Privacy On Track (Revised 1.27.11) Saira Nayak Aba Consumer Meeting
Reading the Tea Leaves: Is Privacy Regulation on Track for Web 3.0?ABA 2011 Consumer Protection Conference Saira Nayak Nayak Strategies
The US Data Protection Framework1. Federal Laws & Regs – COPPA, HIPAA, etc.2. Federal Guidance – FTC, Commerce Reports3. State analogues to federal laws - e.g. CA’s SB14. State Data Breach & Security laws5. Marketing Communications laws – TCPA, CAN-SPAM, Junk Fax Protection Act etc.6. Laws Compelling Disclosure – ECPA, FOIA7. Self-Regulatory frameworks - Digital AdvertisingAlliance (www.aboutads.com), BBB Interest BasedAdvertising Project, NAI
Criticisms of a Sectoral System• Technological Relevancy• Inefficient oversight by regulators and overlapping regulatory obligations• Inadequate or insufficient enforcement mechanismsWill the proposed frameworks identified inthe FTC Report and Commerce GreenPaper address these criticisms?Yes, to some extent.
Web 1.0 Published Content Website• The mostly “read-only” web• One way interaction between websites and users• 1996 - 250,000 sites, 45 million users• Privacy concerns: ID theft, spam, spyware• FTC approach: notice & choice, harms-based
Web 2.0 Website Affiliate Published Content Website Website Affiliate Uploaded Content• The ”read-write” or social web• Two-way interaction between users and websites• 2009 – over 250 million sites, nearly 2 billion users• 90 trillion emails sent, 1 billion videos viewed on YouTube• Privacy concerns: new business models (OBA, geo-marketing)• FTC approach: FTC Privacy Report
Web 3.0 - Characteristics• The Semantic Web – web technologies that helpcomputers understand the meaning or “semantics”of information.• The Personalized Web – web technologies thatbecome more customized to personal preferencesand are easier to use.• The Visual Web – web technologies that highlightthe convergence of the physical and virtual world.E.g. video that is disseminated widely acrossplatforms - TVs, laptops, tablets, mobile devices
Web 3.0“The Semantic Web is a web of data that can be processed directly and indirectly by machines…” - Tim Berners-Lee
Web 3.0 - Search Algorithmic search result Local search result Social search result
FTC Privacy Report“A forward-looking policy vehicle for approaching privacy in light of new practices and business models.” -FTC Privacy Report, page 39The Challenge: Creating a frameworkthat protects consumer privacy andfosters innovation at the same time…
FTC Privacy FrameworkFour “building-blocks” of the FTC’sproposed privacy framework: • Scope • Privacy by Design • Simplified Choice • Transparency
Commerce Green PaperFour policy recommendations:• Encouraging consumer trust through a revitalized set of FIPPs• Encouraging development of voluntary codes of conduct; PPO• Global privacy interoperability• Ensure that security breach notification rules are nationally consistent
ScopeFTC – Commercial entities that collect or useconsumer data that can be reasonably linkedto a consumer, computer or other device.”Reading the tea leaves…• Increased use of online and offline data in web 3.0 personalization• The evolution of the “reasonably linked” concept will be particularly important• Concern: what if there is no nexus between the consumer and the computer/device
Privacy by Design/ FIPPs v. 2FTC Report – emphasize consumer privacyat “every stage” of product developmentCommerce –a revitalized FIPPs for Web 3.0Reading the tea leaves…• Rising role for Access in Privacy 3.0• Data portability will provide a new area for companies to compete and innovate• Concern: Companies will need to balance personalization with privacy in Web 3.0
Simplified ChoiceFTC recommends that choice be offered in atimely and contextually relevant manner.Reading the tea leaves…• The list of “commonly accepted practices” will get broader with Web 3.0• Innovation in choice mechanisms that promote information flow• Concern: Will initiatives like “Do-Not-Track” cause users to opt-out entirely from the “Semantic Web”?
TransparencyBoth reports see a strong relation betweentransparency and informed choice.Reading the tea leaves…• Definition of “material change” will continue to evolve based on web habits• Expanded definition of privacy notice to include alternate notice mechanisms (just in time, short notices for mobile), etc.• Larger role for machine readable policies
On Track?Generally, yes.Suggestions to stay that way?• Continue close interaction with industry to address technological relevancy concerns• Address enforcement gaps with expanded role for voluntary, self-regulatory regimes• Encourage the development of privacy as a competitive differentiator for web 3.0 technologies.