Tuesday, December 21, 2010

Commerce Department Weighs in On Internet Privacy

I want to stay with the internet privacy issue for a bit more. Let's face it, the internet is where the vast majority of all future communication will take place, and information will be gathered and stored - yet it remains the wild west when it comes to privacy.

And, efforts are finally being made in Congress and in agencies like the FTC, and now the Commerce Department, to tackle this issue, and establish some semblance of privacy rights, and protections, on the net.

The other big story, one I'll get to tomorrow, is the revelations that the FBI is compiling massive databases filled with our personal information, whether you're a suspect or not.

But for today, let's get to the Commerce Department's announcement that they are close to endorsing new federal laws regulating companies' data collection practices and requiring that customers be notified of data breaches.

In an 88-page report (PDF), the department also suggested rewriting a 1986 privacy law to address "privacy protection in cloud computing and location-based services," but didn't offer any details. That broad approach is backed by tech companies including Google, Microsoft, AT&T, and eBay, but is likely to be opposed by the Justice Department.

In all, this a rather ho hum, thanks for finally joining the discussion type of report. Hell, in California, we have had a data breach notification law for seven years (one the Consumer Federation of California was active in supporting), and a pair of House of Representatives committees approved similar legislation back in 2006. No fewer than 46 states, plus the District of Columbia and Puerto Rico, have followed California's lead.

The Federal Trade Commission's 122-page report on these topics served up a generally similar set of recommendations, including that consumers should have "reasonable access to the data that companies maintain about them."

I don't know which agency will be taking the lead on this issue, but it will be important to watch them both being that privacy has become such a hot topic, be it the explosion of social networking sites, the personal data collection industry's rapid growth, and the behavioral advertising boom. In each case, these topics are now being debated in Congress (with industry trying to do everything in their power to ensure we have as little control over our data as possible), and the future of privacy on the internet itself could well be determined in the coming months and years.

While the reports, as I will explain, haven't been widely embraced by privacy advocates, they at least represent a slight break from the "free market fundamentalism" that has infected government for the past decade or more as it pertains to the net. Finally we have some federal agencies actually pushing for, and debating, new regulations targeting private companies and protecting consumer privacy.

With that said, these reports were not greeted with applause by privacy advocates. NetworkWorld reports:

The Commerce Department paper calls for an online privacy bill of rights and codes of conduct for Internet companies, with enforcement by the U.S. Federal Trade Commission. But several privacy groups questioned whether the codes of conduct would be effective because of the paper's suggestion that affected companies help write them.

The policy recommendations in the report are an "early Christmas gift to the data collection industry," said John Simpson, consumer advocate with Consumer Watchdog. Internet-based groups have been creating their own codes of conduct for years, and Web-based tracking and data collection continue to grow, said Susan Grant, director of consumer protection at the Consumer Federation of America. "The solution is not more self-regulation," she said. "That seems to be the main thrust of the Commerce Department report."

The report seems to give more attention to concerns of Web-based companies than to consumers, with little change in online data collection likely, other privacy advocates said. The report is "designed to marginalize consumers," said Jeffrey Chester, executive director of the Center for Digital Democracy.


Some of the privacy advocates suggested the report's recommendation for a privacy bill of rights may be helpful. The report may also help push Congress to act on privacy legislation next year, the Future of Privacy Forum said.

"The report is a sophisticated effort to advance consumer privacy without thwarting innovation," the group said in a statement. "Although it sets a framework that will influence legislation, it creates an alternate path for a mode of government initiated self-regulation, with advocates at the table and the FTC providing enforcement. If businesses respond by seriously engaging in efforts to advance fair information practices, the U.S. has the chance to take back the international privacy leadership role it once had."

In other words, as per usual the case when the issue is regulation of big business practices, the devil will be in the details. Will there be loopholes, and how big will they be? Will the focus be on "self regulation" or mandatory compliance? Will opt-in be the standard modus operandi, or will it be opt-out? These are the questions I'll be asking as I watch this debate unfold. Clearly, the odds are stacked against us...companies like Google, Facebook, and AT&T rank among the most powerful and well financed forces in the country.

No comments: