Stakeholder Privacy Processes Will Be Affected by NSA Revelations, Former FTC Chairman Says
Privacy legislation is a possibility if stakeholder efforts falter in the development of online data collection and use standards, said Rep. Marsha Blackburn, R-Tenn., and former FTC Chairman Jon Leibowitz during a Thursday event hosted by National Journal and Allstate to announce results of a survey to gauge American perspectives on online privacy. The survey (http://bit.ly/196eD8H) -- which was conducted before recent reports about government surveillance programs -- said “a solid majority of Americans” think their data are being collected and used without their knowledge, and 88 percent support “a federal law that would require companies that operate online to permanently delete any personal information or activity if requested by an individual.”
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
There will likely be congressional hearings and classified briefings “to go in and look at the retention of the data and how you move forward to scrutinize that data” in the wake of news reports about National Security Agency surveillance programs that collect phone and online data, Blackburn said. It’s important to not have a “knee-jerk reaction” to the reports, but “there should be oversight on this,” she continued.
Consumers are right to be concerned about their online privacy, Blackburn said. Consumers “enjoy the convenience of the Internet,” but “don’t want someone who is that peeping Tom on their Internet system,” she said. Consumers need to have the tools to protect their online privacy, meaning “they need to read the privacy agreements when they come up on their screen” and have privacy protections offered by online companies, she said. “We need to have a marketplace where the industry itself comes forward with best practices.”
If industry can’t come forward with self-regulation on a Do Not Track mechanism, “I do think that you'll see Congress move forward” on the issue, Blackburn said. “Doing a privacy bill is something that is definitely on our plate.” Blackburn said she would prefer that Congress take the lead on baseline privacy legislation, rather than the White House, which said it would work with Congress to introduce legislation when it announced its Privacy Bill of Rights last year. “The administration will probably put something out as a discussion point,” but “the heavy lift will be done in Congress,” Blackburn said.
The recent reports about NSA surveillance programs “may add some complications to the debate,” Leibowitz said. The revelations “are going to be greater in the context in protecting consumers’ commercial privacy than in the government space” because “people get the balance that needs to be struck between protecting safety, national security on the one hand and privacy on the other.” Although concerns about commercial and government collection “are very palpable,” many are concerned with “the collection of data that may have inadequate security or by companies that will monetize, sell, pair some data that they get online with offline data,” he said.
The FTC wants consumers to have a way to limit the placement of third-party cookies on their computer, a proposal that “is very modest compared to what we're seeing” in Europe, Leibowitz said. The EU data security and privacy regulation “has some very good things in it, but it is probably more proscriptive” than any potential regulation in the U.S., he continued. Leibowitz said the FTC will be releasing a report “later this year or early next year” based on investigations into data brokers, which he defined as “companies that have a business model of collecting” information about consumers. The commission sent out investigative letters during Leibowitz’s term as chairman. There are benefits to the collection of this kind of data, “but there are also a lot of concerns” about these “invisible data collectors,” he said.
Members of the online advertising industry need to work with advocates and others in the stakeholder processes being convened to establish privacy standards, Leibowitz said, referring to the mobile privacy discussions being facilitated by the NTIA and the DNT process happening through the World Wide Web Consortium (W3C). Whether the W3C group can reach consensus on a DNT document by its July deadline will be a good indication of how these multistakeholder processes are likely to work, he said: “I think, theoretically, it could be successful.” As both processes come to their ends, this could be “the last clear chance for Internet advertisers to do something proactively” to protect consumer privacy, he said. “I also hope that industry, and particularly Internet advertisers ... get it. Otherwise, I suspect, they really will kill the goose that laid the golden egg.”
If attempts at self-regulation fail to produce meaningful control, consumer-facing technology companies will find ways to provide that control, Leibowitz said, citing recent moves by Firefox and Microsoft to block third-party tracking through their Mozilla and Internet Explorer browsers. “Technology is very much poised to be able to give consumers blocking technology, and it will be in many ways much more robust than what the Internet advertisers want,” he said. Companies may even begin competing with one another over which can provide the best tools to users who seek to control the way their data are collected and used, which would be a good thing, he continued.
"Legislation is a possibility” if the stakeholder efforts fail, considering the bipartisan support in Congress for privacy legislation, Leibowitz said. He called the White House’s Privacy Bill of Rights “a really well-intentioned proposal” and said “there would be enormous value” in the White House releasing draft language of such a baseline privacy bill.