Ohlhausen Addresses IoT, Recent Data Breaches in Twitter Chat Participants Call Guarded
FTC Commissioner Maureen Ohlhausen addressed a number of Internet privacy topics -- the Internet of Things (IoT), the agency’s patent troll study that she described as “ongoing,” data security and safe harbor -- during a Monday chat on Twitter. While stakeholders appreciated Ohlhausen’s outreach efforts, they said her responses seemed to betray little about the commission’s decisionmaking in pending proceedings. Her responses were “cautious and guarded,” said Ifrah Law Internet privacy lawyer Michelle Cohen. Ohlhausen seemed “to be playing her cards close,” agreed Steve Wilson, analyst for business research firm Constellation Research. Chief Technology Officer Mike O'Neill of Baycloud Systems, which develops cloud-based systems, did “not really expect an answer, I just wanted people to think about” his Do-Not-Track (DNT) question, he said. But hedging and brief answers were to be expected, given Twitter’s 140-character limitations, Cohen said. “It’s a little tricky to go in detail."
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
It was Ohlhausen’s second live Internet chat in just over two months; she took to Reddit for a chat session in November (CD Nov 4 p12). Both are welcome examples of the commission reaching out to stakeholders and a broader audience, Cohen said. “There has been lots of criticism lately about the FTC ... not giving enough guidance to industry.” Cohen’s law firm asked Ohlhausen her opinions on how IoT will develop in 2014. “Big focus on wearable devices and potential for healthcare, also growing pains,” Ohlhausen tweeted. That’s “somewhat useful guidance,” Cohen told us, “in the sense that the commissioner recognized the Internet of Things is going to be a work in process.” But Cohen would have liked “some inkling of some of the issues that the commission might be particularly interested in” as it puts together a staff report it disclosed plans for at the end of a November workshop on IoT (CD Nov 21 p19). The public comment period for the report closes Friday. Ohlhausen will introduce a panel on IoT Wednesday as part of CES (http://bit.ly/Jyvj0F) and has made IoT a focus in several recent speeches (CD Oct 21 p11).
Several questions addressed recent high-profile data breaches and whether they would increase the push for data security laws or regulation. “Do you sense shift in appetite amongst public, govt or business for US #privacy or data protection law?” Constellation’s Wilson asked. “Recent revelations and data breaches will continue to feed intense interest,” Ohlhausen tweeted. “She did not concede any change in appetite for regulation,” Wilson told us afterwards. “The FTC is still in fact-finding mode.” Wilson was hoping Ohlhausen would have been more proactive with the development of the IoT, he said. “I have certainly detected signs of a shift,” he said. “The time has come for a new compact between businesses and users, in which people are told more about what is done with all the data that’s being generated about them.” The FTC could play a role in facilitating that compact, he said.
The European Union has been more proactive with data security legislation (CD Oct 7 p7), and several questions addressed how the FTC will engage European authorities on these issues. Ohlhausen said that the U.S.-EU safe harbor program “will continue and FTC will continue to engage towards improvements.” She also defended the U.S. approach to privacy relative to the EU approach: “In the US we have a robust enforcement record focused on harms,” she tweeted. Baycloud’s O'Neill didn’t get an answer to his question on whether the FTC will produce a joint statement with the EU on DNT compliance. But he was still happy he got to bring the issue up in the broad public forum, he told us afterwards. A joint statement would facilitate the ongoing Transatlantic Trade and Investment Partnership (TTIP) negotiations, he said. “Given that the TTIP is currently being negotiated, and that investor protection clauses might restrict future regulatory action, ideally they should agree a joint position now."
The FTC should address these data security questions in a workshop, TechFreedom President Berin Szoka told us. He asked Ohlhausen, “What is the purpose of #FTC workshops? They're highly normative but avoid hard legal questions re #FTC authority.” Ohlhausen’s answer -- “Workshops educate the FTC and others about emerging tech and legal issues” -- highlighted one important function of workshops, but didn’t address why the FTC won’t discuss its legal authority, he said. “The commission avoids that question all the time because they don’t want anyone looking too closely into how the sausage is made.” Szoka would like one of the commissioners “simply to say the commission should be spending more time at these workshops on exploring our legal authority and how to use it,” he said. And a data security workshop would be an ideal place to start that discussion, he said.