Modern field guide to security and privacy

Industry, privacy groups at odds in opposition to Obama's consumer data plan

Privacy groups and tech industry associations oppose the proposed Consumer Privacy Bill of Rights for different reasons. Their opposition reveals the deep division between those who want more protections and those who say the industry is already doing enough.

|
Carolyn Kaster/AP
President Obama's proposed Consumer Privacy Bill of Rights seeks to give people more control over the manner in which companies collect, store, use, and share their personal data.

Digital rights groups have lobbied for legislation to protect personal data for years. But when President Obama released a draft Consumer Privacy Bill of Rights, the proposal was roundly criticized by the staunchest proponents for greater privacy who fear the proposal includes too many loopholes to offer enough protection. 

At the same time, industry groups have criticized the plan for exactly the opposite reasons: To them, it would hinder innovation and impose burdensome new regulatory requirements on all companies that collect, store and use consumer data.

The fact that the draft plan has managed to attract such widespread criticism is testimony to the vast chasm between those who want more privacy protections and those who feel consumers are already well served via existing privacy rules and self-regulatory initiatives.

The dividing lines

The Obama administration's draft plan seeks to give consumers more control over the collection, storage, use, and sharing of their data. It would require companies, nonprofits, and other organizations to limit data collection and to spell out privacy policies clearly, get informed consent from users, and provide consumers with a way to correct errors in their records.

Critics of the draft include privacy groups, lawmakers, and even the Federal Trade Commission. One of the biggest concerns is that it would give organizations way too much latitude to determine when and what privacy protections a consumer should receive. 

"We really need to put the consumer back in the consumer privacy bill of rights," said FTC Commissioner Julie Brill at the International Association for Privacy Professionals' Global Privacy Summit on Thursday. The proposal seems to allow, she said, a potential data broker or ad network to gather their version of a privacy review board – "and off they go."

In a letter to Mr. Obama on Tuesday, the Center for Democracy and Technology, the Center for Digital Democracy, Electronic Frontier Foundation, and nearly a dozen other privacy groups listed numerous other complaints. Among them are concerns that the the plan would decimate stronger state-level privacy protections and seriously weaken the FTC’s enforcement authority on consumer privacy matters. Lawmakers such as Sen. Ed Markey (D) of Massachusetts and Reps. Frank Pallone (D) of New Jersey and Jan Schakowsky (D) of Illinois expressed similar concerns. 

On the other side of the spectrum, industry groups such as the Consumer Electronics Association and the influential Internet Association, which counts eBay, Amazon, and other large Web companies as members, say the plan is overly restrictive.

If enacted, said Gary Shapiro, chief executive officer of the Consumer Electronics Association in a statement, "the proposal's broad definitions, expanded bureaucratic authorities and steep penalties could burden the tech economy with uncertainty and stifle the development of the Internet of Things." 

 

A way forward

Given the incredible polarization on the issue, there’s little chance the proposal would gain enough support in Congress to make it into a bill, says Jules Polonetsky, executive director and co-chair of the Future of Privacy Forum. But he says it should help launch a conversation focused on more nuanced approaches to addressing business needs and consumer privacy issues.

“The ideas in the Consumer Privacy Bill of Rights have far more sophistication than the initial reactions suggest,” says Mr. Polonetsky. “There are a whole range of ideas that are actually incredibly nuanced and show real efforts to recognize the need for both, data innovation as well as consumer protection.”

An example, he says, is a provision that for the first time addresses data being used beyond its original context. The provision would give heightened protections for consumers when data collected for one purpose is used for another purpose while at the same time giving companies a way to argue for such use via so-called Privacy Review Boards.

It also introduces the notion of risk-based privacy protections. As written, the plan would allow companies to determine whether to apply certain privacy protections to a data set based on their assessment of a risk of harm to the data. A company, for instance, would not obligated to give consumers access or correction rights to their data if it doesn't feel use of the data poses an actual risk to the individual. 

Such provisions have received scathing criticism from privacy advocates. Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown University Law Center, sees them as vesting companies with too much control over consumer data.

“They allow industry to conduct self-regulation behind a Potemkin privacy village,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “It looks like the public has a right but how this is defined will be done behind closed doors," he says.

Polonetsky says the way forward is not to focus on the specifics in the draft but on its broader ideas.

With technology developing at such a rapid pace enough flexibility needs to be built into data regulations to accommodate unforeseen future uses of data, he says. “For instance, there may be uses of big data that are not discovered until long after the data is collected,” he says.

From a legislative standpoint, the administration’s draft is “nowhere near ready,” Polonetsky concedes. But it introduces several important ideas into the privacy debate for the first time.

A tough challenge

Justin Brookman, director of consumer privacy at the Center for Democracy and Technology, says the unpopularity of the draft highlights the tough challenge the administration faces in coming up with something that is acceptable to all stakeholders. 

The bill could have been more privacy-friendly, said Mr. Brookman. But if it had been, the ones protesting the most would have been industry leaders.

The key is that the bill offers a foundation to build on, he says. One of the best aspects of the bill is that its requirements are based on Fair Information Practice Principles such as transparency, individual control, respect for context, focused collection, and responsible use and accountability, Brookman said in a separate blog post. The blog lists the many problems that exist in the draft as written. 

“I don’t think any of this was done in bad faith,” he says. “It’s hard to get privacy law right. The important thing is they got the language out there.”

With a draft bill so complex, another challenge could be Congress. "Congress has a ton on its plate," said Ms. Brill, the FTC commissioner. "They're very well meaning people. Many people will say it's very unlikely they'll have time to deal with this issue. Is that diplomatic enough?"

Passcode deputy editor Sara Sorcher contributed reporting from Washington.

The original version of this story incorrectly attributed a quote by Jeffrey Chester ("They allow industry to conduct self-regulation behind a Potemkin privacy village. It looks like the public has a right but how this is defined will be done behind closed doors") to Alvaro Bedoya.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Industry, privacy groups at odds in opposition to Obama's consumer data plan
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0306/Industry-privacy-groups-at-odds-in-opposition-to-Obama-s-consumer-data-plan
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe