The Shell Game of Privacy
May 28, 2012 5:00 AM PT
This story was originally published on March 7, 2012, and is brought to you today as part of our Best of ECT News series.
With much fanfare, the Obama administration recently unveiled a blueprint to improve consumer privacy protections online in the United States.
This consists of four parts: An online consumer privacy bill of rights, a stakeholder-driven process to specify how those rights apply in specific business contexts, enforcement by the United States Federal Trade Commission (FTC), and greater interoperability between the privacy frameworks of the U.S. and its partners overseas.
The U.S. Department of Commerce's National Telecommunications and Information Administration will convene companies, privacy and consumer advocates, technical experts, international partners and academics to establish codes of conduct implementing the general principles of the consumer privacy bill of rights.
The Obama Administration will work with Congress to develop legislation based on consumers' online privacy rights.
Consumer advocacy groups and civil liberties and privacy organizations greeted the announcement with what in political circles is called "cautious optimism" -- meaning that everyone hopes for the best, fears the worst and is praying for salvation.
For example, the Electronic Frontier Foundation said the proposal reflects a commitment to safeguard users' data without stifling innovation, but that only time will tell whether its principles will be implemented in a way that effectively protects user privacy.
A coalition of 11 of these agencies and organizations has released a set of principles for the multi-stakeholder process.
One concern among critics is that the inclusion of input from Facebook, Google and other industry members with deep pockets and armies of lobbyists will water down the proposed bill of rights, said John Simpson of Consumer Watchdog. Also, the selection of the U.S. Commerce Department to run the process is an issue for concern because the department's mandate is "to promote the interests of business, not consumers," Simpson told TechNewsWorld.
Google did not respond to our request for comment for this story.
Privacy Bill of Rights
The Obama Administration seeks to provide a baseline of clear protections for consumers and to make it clearer to businesses what privacy is so they can adhere to privacy regulations.
It sees consumer rights as individual control, transparency, respect for context, security, access and accuracy, focused collection and accountability.
Consumers will have the right to exercise control over what personal data organizations collect from them and how they use it. They also will have the right to expect that the personal data will be collected, used and disclosed in ways that are consistent with the context in which they provide the data.
That will rule out exploits such as Google's, which was recently found to be circumventing privacy protections in the Safari and Internet Explorer browsers. In the case of the former, Google claimed it was an accident; in the latter, Google blamed it on Microsoft's use of outdated standards.
A bill of rights might also clamp down on companies such as Google and Facebook taking consumer data obtained for one purpose, such as opening an account, and leveraging it for other purposes that were not stated to the consumer.
Companies will possibly also be held responsible for the accuracy, safety and security of the data they collect. Limits may also be placed on the personal data they collect and retain.
Criticism of the Plans
"I don't know that the Consumer Privacy Bill of Rights will necessarily fix this problem [of online privacy]," Ginger McCall of the Electronic Privacy Information Center (EPIC) told TechNewsWorld. "We need legislation that specifically addresses law enforcement access to data."
She may be right. Google recently consolidated 60 of its privacy policies, despite strong opposition from officials in the U.S. and EU.
Meanwhile, Facebook has rolled out Timeline, which essentially puts everything members have ever posted to the site out in public, again despite strong objections from various sectors. It also announced a new feature that lets advertisers distribute ads to fans of companies in news feeds online and on mobile devices, in the right-hand column of Facebook pages, and in a log-out message.
The stakeholder-driven process that will drive the bill is "essentially an empty gesture" because the policies or regulations it generates "would likely exceed the FTC's jurisdiction and authority, depending on their scope," contended Yasha Heidari, managing partner at Heidari Power Law Group. "As such, they would be unenforceable."
The wording of the White House's proposal also appears to give businesses a loophole they can exploit to avoid complying with any code of conduct developed to manage online privacy.
Further, the process doesn't take into account the political and financial clout of companies such as Google and Facebook, said T. Barton Carter, professor of communication and law at Boston University.
"Businesses always have a lobbying advantage," he told TechNewsWorld.
Companies such as Facebook and Google have "significantly more financial resources than any concerned consumers," Darren Hayes, CIS Program Chair at Pace University, told TechNewsWorld. On the other hand, consumer advocacy groups such as the EFF are being "transformed from fringe groups to become representative of many mainstream Americans who are questioning the constitutionality of online companies that increasingly take more of our personal information and make us less secure."