Upload
nayakstrategies
View
707
Download
2
Embed Size (px)
DESCRIPTION
Presentation at panel discussion on Privacy & Enforcement Trends, ABA Consumer Meeting, February 3, 2011
Citation preview
Reading the Tea Leaves: Is Privacy Regulation on Track for Web 3.0?
ABA 2011 Consumer Protection Conference
Saira Nayak Nayak Strategies
The US Data Protection Framework
1. Federal Laws & Regs – COPPA, HIPAA, etc. 2. Federal Guidance – FTC, Commerce Reports 3. State analogues to federal laws - e.g. CA’s SB1 4. State Data Breach & Security laws 5. Marketing Communications laws – TCPA, CAN-SPAM, Junk Fax Protection Act etc. 6. Laws Compelling Disclosure – ECPA, FOIA 7. Self-Regulatory frameworks - Digital Advertising Alliance (www.aboutads.com), BBB Interest Based Advertising Project, NAI
Criticisms of a Sectoral System • Technological Relevancy • Inefficient oversight by regulators and
overlapping regulatory obligations • Inadequate or insufficient enforcement
mechanisms
Will the proposed frameworks identified in the FTC Report and Commerce Green Paper address these criticisms? Yes, to some extent.
Web 1.0
• The mostly “read-only” web • One way interaction between websites and users • 1996 - 250,000 sites, 45 million users • Privacy concerns: ID theft, spam, spyware • FTC approach: notice & choice, harms-based
Published Content Website
Web 2.0
Published Content
Website
Uploaded Content
Website Affiliate
Website Affiliate
• The ”read-write” or social web • Two-way interaction between users and websites • 2009 – over 250 million sites, nearly 2 billion users • 90 trillion emails sent, 1 billion videos viewed on YouTube • Privacy concerns: new business models (OBA, geo-marketing) • FTC approach: FTC Privacy Report
Web 3.0 - Characteristics • The Semantic Web – web technologies that help computers understand the meaning or “semantics” of information.
• The Personalized Web – web technologies that become more customized to personal preferences and are easier to use.
• The Visual Web – web technologies that highlight the convergence of the physical and virtual world. E.g. video that is disseminated widely across platforms - TVs, laptops, tablets, mobile devices
Web 3.0
“The Semantic Web is a web of data that can be processed directly and indirectly by machines…”
- Tim Berners-Lee
Web 2.0 - Search
Algorithmic search result
Web 3.0 - Search
Algorithmic search result
Local search result
Social search result
FTC Privacy Report
“A forward-looking policy vehicle for approaching privacy in light of new
practices and business models.” -FTC Privacy Report, page 39
The Challenge: Creating a framework that protects consumer privacy and fosters innovation at the same time…
FTC Privacy Framework
Four “building-blocks” of the FTC’s proposed privacy framework:
• Scope • Privacy by Design • Simplified Choice • Transparency
Commerce Green Paper Four policy recommendations: • Encouraging consumer trust through a
revitalized set of FIPPs • Encouraging development of voluntary
codes of conduct; PPO • Global privacy interoperability • Ensure that security breach notification
rules are nationally consistent
Scope FTC – Commercial entities that collect or use consumer data that can be reasonably linked to a consumer, computer or other device.” Reading the tea leaves… • Increased use of online and offline data in
web 3.0 personalization • The evolution of the “reasonably linked”
concept will be particularly important • Concern: what if there is no nexus between
the consumer and the computer/device
FTC Report – emphasize consumer privacy at “every stage” of product development Commerce –a revitalized FIPPs for Web 3.0 Reading the tea leaves… • Rising role for Access in Privacy 3.0 • Data portability will provide a new area
for companies to compete and innovate • Concern: Companies will need to balance
personalization with privacy in Web 3.0
Privacy by Design/ FIPPs v. 2
FTC recommends that choice be offered in a timely and contextually relevant manner. Reading the tea leaves… • The list of “commonly accepted practices”
will get broader with Web 3.0 • Innovation in choice mechanisms that
promote information flow • Concern: Will initiatives like “Do-Not-Track”
cause users to opt-out entirely from the “Semantic Web”?
Simplified Choice
Both reports see a strong relation between transparency and informed choice. Reading the tea leaves… • Definition of “material change” will continue
to evolve based on web habits • Expanded definition of privacy notice to
include alternate notice mechanisms (just in time, short notices for mobile), etc.
• Larger role for machine readable policies
Transparency
On Track? Generally, yes. Suggestions to stay that way?
• Continue close interaction with industry to address technological relevancy concerns
• Address enforcement gaps with expanded role for voluntary, self-regulatory regimes
• Encourage the development of privacy as a competitive differentiator for web 3.0 technologies.