Upload File

ftc_smiis_04_04_2011

prev
next
out of 4
Download FTC_SMIIS_04_04_2011

Upload: antitrusthall

Post on 08-Apr-2018

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/7/2019 FTC_SMIIS_04_04_2011

    1/4

    BEFORE THE FEDERAL TRADE COMMISSION.

    Petition for Rulemaking on

    Privacy Policies and Safeguards

    For Social Media and Internet Interaction Sites (SMIIS).

    Date: April 5, 2011

    The petitioner, Charles Lee Thomason is an interested person who, pursuant to5 U.S.C. 553(e), petitions the Federal Trade Commission to institute rulemaking, and to

    develop an administrative record supporting issuance of rules respecting the privacy

    policies applicable to operators of social media and internet interaction sites (SMIIS).This petition is made pursuant to 16 C.F.R. 1.9, et seq., and the agency protocols that

    pertain to the rulemaking mandate of the FTC.

    This year, the FTC has issued orders in two matters, imposing comprehensiveprivacy protocols, with audits and extensive monitoring, on SMIIS.

    115 U.S.C.A. 57a.

    2

    In those matters, practically identical measures are mandated in Part II of the Twitter

    order and in Part III of the Google Buzz order (one does use the shorthand term covered

    information while the consonant term nonpublic consumer information is used in the

    latter). The record from those two matters should provide a starting point to develop theadministrative record for the requested rulemaking.

    Petitioner requests that the rulemaking (A) assess the linkage, if any, between the

    privacy policies commonly offered by SMIIS, and (i) the imposition of privacy, audit,

    and related safeguards that were developed for the financial services industry, and/or (ii)the imposition of more and more definite disclosures in privacy policies offered to SMIIS

    users; and, (B) develop an administrative record, after notice and public comment, todetermine what substantial evidence exists to articulate clear and uniform trade regulationstandards for privacy policies and protocols for SMISS users and operators.

    Interest of the Petitioner.

    The petitioner is interested in the promulgation of clear and appropriate trade

    regulation rules, based on a rulemaking record, after notice and comment. Petitioner is a

    practicing, registered patent attorney who deals with technology law and with clientbusiness models that operate in the SMIIS sector of commerce. Also, petitioner is an

    adjunct professor of law, who endeavors to keep apprised of changes in internet privacy

    practices and norms that provoke changes in the application of existing laws. Further, the

    petitioner is a user of Twitter (twitter[dot]com/SPATLAW), as well as a user of theGoogle Gmail service (c.leethomason[at]gmail[dot]com), and was offered the Google

    1 In the Matter of Twitter, FTC File No. 092 3093, 2011 WL 914034, and In the Matter of Google,FTC File No. 102 3136,2 15 U.S.C.A. 57a (b)(3)(A), the agency shall institute a rulemaking regarding unfair or deceptive

    practices that are prevalent, and one measure of that is the agency's issuance of orders regarding such

    practices or acts.

  • 8/7/2019 FTC_SMIIS_04_04_2011

    2/4

    2

    Buzz service when it was launched. Twitter and Google Buzz are the SMIIS servicessubject to the two recent orders, and a substantial cause for this rulemaking petition.

    Development of an Administrative Record, Leading to Issuance of Rules is Proper.

    Rulemaking should be commenced before the FTC continues to mandatestandards, protocols, and audits for SMIIS operators, which are co-extensive with the

    data protection standards that the agency legally may impose on financial institutions and

    those companies handling financial transactions and payment card transactions. Therequested rulemaking would address the appropriateness of the mandates, and do so in

    the broader context of SMIIS privacy concerns, and too, rulemaking would air out the

    doubts as to the agency imposing such stringent mandates on an ad hoc basis.

    The mandates ordered in the Twitter matter, as well as the Google Buzz matter,

    are the same as, or are coequal to those in FTC decrees with companies that plainly are

    subject to the Gramm-Leach-Bliley requirements, e.g., 16 C.F.R. Part 313. FTC clearlyhas authority, for example, over the acts or practices by banks, savings and loan

    institutions, per 15 U.S.C. 57a(f). However, whether the FTC should impose the

    equivalent mandates on SMIIS and non-financial operations is not free from doubts.For FTC to engraft these administrative, technical, and physical safeguard

    requirements, appropriate to highly-regulated financial services companies, onto the

    operators of SMIIS may amount to de facto rulemaking done outside the bounds of the

    APA. An agency cannot create de facto a new regulation. Christensen v. Harris

    County, 529 U.S. 576, 588 (2000). Before the same data protection mandates can be

    imposed on SMIIS and their operators, the FTC should institute rulemaking and give

    interested persons an opportunity to participate in the rule making through submission of

    written data, views, or arguments. 5 U.S.C. 553(c).

    The announcement of the mandates in the Google Buzz order noted that it was thefirst time that the FTC has required a company to implement a comprehensive privacy

    program to protect the privacy of consumers information. That may or may not give

    due regard to the similarities between the Twitter decree and the Google Buzz decrees3

    and too, the Google Buzz order may takes steps beyond what the Twitter order required.4

    Certainly the remarks about both orders underscore the appropriateness of rulemaking to

    establish, on a full administrative record, rules and agency guidances, which may be

    appropriate to published privacy policies and to advertised measures respecting the

    technical safeguards and business practices for privacy in the SMIIS industry sector.

    The FTC Improvements Act authorizes the Commission to issue trade regulationrules which define unfair or deceptive acts or practices in or affecting commerce, but

    within statutory constraints. 15 U.S.C. 57a(1)(B). The statutory mission of the FTC

    and its general jurisdiction has limits, and the agency is constrained by its congressionalmandate. F.C.C. v. Fox Television Stations, Inc. 556 U.S. ___ , 129 S.Ct. 1800, 1826

    (2009) J. Stevens, dissenting.

    3As stated in the FTCs summary, Part II of the proposed order requires Twitter to establish and

    maintain a comprehensive information security program in writing that is reasonably designed to protect

    the security, privacy, confidentiality, and integrity of nonpublic consumer information.4 The agency denominated the Twitter order as a milestone of the FTC, calling it the First data

    security case involving social media.

  • 8/7/2019 FTC_SMIIS_04_04_2011

    3/4

    3

    The FTC orders mandating that Google and Twitter, which are not financialinstitutions, implement the equivalent operational safeguards, audits, and data protection

    requirements appropriate to regulated companies that handle payment card information

    and financial data, hereafter should be based on FTC rulemaking instead of enforcementdiscretion.5 In the normal course, for an agency to impose comprehensive privacy

    requirements, broadly on all sorts ofnon-financial and non-healthcare businesses, wouldrequire a rulemaking process. The results and rules as to SMIIS would be grounded on

    an administrative record, which together would be reviewable as agency action.

    The administrative, technical and physical safeguard requirements that implement

    Gramm-Leach-Bliley requirements in 16 C.F.R. Part 313 were duly promulgated, basedon an administrative record that supports the rationale for imposing those requirements

    on financial institutions. 65 Fed. Reg. 33646 (May 24, 2000. No rulemaking and no

    administrative record support the imposition of coequal privacy requirements on SMIIS.

    Rulemaking provides the platform for an objective, open forum that collects the

    varying viewpoints of stakeholders, the public, and the agency. That method of settingthe standards and the rules for privacy policies and protocols in the SMIIS sector is to be

    preferred over single-case, enforcement and settlement driven, consent orders.

    Utility of a Comprehensive Rule on Privacy Policies and Proctocols.

    Certainty in privacy policies, and clear direction about protection of personally

    identifying data that SMIIS collect and maintain, is highly desirable. Regularly, counsel

    is sought about whether privacy policy language is compliant with law. An informedopinion will take recent FTC orders into account. Also, typical contracts for SMIIS

    marketing include a provision that allocates risk and obligations for compliance with

    privacy laws generally. An established rule, instead of settlement-induced consent

    decrees, would be useful to counsel and those tasked with enterprise risk management.

    An informed reader of past FTC orders pertaining to SMIIS privacy policies and

    procedures, as well as enterprise risk and privacy professionals, would conclude that themandates there define best practices or at least the agencys current viewpoints. Based

    on those orders, wrought from enforcement activity rather than rulemaking, counsels

    advices about privacy policies and security protocols for SMIIS business would be toimplement procedures that practically are as stringent. In the alternative, some may

    counsel that making privacy policies more vague or less binding might limit the sort of

    liability and transactional costs that were faced by Twitter and Google Buzz.6

    The fair and worthwhile approach for establishing trade regulation rules and

    agency guidances is rulemaking. The SMIIS sector is ever-expanding, and the need for

    effective disclosure of appropriate privacy standards is what was a provoking cause of the

    two recent orders, and also, a compelling rationale to institute the process of rulemaking.

    5 In place of applying rules, based on a rulemaking procedure, the FTCs harm-based approach

    ...has limitations ...it focuses on a narrow set of privacy-related harms those that cause physical or

    economic injury or unwarranted intrusion into consumers daily lives. "PROTECTING CONSUMER PRIVACY

    IN AN ERA OF RAPID CHANGE," Preliminary FTC Staff Report, Dec. 2010, pg. 20.6 Ibid. Privacy policies have become longer, more complex, and, in too many instances,

    incomprehensible to consumers. Pg. 19.

  • 8/7/2019 FTC_SMIIS_04_04_2011

    4/4

    4

    In the event that the petition is not deemed by the Commission sufficient towarrant commencement of a rulemaking proceeding, then pursuant to16 C.F.R. 1.9 ,

    the petitioner requests being "given an opportunity to submit additional data.

    This petition to institute rulemaking regarding the privacy policies and safeguards

    that are appropriate to users and operators of SMIIS is respectfully submitted. Theundersigned petitioner is willing to assist with the process, and may be contacted at (502)349-7227, for more information.

    Respectfully submitted,

    ~S ~

    Lee Thomason


Compressing And Decompressing Folders

The Dutch Republic In International Trade

Venture Capital

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Who Killed God

European Colinization of Latin America

Jan Van Eyck and the Man In A Red Turban

Personality Development

Do you admire Leonardo da Vinci?

18 Tricks to Teach Your Body

Simple Functions in Haskell

Fortran

Cakes Recipes

Bhagavad Gita

Aesops Fables

(Tesla) - The Tesla Magnetic Car Engine

Tragic Heroes

Improve the Color Quality Of Your Monitor

The Best American Humorous Short Stories

Daniel Zanella and Alexander Weygers

How Computer Monitors Work

Plato - Symposium

United States Constitution

Oedipus The King: The Ideal Tragic Play

Chapter 24

Effective Parenting: Establishing Boundaries

Chapter-01

Chapter 23

The Last Carnival I Ever Saw

Barclays1

Star Wars Original Trilogy Trivia (Episodes IV-VI)

I Am a Holocaust Denier and I Am Unafraid

Keyboard Shortcuts for the Opera Browser for Mac OS X

Star Wars Trivia!

xCDC14a