privacy tango presentation
Post on 06-Apr-2018
224 Views
Preview:
TRANSCRIPT
-
8/2/2019 Privacy Tango Presentation
1/23
+
Washington s Privacy TangoSearching For the Elusive Consensus
Bennet Kelley Internet Law Center
-
8/2/2019 Privacy Tango Presentation
2/23
+
Founder of Internet LawCenter in Santa Monica
Former Co-Chair of Cal. Bar
Cyberspace CommitteeHost of Cyber Law & BusinessReport on WebmasterRadio.fm(Weds at 10-11AM PT)
Publisher of Cyber Reportnewsletter which won topprize at 2011 LA Press Club
Awards and named a topsource for internet law
-
8/2/2019 Privacy Tango Presentation
3/23
+This Debate Is Not New
OK, Not Quite That Old
Since Advent of Internet
What Has ChangedReach/Breach
Acceptance of SomeRegulation
Number of Players andTechnologies Involved
-
8/2/2019 Privacy Tango Presentation
4/23
+The Framers and the Myth of Sisyphus
1.2%11.4%
67.6%
Congress 2011
Public LawPassedThe Rest
Futility by Design
-
8/2/2019 Privacy Tango Presentation
5/23
+1999: SPOTLIGHT ON ONLINE
PROFILING1999: FTC Conference
1999: Network AdvertisingInitiative launched to stop
regulation2000: Report to Congress
-
8/2/2019 Privacy Tango Presentation
6/23
Commends NAI but . . .
[Recommends] legislation that would set forth a basic level of privacyprotection for all visitors to consumer-oriented commercial Web sites withrespect to profiling.
Basic standards of practice governing the collection and use ofinformation online for profiling, and provide an implementing agencywith the authority to promulgate more detailed standards
[Including] authority to grant safe harbors to self-regulatory principleswhich effectively implement the standards of fair information practicesarticulated in the legislation and subsequent rulemaking.
-
8/2/2019 Privacy Tango Presentation
7/23
+2001-2006: Other Priorities Spam (2003) Spyware (2004)
-
8/2/2019 Privacy Tango Presentation
8/23
+ 2007-2009 Dancing OverSelf-Regulation 2007: FTC Releases Self-Regulatory
Principles for Behavioral Targeting 2008: Industry Pushes Back 2009: Leibowitz Warns Industry Action is
Coming Industry Responds with IAB, DMA, AAAA
Guidelines
-
8/2/2019 Privacy Tango Presentation
9/23
+2007 Proposed Principles
Every website where data is collected for behavioral advertising should provide aclear, concise, consumer-friendly, and prominent statement that
(1) data about consumers activities online is being collected at the site for use in providingadvertising about products and services tailored to individual consumers interests, and(2) consumers can choose whether or not to have their information collected for suchpurpose
Any company that collects and/or stores consumer data for behavioral advertisingshould provide reasonable security for that data,
Companies should retain data only as long as is necessary to fulfill a legitimatebusiness or law enforcement need.
Before a company can use data in a manner materially different from promises thecompany made when it collected the data, it should obtain affirmative express consentfrom affected consume.
Companies should only collect sensitive data for behavioral advertising if they obtainaffirmative express consent from the consumer to receive such advertising
-
8/2/2019 Privacy Tango Presentation
10/23
+2008 Industry Self-Regulatory
Principles Education Principle calls for organizations toparticipate in efforts to educate individuals andbusinesses about online behavioral advertising.
The Transparency Principle calls for clearer andeasily accessible disclosures to consumers aboutdata collection and use practices associated withonline behavioral advertising.
The Consumer Control Principle providesconsumers with an expanded ability to choose
whether data is collected and used for onlinebehavioral advertising purposes. This choice willbe available through a link from the noticeprovided on the Web page where data iscollected.
The Data Security Principle calls for organizationsto provide reasonable security for, and limitedretention of data, collected and used for onlinebehavioral advertising purposes.
The Material Changes Principle calls onorganizations to obtain consent for any materialchange to their online behavioral advertising datacollection and use policies and practices to datacollected prior to such change.
The Sensitive Data Principle recognizes that datacollected from children and used for onlinebehavioral advertising merits heightenedprotection, and requires parental consent forbehavioral advertising to consumers known to beunder 13 on child-directed Web sites. ThisPrinciple also provides heightened protections tocertain health and financial data when attributableto a specific individual.
The Accountability Principle calls for developmentof programs to further advance these Principles,including programs to monitor and reportinstances of uncorrected non-compliance withthese Principles to appropriate governmentagencies.
-
8/2/2019 Privacy Tango Presentation
11/23
+ Emergence of theCreepiness Factor Is it legal? Probably. Do I think it's a good ideaand it makes sense? No. I don't think it passes the creepy factor, and this market isn't ready
for stuff that doesn't pass the creepy factor,
We are not in a place where we an do dumbthings and stupid things like that, even if they're effective. Dave Morgan - TacodaFounder
-
8/2/2019 Privacy Tango Presentation
12/23
+ 2009-2011: Lawyers of theRoundtable Tenth Anniversary of Online Profiling
Conference Industry Still Fighting Regulation Complexity Increases . . . Oh and there s that Social Networking
thing too.
-
8/2/2019 Privacy Tango Presentation
13/23
+ Personal Data Eco-System Any questions????
-
8/2/2019 Privacy Tango Presentation
14/23
+FTC Privacy Report
Our report and law enforcementaction send a clear message toindustry: despite some good actors,self-regulation of privacy has notworked adequately and is notworking adequately for Americansconsumers . We deserve far betterfrom the companies we entrust ourdata to, and industry, as a whole,must do better.
FTC Chairman Jon Leibowitz
-
8/2/2019 Privacy Tango Presentation
15/23
+DOC Privacy Report
Endorses baseline commercial dataprivacy principles that would fill anygaps in existing U.S. law;
Safe harbors against FTCenforcement for practices definedby baseline data privacy or self-regulatory codes;
Limited rulemaking authority overcertain baseline fair information
privacy practices principles if it isestablished that market failuresrequire prescriptive regulatoryaction; and
National Data Breach Standards
-
8/2/2019 Privacy Tango Presentation
16/23
+Market Reaction
Browser Wars
Privacy Competition
Industry Begins PolicingItself
-
8/2/2019 Privacy Tango Presentation
17/23
-
8/2/2019 Privacy Tango Presentation
18/23
+Meanwhile . . .
No Consensus
Other Internet Battles
Net Neutrality
SOPA
-
8/2/2019 Privacy Tango Presentation
19/23
+Consumer PrivacyBill of Rights
Individual Control:
Transparency
Respect for Context:
Security:
Access and Accuracy:
Focused Collection: and
Accountability
Enforcement by FTC
Safe Harbors for ApprovedCodes of Conduct
Federal Data Breach Law
-
8/2/2019 Privacy Tango Presentation
20/23
+Half Empty Relies on agreed upon self-regulatory
principles and passage of comprehensiveprivacy legislation neither of which is
on the horizon. Little different that where we were in 1999
-
8/2/2019 Privacy Tango Presentation
21/23
+Half Full Jump starts moribund legislative process Got industry backing of do-not track on
browser level Industry is engaging in self-regulation
and enforcement already Substantial movement in industry s
approach since 1999
-
8/2/2019 Privacy Tango Presentation
22/23
+ Internet Law Center100 Wilshire Blvd., Suite 950, Santa Monica, CA 90401(310) 452-0401bkelley@internetlawcenter.net
www.internetlawcenter.net
mailto:bkelley@internetlawcenter.nethttp://www.internetlawcenter.net/http://www.internetlawcenter.net/mailto:bkelley@internetlawcenter.net -
8/2/2019 Privacy Tango Presentation
23/23
+Links
1999 Workshop on OnlineProfiling
2000 Report to Congress on
Online Profiling
2007 Self RegulatoryPrinciples (staff report)
2008 Industry Self Regulatory
Principles
2010 FTC Staff Report
2010 Department of Commerce Green Paper
2011 CyLaw Report Why
Johnny Cant Opt Out
2012 Consumer Privacy Bill of Rights Proposal
2012 White House Summary of
Privacy Proposal
http://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.ftc.gov/os/2010/12/101201privacyreport.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rightshttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.whitehouse.gov/sites/default/files/privacy-final.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ntia.doc.gov/files/ntia/publications/iptf_privacy_greenpaper_12162010.pdfhttp://www.ftc.gov/os/2010/12/101201privacyreport.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://www.iab.net/media/file/ven-principles-07-01-09.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://ftc.gov/os/2007/12/P859900stmt.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ftc.gov/os/2000/06/onlineprofilingreportjune2000.pdfhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htmhttp://www.ntia.doc.gov/legacy/ntiahome/privacy/workshop/frn-workshop.htm
top related