The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Joint Hearing on “Internet Privacy: The Views of the FTC, the FCC, and NTIA”

Leave a comment

The Subcommittee on Commerce, Manufacturing, and Trade and the Subcommittee on Communications and Technology held a joint hearing on Thursday, July 14, 2011 on “Internet Privacy: The Views of the FTC, the FCC, and NTIA.”

In her opening statement, Subcommittee Chairman Mary Bono Mack (R-CA) noted that:

“… as consumers, we willingly dole out this personally identifiable information online – literally bit by bit. This information is then compiled and collated by computers to produce personal profiles used in online behavioral marketing and advertising. This data mining helps to pay the freight for all of the information that we get for free on the Internet. … First and foremost, greater transparency is needed to empower consumers. While it’s still unclear to me whether government regulations are really needed, providing consumers with more transparency is the first step in better protecting Americans.”

In his opening statement, Representative Henry Waxman (D-CA) noted that self-regulation may not be the best way to protect consumer’s online privacy. He cited a recent report by Stanford researcher Jonathan Mayer “Tracking the Trackers” which found that eight members of the self-regulatory group Network Advertising Initiative (NAI) had left cookies in place even after having promised users who chose to opt out to stop tracking them.

What could be the role of the Federal Communications Commission?

Chairman Greg Walden (R-Ore) noted that:

[t]oday’s regime is neither competitively nor technologically neutral. [While] Section 222 of the Communications Act gives the Federal Communications Commission broad authority to implement privacy protections for consumers of wireline and wireless telephone services…[and]specifically calls out location-based services for regulation, [it]…applies that regulation only to carriers and not providers of devices, operating systems, or applications. Other parts of the Communications Act give the Commission authority over cable operators and satellite television providers under a “prior consent” framework. In stark contrast, there are few if any communications privacy regulations governing web-based companies, even those that can access a user’s search queries, emails, voice and video online conversations, web browser, and even operating systems…. Why should a wireless provider that transmits data to and from a smartphone be subject to federal oversight, but not an operating system provider that has access to the exact same data?”

Chairman Julius Genachowski of the Federal Communications Commission (FCC) testified that one of the FCC’s National Broadband Plan findings was that “[p]rivacy concerns are a barrier to broadband adoption.”  He added that “[i]t is clear we need to strike a balance – ensuring that personal information and consumer choice is protected, and at the same time ensuring a climate that encourages new investment and new innovations that will create jobs and improve our quality of life.”

The FCC has, “[t]hrough … rulemakings and enforcement … addressed difficult issues such as when opt-in and opt-out notifications are appropriate, minimum notice standards, data sharing rules, reasonable data security measures, and notification to law enforcement and consumers in the event of data breaches.

What could be the role of the Federal Trade Commission?

 Commissioner Edith Ramirez of the Federal Trade Commission (FCC) stated in her prepared testimony that “the Commission continues to encourage Congress to enact data security legislation that would (1) impose data security standards on companies, and (2) require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach,” referring to a prepared statement of the FCC of its testimony on data security before the Subcommittee on commerce, manufacturing, and trade,  June 15, 2011.

Also, the FTC “enforces the FTC Act and several other laws that require companies to maintain reasonable safeguards for the consumer data they maintain” and “enforces the FCRA, which… prescribes that companies only sell sensitive consumer report information for “permissible purposes,” and not for general marketing purposes.” The FTC is also “active in ensuring that companies engaged in social networking adhere to any promises to keep consumers’ information private,” citing a March 2011 consent order resolving allegations that Twitter deceived its customers by failing to honor their choices after offering  the opportunity to designate certain “tweets” as private.

The FTC “has sought to protect consumers from deceptive practices in the behavioral advertising area”, for instance, when it settled with Chitika Ad Network over a deceptive opt-out mechanism. The FTC also “sought to ensure that data brokers respect consumers’ choices,” for instance when it announced a final order against data broker US Search, that maintained an online service, allowing users to search for information about others.

What could be the role of the National Telecommunication and Information Administration?

Lawrence Strickling, Assistant Secretary for Communications and Information & Administrator, National Telecommunication and Information Administration (NTIA), which acts as principal advisor to the President on communications and information policy, testified that the NTIA “has been working over the last two years with Secretary Locke’s Internet Policy Task Force and colleagues throughout the Executive Branch to conduct a broad assessment of how well our current consumer data privacy policy framework serves consumers, businesses, and other participants in the Internet economy.” The NTIA “supports legislation that would create baseline consumer data privacy protections through a consumer privacy bill of rights.

The NTIA “has recommended legislation with three main characteristics. First, it should establish baseline consumer data privacy protections that would apply in commercial contexts. … Second, we have recommended that legislation provides appropriate incentives for stakeholders in the private sector to develop and adopt enforceable codes of conduct through a multi-stakeholder process…. Third, the Administration supports legislation that strengthens the FTC’s consumer data privacy enforcement authority.”

More, including the hearing webcast, here.

Advertisements

Author: marieandreeweiss

Marie-Andrée was educated in France and in the United States, and holds law degrees from both countries. She is fully bilingual English-French, and writes articles regularly in these two languages on various privacy-related topics. Marie-Andrée is a member of the Bar of the State of New York. As an attorney in solo practice, she focuses on intellectual property, First Amendment, privacy, and Internet-related issues. Before becoming an attorney, she worked several years in the fashion retail industry, as a buyer then a director of marketing. She is a member of the New York State Bar Association (Intellectual Property Section and International Section), and of the American Bar Association (Business Law Section, Section of Antitrust Law, and Section of Intellectual Property Law)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s