Privacy On Track (Revised 1.27.11) Saira Nayak Aba Consumer Meeting


Published on

Presentation at panel discussion on Privacy & Enforcement Trends, ABA Consumer Meeting, February 3, 2011

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Privacy On Track (Revised 1.27.11) Saira Nayak Aba Consumer Meeting

  1. 1. Reading the Tea Leaves: Is Privacy Regulation on Track for Web 3.0?ABA 2011 Consumer Protection Conference Saira Nayak Nayak Strategies
  2. 2. The US Data Protection Framework1.  Federal Laws & Regs – COPPA, HIPAA, etc.2.  Federal Guidance – FTC, Commerce Reports3.  State analogues to federal laws - e.g. CA’s SB14.  State Data Breach & Security laws5.  Marketing Communications laws – TCPA, CAN-SPAM, Junk Fax Protection Act etc.6.  Laws Compelling Disclosure – ECPA, FOIA7.  Self-Regulatory frameworks - Digital AdvertisingAlliance (, BBB Interest BasedAdvertising Project, NAI
  3. 3. Criticisms of a Sectoral System•  Technological Relevancy•  Inefficient oversight by regulators and overlapping regulatory obligations•  Inadequate or insufficient enforcement mechanismsWill the proposed frameworks identified inthe FTC Report and Commerce GreenPaper address these criticisms?Yes, to some extent.
  4. 4. Web 1.0 Published Content Website•  The mostly “read-only” web•  One way interaction between websites and users•  1996 - 250,000 sites, 45 million users•  Privacy concerns: ID theft, spam, spyware•  FTC approach: notice & choice, harms-based
  5. 5. Web 2.0 Website Affiliate Published Content Website Website Affiliate Uploaded Content•  The ”read-write” or social web•  Two-way interaction between users and websites•  2009 – over 250 million sites, nearly 2 billion users•  90 trillion emails sent, 1 billion videos viewed on YouTube•  Privacy concerns: new business models (OBA, geo-marketing)•  FTC approach: FTC Privacy Report
  6. 6. Web 3.0 - Characteristics•  The Semantic Web – web technologies that helpcomputers understand the meaning or “semantics”of information.•  The Personalized Web – web technologies thatbecome more customized to personal preferencesand are easier to use.•  The Visual Web – web technologies that highlightthe convergence of the physical and virtual world.E.g. video that is disseminated widely acrossplatforms - TVs, laptops, tablets, mobile devices
  7. 7. Web 3.0“The Semantic Web is a web of data that can be processed directly and indirectly by machines…” - Tim Berners-Lee
  8. 8. Web 2.0 - Search Algorithmic search result
  9. 9. Web 3.0 - Search Algorithmic search result Local search result Social search result
  10. 10. FTC Privacy Report“A forward-looking policy vehicle for approaching privacy in light of new practices and business models.” -FTC Privacy Report, page 39The Challenge: Creating a frameworkthat protects consumer privacy andfosters innovation at the same time…
  11. 11. FTC Privacy FrameworkFour “building-blocks” of the FTC’sproposed privacy framework: •  Scope •  Privacy by Design •  Simplified Choice •  Transparency
  12. 12. Commerce Green PaperFour policy recommendations:•  Encouraging consumer trust through a revitalized set of FIPPs•  Encouraging development of voluntary codes of conduct; PPO•  Global privacy interoperability•  Ensure that security breach notification rules are nationally consistent
  13. 13. ScopeFTC – Commercial entities that collect or useconsumer data that can be reasonably linkedto a consumer, computer or other device.”Reading the tea leaves…•  Increased use of online and offline data in web 3.0 personalization•  The evolution of the “reasonably linked” concept will be particularly important•  Concern: what if there is no nexus between the consumer and the computer/device
  14. 14. Privacy by Design/ FIPPs v. 2FTC Report – emphasize consumer privacyat “every stage” of product developmentCommerce –a revitalized FIPPs for Web 3.0Reading the tea leaves…•  Rising role for Access in Privacy 3.0•  Data portability will provide a new area for companies to compete and innovate•  Concern: Companies will need to balance personalization with privacy in Web 3.0
  15. 15. Simplified ChoiceFTC recommends that choice be offered in atimely and contextually relevant manner.Reading the tea leaves…•  The list of “commonly accepted practices” will get broader with Web 3.0•  Innovation in choice mechanisms that promote information flow•  Concern: Will initiatives like “Do-Not-Track” cause users to opt-out entirely from the “Semantic Web”?
  16. 16. TransparencyBoth reports see a strong relation betweentransparency and informed choice.Reading the tea leaves…•  Definition of “material change” will continue to evolve based on web habits•  Expanded definition of privacy notice to include alternate notice mechanisms (just in time, short notices for mobile), etc.•  Larger role for machine readable policies
  17. 17. On Track?Generally, yes.Suggestions to stay that way?•  Continue close interaction with industry to address technological relevancy concerns•  Address enforcement gaps with expanded role for voluntary, self-regulatory regimes•  Encourage the development of privacy as a competitive differentiator for web 3.0 technologies.