Today I filed roughly 30 pages worth of comments with the Federal Trade Commission (FTC) in its proceeding on “Protecting Consumer Privacy in an Era of Rapid Change: a Proposed Framework for Businesses and Policy Makers.” [Other comments filed in the proceeding can be found here.] Down below, I’ve attached the Table of Contents from my filing so you can see the major themes I’ve addressed, and I’ve also attached the entire document in a Scribd reader. In coming days and weeks, I’ll be expanding upon some of these themes in follow-up essays.
In my filing, I argue that while it remains impossible to predict with precision the impact a new privacy regulatory regime will have the Internet economy and digital consumers, regulation
will have consequences; of that much we can be certain. As the FTC and other policy makers move forward with proposals to expand regulation in this regard, it is vital that the surreal “something-for-nothing” quality of current privacy debate cease. Those who criticize data collection or online advertising and call for expanded regulation should be required to provide a strict cost-benefit analysis of the restrictions they would impose upon America’s vibrant digital marketplace.
In particular, it should be clear that the debate over Do Not Track and online advertising regulation is fundamentally tied up with the future of online content, culture, and services. Thus, regulatory advocates must explain how the content and services supported currently by advertising and marketing will be sustained if current online data collection and ad targeting techniques are restricted. Continue reading →
This is a response to Nick Carr’s recent piece, “The Attack on Do Not Track,” in which he goes after me for some comments I made in this essay about the trade-offs at work in the privacy and online advertising debates. In his critique of my essay, he argues:
What the FTC is suggesting is that the unwritten quid pro quo be written, and that the general agreement be made specific. Does Thierer really believe that invisible tradeoffs are somehow better than visible ones? Shouldn’t people know the cost of “free” services, and then be allowed to make decisions based on their own cost-benefit analysis? Isn’t that the essence of the free market that Thierer so eloquently celebrates?
My response to Nick follows. Continue reading →
In his essay today, “Go On, Opt Out. Just Don’t Come Cryin’ To Me …,” John Battelle has some very sensible thinking on the “Do Not Track” idea and privacy regulation more generally:
Look, if you want to, you can put yourself on a “do not track” list in the Real World. As you walk around in our Real World, where small shopkeepers and Starbucks alike attempt to lure you into their stores, you can simply decide to ignore their come ons. You can refuse to get a grocery card, and forego the discounts they offer. You can forego the countless coupons, come ons, and catalogs that come through your newspaper, browser, or your community mailer, and if you work at it, you can even opt out through some specialized services (with more coming soon, if the FTC gets its way). And you can turn off your television (cause lord knows even the shows are trying to influence you now), and you can ignore your friends when they talk about the latest, coolest promotion that Verizon or ATT has pushed them through their cell phones. If folks insist on talking about stuff that might smack of someone selling you something, heck, you can start to dress like the Unabomber and withdraw entirely from our obviously commercial culture. You might look weird, but at least folks will leave you alone. And if you do, your world will either be better, or it will suck more. Your call.
But don’t come crying to me when you realize that in opting out of our marketing-driven world, you’ve also opted out of, well, a pretty important part of our ongoing cultural conversation, one that, to my mind, is getting more authentic and transparent thanks to digital platforms. And, to my mind, you’ve also opted out of being a thinking person capable of filtering this stuff on your own, using that big ol’ bean which God, or whoever you believe in, gave you in the first place. Life is a conversation, and part of it is commercial. We need to buy stuff, folks. And we need to sell stuff too.
Amen, brother. This is a point Berin Szoka and I have made repeatedly here in the past:
The debate over privacy regulation is fundamentally tied up with the future of online content and culture. The idea of a cost-free opt-out model for the all online data collection / advertising may sound seductive to some, but we must take into account the opportunity costs of regulation. The real world is full of trade-offs and, despite what the Federal Trade Commission seems to think, there is no such thing as a free lunch.
A report in the U.K. Telegraph notes that the European Union is seeking to create a so-called “right to be forgotten” online, and has “drafted potential legislation that would include new, unprecedented privacy rights for citizens sharing personal data.” Details are sparse at this point, but according to this new 20-page European Commission document, “A Comprehensive Approach on Personal Data Protection in the European Union,” the EU will be:
clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired. (p.8)
Two brief comments on this. First, it should be apparent that any “right to be forgotten” conflicts mightily with free speech rights and press freedom. As I discussed at greater length in this review of Solove’s Understanding Privacy as well as my essay on “Two Paradoxes of Privacy Regulation,” the problem with enshrining expansive privacy “rights” into law is that it means there will need to be stricter limits placed on speech and press freedoms. As Eugene Volokh noted in his 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“: Continue reading →
By Adam Thierer & Berin Szoka
Last Friday, Common Sense Media (CSM) held an event (video) at the National Press Club featuring the chairmen of the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). The regulatory activist group released a new poll on children and privacy (Exec Summary & Full Survey). Unfortunately, like almost every other privacy-related poll, theirs is more geared towards fueling a privacy panic than on exploring the real-world trade-offs between legislating “greater privacy” (a hopelessly abstract concept in most conversations) and losing the consumer benefits of data sharing: innovation in online services and the quality and quantity of services and content supported by data-driven advertising.
What better way to drum up Congressional support for paternalistic privacy legislation (restrictions on online data use) than by asserting that this is what the electorate already wants? The poll asks whether “Congress should update laws that relate to online privacy and security for children and teens.” Three-fifths (61% of parents, 62% of adults) said yes. But earlier in the survey, only 16% knew that the Children Online Privacy Protection Act of 1998
already prohibits “online companies… from collecting or using personal information from children under the age of thirteen without a parent’s permission.” (53% weren’t sure.) If parents don’t know what Congress has already done, how meaningful is it for them to say they think Congress needs to do more? (There’s a reason we don’t have direct democracy.)
Indeed, how useful are such polls, anyway? Ultimately, what such polls really tell us is that, if you ask parents—or adults in general—whether they’re concerned about protecting kids,
of course most will say yes, because nobody wants to think of themselves as the kind of person who doesn’t care about kids.
This bias becomes even more problematic when the choice at issue involves such stark trade-offs—especially when we’re talking about throwing a wrench (restrictions on data use and collection) in the economic engine that has again and again provided funding for media and services that users just won’t pay for. As we’ve noted here before, privacy polls and surveys reveal only what the public will tell pollsters in response to the particular questions asked. On privacy, those questions are almost invariably designed to solicit responses suggesting an urgent need for more laws and government action. Even the fairest of these surveys is no substitute for real-world experiments in which people make real choices, in real time, often with real money, and face many real trade-offs. Continue reading →
I was reading this Sun Magazine interview with the always-interesting Nick Carr and I liked what he had to say here about the public’s inconsistent views on privacy:
If you ask people whether they’re concerned about the ability of the government or corporations to gather information about them online, they’ll say yes. But if you look at how they behave online, they don’t display much fear of exposing themselves. What that says about people — and it’s true for most of us — is that we will readily forgo our privacy in exchange for convenient and useful services, particularly if they’re free. That’s a trade-off you make all the time on the Internet. Even if people were more conscious of how this information might be exploited, I doubt most would change their behavior.
This reminds me of the classic “hamburgers for DNA” quip from security expert Bruce Schneier who once famously noted that:
If McDonalds in the United States would give away a free hamburger for an DNA sample they would be handing out free lunches around the clock. So people care about their privacy, but they don’t care to pay for it. In the United States we have frequent shopper cards, which will track down people’s purchases for a 5 cents discount on a can of tuna fish. I don’t think you can convince the public to care about it.
Continue reading →
With the publication of Understanding Privacy (Harvard University Press 2008), George Washington University Law School professor Daniel J. Solove has firmly established himself as one of America’s leading intellectuals in the field of information policy and cyberlaw. Solove had already made himself a force to be reckoned with in this field with the publication of important books like The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004) and his treatise on Information Privacy Law with Paul M. Schwartz of the Berkeley School of Law (Aspen Publishing, 2d ed. 2006). But with Understanding Privacy, Solove has now elevated himself to that rarefied air of “people worth watching” in the cyberlaw field; an intellectual — like Lawrence Lessig or Jonathan Zittrain — whose every publication becomes something of an event in the field to which all eyes turn upon release.
Like those other intellectuals, however, my respect for their stature should not be confused with agreement with their positions. In fact, my disagreements with Lessig and Zittrain are frequently on display here and, we have been critical of Solove here in the past as well. [Here’s Jim Harper’s review of Solove’s last book, with which I am in wholehearted agreement.] In a similar vein, although I greatly appreciate what Prof. Solove attempts to accomplish in Understanding Privacy — and I am sure it will change the way we conceptualize and debate privacy policy in the future — I found his approach and conclusions highly problematic.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.