At the intersection of Technology and Policy, the U.S. Federal Trade Commission (FTC) today addressed the potential dangers of cookie trails and the collection of consumer data in its second “Exploring Privacy” Roundtable.
Hosted by the Berkeley Center for Law and Technology, FTC Commissioner Pamela Jones Harbour and Director of the FTC's Bureau of Consumer Protection David Vladec kicked off the event. Opening remarks were followed by panels on the topics of "Privacy Implications of Social Networking and Other Platform Providers," "Privacy Implications of Cloud Computing," and "Privacy Implications of Mobile Computing."
Harbour's opening comment, "If we are to stay ahead of the technology curve, we must address the question of privacy by design sooner than later," set the stage for a fury of panelists who have been having this argument with the likes of Facebook CEO Mark Zuckerberg for a while.
Zuckerberg's recent claim that people are becoming more comfortable with the concept of less privacy was refuted by Harbour, who pointed to consumer surveys indicating privacy concerns are rising. This collective fear, Harbour and others pointed out, is indicative of the level of a typical consumer's misunderstanding and confusion of the data collection process on social networking and other websites.
The first panel opened with a discussion of cookies collected by Adobe's Flash multimedia player, which are not deleted by a user's clearing of browser caches. Such cookies, captured for the purpose of behavioral advertising by web-based and mobile businesses alike, allow ads to be targeted to users based on their web browsing and purchase histories.
Panelists Scott Taylor, Chief Privacy Officer at Hewlett-Packard Company, and Peter Eckersley, Staff Technologist for the Electronic Frontier Foundation, expressed apprehension that the anonymity of IP addresses collected for such ad targeting might not keep consumers as anonymous as they would like to be.
Unfortunately, according to some, tracing the responsibility of the cookie crumb trail and its consumer misleadings isn't cut and dry.
Lindsey Finch, Global Privacy Counsel at enterprise cloud-computing company Salesforce.com, said that the "service provider needs to be accountable. I can’t imagine trying to ensure all of a service provider’s contracts are updated. It’s the original company that needs to ensure that policies are followed through.”
Paul Schwartz, a law professor at University of California at Berkeley, argued against companies such as Salesforce.com being able to self-regulate; rather, he supports the government's stepping in lest providers set up self-serving policies that only confuse consumers. He suggested that bombarding web browsers with volumes of information they won't understand isn't the answer.
The FTC's need for stricter regulations elicited a wide range of proposed solutions, ranging from mandating implementation of universal symbols on sites collecting behavioral data to requiring companies to delete user information within 24 hours.
Nicole Ozer, American Civil Liberties Union of Northern California Technology and Civil Liberties Policy Director, addressed the vagueness and lack of transparency of cloud computing services.
“Consumers don’t have a clear understanding of who the companies are working with, where the companies are, or how their data is going to be used,” Ozer said. She and her colleagues at ACLU frequently challenge these and other online privacy/digital data issues in their Bytes and Pieces column.
The FTC's newly anointed Vladeck assured, "We are currently examining practices that undermine the tools that consumers can use to opt out of behavioral advertising. We hope to announce law enforcement actions later this year."
Behavioral marketing tactics aside, social networks caught an earful from ACLU lawyer Chris Conley who brought to the table a petition signed by 50,000 Facebook users who fear the service's new privacy settings have created an "app gap" -- i.e., third party application developers are able to access to previously guarded goodies like age, gender, sexual orientation, as well as friends lists.
Facebook lawyer Tim Sparapani rebutted with, "We are a walled garden in the sense that we never ever sell data to third parties."
The ultimate and obvious conclusion: privacy policies are no longer cutting it. Such was the topic of a recent New York Times blog post, wherein Vladeck was quoted as saying, “Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like. What’s the substitute for it?”
Evidently, time will tell. The FTC hopes to have an answer by June or July. (How many years is that in Government Time?)
Look forward to more debate, and hopefully some progress, in the FTC's conclusion to the roundtable trilogy which will tackle protection of consumer health data, identity management and accountability approaches to privacy. Per the FTC website, the third and final privacy roundtable discussion will be held at the FTC Conference Center in Washington, DC, on March 17, 2010.
0 comments:
Post a Comment