Can the Law Keep Up with Technology?

Can Self Regulation help?

ABA Antitrust Section - Practical Privacy Series ABA Annual Meeting

Toronto, Canada August 6, 2011

Our Panelists •  Commissioner Julie Brill – U.S. Federal

Trade Commission •  Privacy Commissioner Jennifer Stoddart –

Office of the Privacy Commissioner of Canada

•  Dr. Paolo Balboni – Director, European Privacy Association

•  Stuart Ingis – Partner, Venable LLP •  Moderator – Saira Nayak, Nayak Strategies

Our Topic Can Self Regulation help? Let’s examine the following questions: 1.  Is Self Regulation is an essential part of a

consumer data protection framework? 2.  What should Self Regulation look like in the

consumer data context?

We will start our presentation by identifying the underlying theories and key elements of self- regulation.

Key Elements of Self Regulation •  Clear & Consistent Standards – defined by

legal/regulatory framework or voluntary codes of conduct

•  Accountability – internal & external •  Accountability Agents/3rd Party Audits •  Individual User Access •  Safe Harbor provisions – to incentivize

participation •  Consumer Education

Accountability Organizations “should be accountable for complying with measures that give effect” to the fair information principles. • Accountability is part of APEC, European, OECD & PIPEDA frameworks • Art. 29 WP guidance – “to ensure that controllers are more generally in control and in the position to ensure and demonstrate compliance with data protection principles in practice.” • CIPL Accountability– 5 essential elements

Self vs. Co Regulatory Self Regulatory Organizations -  Cinematic Content – MPAA Rating System -  Children’s Advertising & Marketing e.g. CARU, ICTI’s Toy Marketing Guidelines Europe -  Online Advertising in the US e.g. MMA Guidelines, ANA & NAI Guidelines Co Regulatory Organizations -  Online Advertising in Europe -  OBA Notice & Choice – DAA scheme, browser-based choice (Chrome, Explorer, Firefox)

OBA Notice & Choice

Digital Advertising Alliance (DAA)

•  Self regulatory program for online behavioral advertising

•  www.AboutAds.Info

Self-Regulatory Principles for Online Behavioral Advertising

•  Education •  Transparency •  Consumer Control •  Data Security •  Material Changes to

Existing OBA Policies and Practices

•  Sensitive Data •  Accountability

Advertising Option Icon

•  The Icon indicates adherence to the Principles.

•  By clicking on the Icon, consumers can link to: –  a clear disclosure statement –  an easy-to-use opt-out mechanism

The “Advertising Option Icon” and accompanying language appears in or near online advertisements or on Web pages where data is collected and used for behavioral advertising.

In Ad Notice

Publisher Notice

DAA Consumer Choice Mechanism

•  The Consumer Opt-Out Page www.AboutAds.info gives consumers the ability to conveniently opt-out of some or all participating companies’ online behavioral ads, if they choose

•  Organizations can now register to participate and be listed on the Consumer Opt-Out Page

CBBB and DMA Commence Accountability Programs

•  CBBB and DMA have complementary Accountability Programs to: –  Monitor the marketplace

externally for data that suggests non-compliance with key notice and choice requirements

–  Follow-up directly with non-complying entities

–  Report non-compliance and refer uncorrected non-compliance to government

Trustmarks

EU Trustmarks

•  Action 17 EU Digital Agenda – conduct an impact assessment for EU online trustmarks in 2011.

•  Art. 29 Working Party Opinion 3/2010 – suggests development of certification programs or seals as a way to implement the Accountability principle.

Trustmarks

Electronic labels or visual representations indicating that an e-merchant has demonstrated

its conformity to standards regarding, e.g., security, privacy, and business practice.

=

Trustmark Organizations TMOs

Trustmark Organizations (TMOs) are independent entities which provide a trustmarks to online or e-merchants.

Panel Discussion

Audience Q & A