Top senators and members of the Federal Trade Commission on Wednesday criticized the current state of Internet privacy regulations and pushed for legislation that would give consumers more control over their personal information online.
“We can’t let the status quo stand,” said Commerce Committee Chairman John Kerry (D-Mass.), who plans to introduce a privacy bill of his own.
Sen. Jay Rockefeller (D-W.Va.), chairman of the Committee on Commerce, Science, and Transportation, noted in a statement that self-regulation by the private sector has been a “failed experiment,” allowing users to become increasingly exposed as new, more advanced tools collect ever-more-personal details over the web.
During a Senate hearing on online privacy, Rockefeller described consumers as being at “war” with companies over control of their information and stressed that Congress must intervene to protect their privacy.
“There is an online privacy war going on, and without help, consumers will lose,” he said in a statement. “We must act to give Americans the basic online privacy protections they deserve.”
The most concrete mechanism for improving privacy safeguards discussed during the hearing was a “do not track” system that would allow users to opt out of receiving targeted advertising based on their browsing history. The FTC previously endorsed such a plan in a privacy report issued in December of last year.
Though Rockefeller and other lawmakers have deemed self-regulation inadequate, FTC chairman Jon Leibowitz noted that companies such as Microsoft and Mozilla stepped up their efforts to introduce privacy tools following the committee’s hearings last summer.
“We are encouraged by what we are seeing,” said Leibowitz. “The pace of moving forward has become far more rapid … It is promising.”
Some are less optimistic. Chris Calabrese, legislative counsel for the American Civil Liberties Union, outlined a privacy doomsday scenario that he warned could come to pass if existing online tracking practices are allowed to proceed without regulation.
“If this collection of data is allowed to continue unchecked, then capitalism will build what the government never could — a complete surveillance state online,” Calabrase said in a statement. “Without government intervention, we may soon find the Internet has been transformed from a library and playground to a fishbowl, and that we have unwittingly ceded core values of privacy and autonomy.”
Kerry pressed Calabrase on his testimony and suggested that although current practices pose real risks to users’ personal information, the outcome presented by Calabrese may overstate the potential danger of Internet tracking.
“That’s a far reach,” Kerry said. “That’s a big statement obviously about potential downsides.”
Leibowitz also highlighted that there can be benefits to targeted advertising that uses online tracking to present users with ads that are more relevant to their interests.
“We think most consumers won’t mind getting tracked, we just think consumers should have the ability to opt out of that kind of tracking,” he said.
Have national and state legislators run amock with Internet advertising restrictions? Well, it depends on who you ask. Indeed, it seems that there are compelling arguments for: a.) Protecting consumers from unreasonable culling, collection, and misuse of private/confidential information; b.) Allowing a free market economy driven by the need for information on what products and services are available to each of us; c.) Taking a balanced approach that acknowledges that the Internet has become a primary means of advertising for all businesses and professionals.
Before jumping to conclusions about all of the bad advertisers, helpless consumers, and knee-jerk reactions to the issue, it seems that a little bit of careful analysis is required. EsquireTech views this as a very complicated question because of the First Amendment and principles underlying a competitive marketplace.
Not only is the risk for consumer information release and abuse an issue, data breaches are already costing companies millions of dollars per instance. In fact, one can apparently calculate the total exposure to a breach of data security. Knowing this to be the case, should legislation be treated as more of a temporary mitigation effort until data security protocols can be more objectively injected into the marketplace?
NetChoice.org has released its hitlist of questionable internet legislative efforts. The list (the Iawful list) primarily focuses on laws designed to limit the culling of private consumer information.
More specifically, opt-in and opt-out provisions are proposed for advertisers, limits are proposed on targeted marketing from social websites, and the imposition of additional disclosure requirements is contemplated.
For obvious reasons, the issue of First Amendment rights permeates this entire process. Consumers should have a right to evaluate information on products and services. Companies should have the right to collect basic information in the open where that information will help them survive in a tough economy and to better their products and services.
It is also noteworthy that social website advertising is a good method for attorneys to reach potential clients. As long as any advertising is generalized and not targeted at specific victims (ambulance chasing) or making promises of litigation results, the First Amendment interest in being able to communicate with potential clients is obvious. “Networking” with others in the Internet Agora is the new form of meeting up at the public square, having a chat over the telephone, or hanging out at a social gathering.
These otherwise ‘traditional’ sources of potential clients have been concentrated in the new social media and it would be draconian to just assume that none of it can be good. Rather, it seems, that a balanced approach needs to be taken as to which advertisers are capable of culling information in the first place.
The average attorney Facebook advertiser, for example, is simply looking for general characteristics of users and trying to reduce overall expense for advertising where forcing a general distribution would be cost prohibitive and to sporadic to even be effective. While the natural tendency for lawyers, Libertarians, and market participants might be to say that we really need to put the brakes on internet advertising, be careful — it might just be that if you stop the train too quickly, everything moves forward and and is crushed under the weight of itself.
Whether or not any of this legislation will come up against the commercial free speech rights of advertisers is an open question.
While there are arguments to be had about culling personal information as defined by law, it does not follow that geo-specific advertising to a DNS area is per se’ bad. Anyway, here’s the list:
The iAWFUL Top Ten: Click On Any Item To Learn More About the Laws that Threaten Your Use of the Internet
The March 2011 iAWFUL Top Ten
Congressional Do Not Track Privacy Bill – Do Not Track is an unjustified restriction on targeted advertising, which helps pay for free online services and content.
What follows below is the Press Release from Jackie Speier. EsquireTech is a bit torn on this one since I just argued a consumer privacy case where electronically maintained real estate loan information was released by a lender to operators of a Ponzi scheme, resulting in some $142,000,000.00 in losses in just one area of the state. (Richter v. Nationstar, et al.).
Just to add to the consumer misery, the victims of the fraud were subjected to a Star Chamber arbitration process where they were literally not allowed to be heard whatsoever and the lender was not required to release any of the electronic information its own employees were allegedly kind enough to share with Ponzi scheme operators. The disallowance of any material evidence, discovery, or production from the defendants was done regardless of the fact that the ex-employee was convicted on felony fraud, an SEC judgment, a Department of Corporations C&D, CA Department of RE C&D, and a civil injunction won by our office. How can a consumer fight the collection of and a release of electronic information if they are not even allowed to know how the leak occurred or what information was leaked?
In short, regardless of the overwhelming evidence that consumer information was abused, Nationstar and Centex Home Equity were able to rely on a sneaky arbitration process that quieted the potential exposure to the lender for sharing information without permission. Then, to boot, the companies who released information are seeking to sanction the consumers for even bringing the issue up.
Again, it seems that a careful balancing act is required in order to weigh the interests of the advertising community with those of reasonable consumers.
Press Release from Representative:
Washington DC – Congresswoman Jackie Speier (D-CA), a longtime consumer advocate, today held a press conference to introduce a package of privacy bills aimed at protecting the personal information of all Americans. The Do Not Track Me Online Act of 2011 (H.R. 654) would give consumers the ability to prevent the collection and use of data on their online activities. The Financial Information Privacy Act of 2011 (H.R. 653) would give consumers control of their own financial information. Consumer Federation of America, Consumers Union, Consumer Action, U.S. PIRG, Consumer Watchdog, World Privacy Forum, the Center for Digital Democracy, and the ACLU all announced their support.
“These two bills send a clear message—privacy over profit,” Speier said. “Consumers have a right to determine what if any of their information is shared with big corporations and the federal government must have the authority and tools to enforce reasonable protections.”
There is no longer any anonymity on the Web. The most personal information about people’s online habits is collected and eventually bought and sold, often instantaneously and invisibly. Data collection practices have become a business in themselves, driven by profits at consumers’ expense. The Wall Street Journal recently highlighted these practices—which included targeting children—in its groundbreaking series “What They Know.”
The Do Not Track Me Online Act of 2011 would direct the Federal Trade Commission to develop standards for a “Do Not Track” mechanism that would allow individuals to choose upfront to opt out of the collection, use or sale of their online activities, and require covered entities to respect the consumer’s choice. Failure to do so would be considered an unfair or deceptive act punishable by law. The covered entity would have to disclose its collection and sharing practices, including with whom the information is shared. The bill would allow the FTC to exempt commonly accepted commercial practices like the collection of information for billing purposes.
A USA Today poll released Tuesday showed that 70% of Facebook members and 52% of Google users say they are either “somewhat” or “very concerned” about their privacy.
“People have a right to surf the web without Big Brother watching their every move and announcing it to the world,” Speier said. “The internet marketplace has matured, and it is time for consumers’ protections to keep pace.”
The Financial Information Privacy Act of 2011 would finally give consumers the ability to control the sharing of their own financial information. The bill mirrors legislation Speier successfully steered to passage in California that prevents financial institutions from sharing or selling personally identifiable nonpublic information with affiliates without an opportunity to opt-out, or in the case of unaffiliated third parties, a requirement that consumers opt-in. This bill gives consumers control of their personal financial information and provides meaningful but workable privacy protection.
“Because of the law we passed in California, consumers now have the clear and simple ability to prevent financial institutions from sharing their personal information,” Speier said. “Every American deserves that right.”
Obviously, one of the biggest concerns for a lawyer is the confidentiality of client records and work product.
As recently reported on the Huffington Post, there are a number of major players on the Internet who see it fit to trawl for user information when visiting their sites. While maybe not a big deal, other than the unwanted hassle of targeted advertising, other sensitive information could be a real problem where one is storing client files on the Cloud or where similar factors present themselves.
While one could say that he/she will never be using the Cloud to store client data, I think the reality is that there may be no realistic alternatives in the future for what we consider to be standard storage now (i.e., hard drives, USB drives, external drives, etc.). It’s not all bad if we plan now and place a privacy/security infrastructure in place now.
Historically, the confidentiality between the learned professions and those are served by those professions has been largely respected and protected. Current technology does not eliminate the legitimate public policy concerns underlying these privileges against invasion, disclosure, production, and admission into evidence before a court. For better or worse, most public policy issues express themselves through the regulatory environment and the creation of a whole new set of laws and restrictions (as though we don’t have enough laws on the books). This being said, until there is a way of getting people to better behave themselves, we will have to settle for making a complex legal system even more so.
Realistically, I think that we will all eventually end up storing and processing much of our information through services such as Dropbox, Windows Live, Google Docs, RocketMatter.com, and other cloud-based servers. While it is easy to say that hard storage will never be eliminated, the same could have been said of the cassette tape, VCRs, eight-tracks, zip drives, and a whole host of other tech items that seemed to earn what we thought was a permanent place in our daily lives. While the main focus on these forms of storage media were related to intellectual property rights, privilege issues have not been widely discussed in the legal field. It may simply be that lawyers, as a profession, are way behind the technological curve. However, I am fairly certain that our clients not only expect confidentiality of information, they rightfully demand it.
In a recent review by me of the Rutter Group’s treatise on Professional Responsibility, there was quite a bit of information in the privacy concerns that arise as a matter of professional ethics. Most of the information related to state bars coming down on lawyers for advertising violations. There was also a brief discourse on how Facebook and other social networking sites affect bias of the judiciary, public perception, and client confidentiality. What was not provided was a solution to how attorneys can stay competitive, be environmentally friendly, and how they might protect information in a world of data retention that changes and advances by the day. Thus, this all becomes an issue about what we are all willing to do in order to protect not only confidential client information, but our own reasonable expectations of privacy in our personal lives as professionals and regular citizens/consumers.
Notwithstanding the privacy concerns within our specific profession, the Federal Trade Commission (FTC) is working on some proposals designed to address the invasions of privacy occasioned by some of the sites specifically mentioned in the Huffington Post article.
In the report, the FTC asserts that, “Companies should incorporate substantive privacy protections into theirpractices, such as data security, reasonable collection limits, sound retention practices, and data accuracy,” and that, “Companies should maintain comprehensive data managementprocedures throughout the life cycle of their products and services.” There are also a number of practical proposals set out as well:
Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices.
Companies should provide reasonable access to the consumer data they maintain; the extent of access should be proportionate to thesensitivity of the data and the nature of its use.
Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected.
All stakeholders should work to educate consumers about commercial data privacy practices.
While I am ordinarily no fan of governmental interference with a Free Market Economy, I must say that I do agree with the conclusion that many of the cooking tracking, user-history exploitation, and unwanted targeted advertising schemes are the product of a lack of education on the part of Internet users.
Moreover, unlike the voluntary decision to go to a store or similar place, the decision to utilize the internet is one that often involves making a connection from one’s private location and the associated plethora of data that rests on our personal or business computers. As indicated above, this is a huge concern especially for professionals who retain confidential information with respect to their clients. One can only sadly imagine the potential liability exposure should a marketer get a hold of professional-user information that references specific clients and sensitive data associated with them.
Keeping up on these issues is a must for not only those of us in positions of trust, I strongly believe that there is a legitimate issue of safety that deserves the expenditure of governmental resources for preventative measures and, at a minimum, for the education of those who use the internet.
A Technology Resource for Legal Professionals 