Consumer Privacy Advocates not Impressed by Obama’s Efforts

Monday, February 29, 2016
(graphic: InfoAdvocate)

By Natasha Singer, New York Times

 

In February 2012, the White House introduced a blueprint for the Consumer Privacy Bill of Rights (pdf), intended to give Americans the ability to exercise control over what personal details companies collected from them and how the data was used.

 

In his introduction to the report, President Barack Obama went further, writing that his “administration will work to advance these principles and work with Congress to put them into law.”

 

Four years later, however, the effort has produced few new data controls for consumers, even as advocates say the need is greater than ever because of the advent of Internet-connected technologies that collect data on people’s sleep habits, the temperature in their houses, and the like.

 

“Why has President Obama’s proposal to establish a consumer privacy framework not moved forward?” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a research center in Washington that initially supported the administration’s effort. “It’s an important question.”

 

The story of how some of the country’s leading civil society advocates came to lose faith in the White House’s privacy initiative does not follow the typical plot of Washington gridlock. It is a tale of clashing visions for U.S. society and commerce. And it provides an instructive preview of looming battles among government agencies for control over industries like drones, smartphones and gadgets yet to come.

 

The ability of companies to freely amass and analyze the personal details of consumers also provides a counterpoint to the current fight between Apple and the FBI, in which Apple says it wants to protect consumer information from government snoops.

 

In 2009, the Federal Trade Commission began looking more deeply at online services, advertising networks and data brokers that harvest consumers’ information in order to tailor services and market to them. Federal regulators said they were concerned that certain data-driven technologies were outstripping the ability of consumers to manage how companies were using their personal details.

 

At issue was not the classical notion of “privacy” as the right to keep out prying eyes.

 

When people freely search and share their personal concerns online, their data footprints can leave clues about their most intimate health worries, family matters and financial difficulties. Regulators warned that companies could use those details to narrowly categorize consumers, potentially leading to inferior or unfair treatment.

 

“The free availability of this information can cause harm in a variety of ways,” said Jessica L. Rich, director of the Federal Trade Commission’s Bureau of Consumer Protection.

 

Separately, officials at the Commerce Department were focusing on privacy as an economic issue. They did not want consumers to lose trust in digital services and stop patronizing them, said Cameron F. Kerry, the department’s general counsel at the time. Commerce officials also wanted to ensure that U.S. technology companies could continue to innovate with data.

 

“Both privacy and security are critical issues for e-commerce and the growth of the digital economy,” Kerry, now a lawyer at the firm Sidley Austin, said in a recent phone interview. “I felt it was important that Commerce should retake that leadership.”

 

Over the next three years, administration officials developed the privacy initiative. They titled the effort the Consumer Privacy Bill of Rights to underscore the idea that, among other things, Americans had the right to expect that companies would not use their personal details for unexpected purposes.

 

The document posited consumer privacy as a basic American right, and not merely a perk dependent on the kindness of app makers.

 

“The critical transition that we made was this focus on individual rights,” said Daniel J. Weitzner, the former United States deputy chief technology officer for Internet policy in the White House, who shepherded the consumer privacy initiative. Now a principal research scientist at the Massachusetts Institute of Technology, he added, “That was a significant shift that we made very intentionally.”

 

In addition to calling for consumer privacy legislation, the 2012 report proposed a parallel self-regulatory process: Under the auspices of the Commerce Department, industry and consumer groups were to work together to devise voluntary privacy practices for mobile apps, drones and other technologies.

 

“The Obama administration released the first-ever comprehensive consumer privacy blueprint to provide a template for stakeholders from across the public and private sectors to implement policies that safeguard American consumers and innovation,” Jennifer Friedman, deputy White House press secretary, said in an email.

 

The lofty aims ran into challenges.

 

The National Telecommunications and Information Administration, a division of the Commerce Department, began to convene meetings to encourage technology companies, trade groups and consumer advocates to reach consensuses on privacy practices in various industries; the biometric industry would weigh in on facial recognition, for example.

 

The yearlong discussions on mobile app transparency ultimately resulted in a subset of the participants getting together on their own time to devise data disclosure charts — akin to nutrition labels on food packages — that apps could display for consumers.

 

“That is a major success,” said John Verdi, director of privacy initiatives at the National Telecommunications and Information Administration. The app notices, he said, were intended to make “more transparent to consumers what their privacy policies are, what data they collect, what data they share.”

 

Intuit subsequently introduced the notices in its QuickBooks Online mobile apps and made them freely available to app developers.

 

But many other companies have not signed on. ACT: The App Association cautioned its member app makers that the app code of conduct could open them to liability. The group subsequently developed its own disclosure notices for children’s apps.

 

The multistakeholder talks on facial recognition technology were more contentious. Facial recognition can be used to identify unknown people by taking scans of their faces and comparing them with facial scans from a photo database of named people.

 

Civil society groups warned that companies could use the scans to identify consumers by name as they shopped or traveled, potentially diminishing the ability of ordinary people to anonymously go about their business in public. The consumer advocates walked out of the talks last summer after industry groups would not commit to obtaining consumers’ permission before scanning their faces in public places.

 

Lawrence E. Strickling, assistant secretary for communications and information at the Commerce Department, said he hoped the civil society groups would ultimately re-engage in the facial recognition talks.

 

“This is the single best process for moving this forward,” he said.

 

But David Vladeck, a professor at Georgetown University Law Center, said the consensus process had proved to be of little benefit to consumers.

 

“If you want to protect consumers,” Vladeck said, “you don’t simply allow industry to decide what to do in a way in which they don’t have any incentive to compromise.”

 

The clash continues between consumer advocates who warn that unfettered commercial data collection could chill the daily routines of Americans — where they go, what they say, how they shop — and industry advocates who warn that any restrictions on data collection could chill industry innovation.

 

After Congress failed to take up baseline consumer privacy legislation, the administration issued its own discussion draft of a bill last year. A number of civil society advocates immediately criticized it, contending that it nodded superficially to the idea of privacy rights, but ultimately ceded control over consumers’ data to companies.

 

Administration officials say legislation is still needed.

 

“We continue to call on Congress to advance legislation in line with the common-sense protections outlined in the Consumer Privacy Bill of Rights,” said Friedman, the White House spokeswoman.

 

Consumer advocates are not holding their breath, although some are turning to the states to enact consumer privacy protections for technologies like facial recognition, voice-controlled smart TVs and social media services.

 

“An individual should have control over their information,” said Jeffrey Chester, the executive director of the Center for Digital Democracy, a nonprofit group in Washington, “not a Facebook, Google or Internet service provider.”

 

To Learn More:

Privacy Groups Withdraw from Commerce Dept. Facial Recognition Meetings (by Noel Brinkerhoff, AllGov)

Comments

Leave a comment

captcha