. [Here were my comments to the agency.] The FTC’s final report comes just a month after the Obama Administration released its 50-page privacy framework, Consumer Data Privacy in a Networked World, which included a privacy “bill of rights.” That report was primarily driven by the Department of Commerce. [I penned a Forbes column about that report the day it was released.] The new FTC report is fairly consistent with the earlier Commerce Department report. Here are some of the key themes or recommendations from the final FTC report:
- rooted in a set of baseline privacy principles with a strong push for “privacy by design,” more consumer choice, and better transparency.
- along with Dept of Commerce, the agency will work with industry to develop privacy codes of conduct and then give them teeth with possibility of FTC enforcement.
- pushes for industry to pursue voluntary “Do Not Track” mechanism, which to the agency apparently means “do not collect” any info.
- calls on Congress to pass data security legislation and legislation “to provide greater transparency for, and control over, the practices of information brokers.” Also, “to further increase transparency, the Commission calls on data brokers that compile data for marketing purposes to explore creating a centralized website where data brokers could (1) identify themselves to consumers and describe how they collect and use consumer data and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain.”
- the agency will host a workshop later this year to discuss privacy withing “large platform providers.” The report notes: “To the extent that large platforms, such as Internet Service Providers, operating systems, browsers, and social media, seek to comprehensively track consumers’ online activities, it raises heightened privacy concerns.”
- the agency is also stepping up oversight on mobile privacy issues.
- the agency says it “generally supports the exploration of efforts to develop additional mechanisms, such as the ‘eraser button’ for social media,” but stops short of saying it should be mandated at this time.
Some of my initial random thoughts about the FTC report: Continue reading →
Yet another hearing on privacy issues has been slated for this coming Wednesday, March 16th. This latest one is in the Senate Commerce Committee and it is entitled “The State of Online Consumer Privacy.” As I’m often asked by various House and Senate committee staffers to help think of good questions for witnesses, I’m listing a few here that I would love to hear answered by any Federal Trade Commission (FTC) or Dept. of Commerce (DoC) officials testifying. You will recall that both agencies released new privacy “frameworks” late last year and seem determined to move America toward a more “European-ized” conception of privacy regulation. [See our recent posts critiquing the reports here.] Here are a few questions that should be put to the FTC and DoC officials, or those who support the direction they are taking us. Please feel free to suggest others:
- Before implying that we are experiencing market failure, why hasn’t either the FTC or DoC conducted a thorough review of online privacy policies to evaluate how well organizational actions match up with promises made in those policies?
- To the extent any sort of internal cost-benefit analysis was done internally before the release of these reports, has an effort been made to quantify the potential size of the hidden “privacy tax” that new regulations like “Do Not Track” could impose on the market?
- Has the impact of new regulations on small competitors or new entrants in the field been considered? Has any attempt been made to quantify how much less entry / innovation would occur as a result of such regulation?
- Were any economists from the FTC’s Economics Bureau consulted before the new framework was released? Did the DoC consult any economists?
- Why do FTC and DoC officials believe that citing unscientific public opinions polls from regulatory advocacy organizations serves as a surrogate for serious cost-benefit analysis or an investigation into how well privacy policies actual work in the marketplace?
- If they refuse to conduct more comprehensive internal research, have the agencies considered contracting with external economists to build a body of research looking into these issues (as the Federal Communications Commission did in a decade ago in its media ownership proceeding)?
- Has either agency attempted to determine consumer’s “willingness to pay” for increased privacy regulation?
- More generally, where is the “harm” and aren’t there plenty of voluntary privacy-enhancing tools out there that privacy-sensitive users can tap to shield their digital footsteps, if they feel so inclined?
Now is a critical time for online commerce as policymakers assess their approaches to privacy. And as NetChoice says in our comments filed today, now is the perfect time for the Department of Commerce to be more involved in privacy issues.
What? We’re calling for more government involvement in a politically charged issue? Yes, and here’s why it’s an appropriate response to the Commerce Dept’s Notice of Inquiry.
Data flows today are much more complex than they were even a decade ago. Simple one-way transfers between one country and another have been replaced by multinational corporations that transfer data across multiple jurisdictions on a daily basis.
Because of this, privacy-related laws and regulation can have a broad impact on the growth of online commerce, not just here in the U.S. but across the globe. And as a voice for commerce, the Department of Commerce should promote pro-commerce policies over there (EU, Asia, elsewhere) and over here (in the U.S.).
Here’s what we say in our comments:
- The Commerce Department should act as an international ambassador for innovative American online companies. The Department can play an important role as a government-to-government advocate for flexible international rules to promote continued innovation and economic growth. And as a government agency speaking to other government agencies, the Commerce Department can bring credibility and leverage that cannot be matched by corporate interests alone.
- Domestically, the Commerce Department should work with the FTC to step-up state and federal enforcement against unfair or deceptive information practices. Aggressive enforcement will help foster a better climate for innovation than would expanded regulation. Continue reading →
Louis XVI
Americans often quote, or allude to, the French expression ”
Le Roi est mort, vive le Roi!” But few realize that this apparent paradox was meant quite literally by the French:From its first official proclamation in 1422 upon the coronation of Charles VII to 1774, when Louis XV finally died, the term expressed the abstract constitutional concept that sovereignty transfered from the old king (the first “Le Roi“) to the new king (the second “Le Roi“) the very instant the old king died. Thus, France was literally never without a king until until the monarchy was finally dis-established in early 1793. When Louis XVI was guillotined later that year, his death was acclaimed simply with “Le Roi est mort!“
Tomorrow, September 30, ICANN’s Joint Project Agreement with the Department of Commerce finally terminates. “
Le JPA est mort!” But a new agreement (the “Affirmation”) will take its place, apparently providing more accountability than the JPA ever did. Vive l’Affirmation! There may come a day when, like Louis XVI, ICANN’s JPA-like agreement with Commerce terminates and nothing is there to replace it, but that day has not yet come.
Grant Gross has a great piece on this new agreement. Grant extensively quotes my PFF Adjunct Fellow (my ICANN mentor and former ICANN board member) Mike Palage, who explained that the JPA’s successor (JPA II?):
will tell [ICANN] what it should do, but it can’t legally bind them [much like past agreements]… It gives the appearance in the global community that the U.S. government has recognized that ICANN has done what is was supposed to do. What it’s also doing is … it’s putting in some accountability mechanisms.”
Continue reading →
The Senate Commerce Committee held a hearing yesterday where a number of Senators as well as Julius Genachowski, the new Chairman of the Federal Communications Commission, did a lot of fretting about the state of the modern children’s television programming marketplace. According to the Wall Street Journal, Senate Commerce Committee Chairman Jay Rockefeller (D-WV):
suggested that a “little red button” be required on TVs so that a child could push the button to find out how a show is rated. Democratic Sen. Mark Pryor of Arkansas agreed that a red button might help since parents often have difficulties figuring out which shows are appropriate for their children to watch.
Well, I have some good news for the Senators: There are already quite a few little buttons on every remote control made today, and at least one of those buttons can pull up an on-screen guide to get more program info! (Another of them can turn the TV off!) Moreover, the ratings for just about every program already appear at the beginning of each show, and sometimes in between. And you can find out plenty more online about every TV show under the sun if you care to look. So, I’m not sure what that fuss is all about, and we certainly don’t need to mandate “little red buttons” on every TV set when program information can be found in so many other ways.
What is more troubling about all the hand-wringing taking place at the hearing, as well as the talk of reopening the Children’s Television Act of 1990 to potentially impose more content mandates on video programmers and distributors, is that: (1) there doesn’t seem to be much appreciation for just how much wonderful children’s programming is out there today compared to the past, and (2) there doesn’t seem to be much recognition of the serious First Amendment issues at stake when government gets involved in the messy business of regulating video programming.
Continue reading →
by Berin Szoka & Adam Thierer
This morning, the House Energy & Commerce Committee will hold a hearing on “Behavioral Advertising: Industry Practices And Consumers’ Expectations.” If nothing else, it promises to be quite entertaining: With full-time Google bashers Jeff Chester and Scott Cleland on the agenda, the likelihood that top Google officials will be burned in effigy appears high!
Chester, self-appointed spokesman for what one might call the People for the Ethical Treatment of Data (PETD) movement, is sure to rant and rave about the impending techno-apocalypse that will, like all his other Chicken-Little scenarios, befall us all if online advertisers were permitted to better tailor ads to consumers’ liking. After all, can you imagine the nightmare of less annoying ads that might actually convey more useful information to consumers? Isn’t serving up “untargeted” dumb banner ads for Viagra to young women and Victoria’s Secret ads to Catholic school kids the pinnacle of modern online advertising? Gods forbid we actually make advertising more relevant and interest-based! (Those Catholic school boys may appreciate the lingerie ads, but few will likely buy bras.)
Anyway, according to National Journal’s Tech Daily Dose, the hearing lineup also includes:
- Charles Curran, Executive Director, Network Advertising Initiative
- Christopher Kelly, Chief Privacy Officer, Facebook
- Edward Felten, Director, Center for IT Policy, Princeton University
- Anne Toth, Chief Privacy Officer & Vice President, Policy, Yahoo!
- Nicole Wong, Deputy General Counsel, Google
That’s an interesting group and we’re sure that they will say interesting things about the issue. Nonetheless, because four of them have a corporate affiliation that fact will inevitably be used by some critics to dismiss what they have to say about the sensibility of more targeted or interest-based forms of online advertising. So, we’d like to offer a few thoughts and pose a few questions to make sure that Committee members understand why, regardless of what it means for any particular online operator,
targeting online advertising is very pro-consumer and essential to the future of online content, culture, and competition. As Wall Street Journal technology columnist Walt Mossberg has noted, “Advertising is the mother’s milk of all the mass media.” Much of the “free speech” we all cherish isn’t really free, but ad-supported!
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.