The Subcommittee on Commerce, Trade, and Consumer Protection and the Subcommittee on Communications, Technology and the Internet will hold a joint hearing on “Exploring the Offline and Online Collection and Use of Consumer Information” on Thursday, November 19, 2009, at Noon in 2123 Rayburn House Office Building.
Invited witnesses include:
George V. Pappachen, Chief Privacy Officer, Kantar/WPP
Jennifer T. Barrett, Global Privacy and Public Policy Executive, Acxiom
Chris Hoofnagle, Director, Information Privacy Programs, University of California, Berkeley – School of Law
Zoe Strickland, Vice President, Chief Privacy Officer, Wal-Mart Stores Inc.
Michelle Bougie, Senior Internet Marketing Manager, LearningResources.com and EducationalInsights.com
Pam Dixon, Executive Director, World Privacy Forum
GW Law Partnership
The Future of Privacy Forum (FPF) and The George Washington University Law School have partnered to advance programs focused on the future of privacy law and policy. By bringing together some of the best-thinking people from academia, the private sector and government, we hope to ensure critical examination of the social, legal and policy implications of the digital age.” Read the announcement for more details.
Events
Behavioral Advertising Exploring Opportunities to Increase Transparency and Consumer Control” at GW Law School in February 2009
2010 Privacy Law Scholars Conference at GW Law School. Contact [email protected] for sponsorship opportunities.
Major utitility launches Microsoft home energy manager – opt-in.
“It’s interesting that customers have to opt-in to Hohm, via Microsoft’s web site, rather than being automatically enrolled. It shows that the utility is probably looking to give its customers a choice.” So says expert commentator Katie Fehrenbacher at earth2tech. We love Katie’s reporting and have learned a great deal about the grid industry from her coverage. But, we don’t think this move is “interesting”! It is the right way to do it! Xcel should otherwise just give info about your usage to a 3rd party?!
Kudo’s to both Xcel and Microsoft Hohm for doing this right.
A bit more nuance on "opting in" for cookies in Europe
We have received a dozen calls about the new “consent for cookies” language in the amended EU ePrivacy Directive. Most press coverage has focused on a US centric perspective – the law was “opt-out” and now the standard will be “opt-in”! Well, data protection law and policy in Europe is more complicated than opt-in or opt-out. In fact, some leading European thinkers will barely accept the notion of consent at all, as a basis for uses of data that are not otherwise ‘legitimate” or “proportionate” (Leading French Belgian privacy academic Professor Yves Poullet made this point last week to the Madrid Conference of data protection commissioners from around the world, with substantial agreement from many in the room). Many national regulators, if asked, would have told you that the previous law already required an opt-in for certain kinds of cookie and data use. So the situation is more nuanced, and if we can find a spare hour over the weekend, we will try to write something up.
One article that is a more informed read is this post from our friend Wim Nauwelaerts , a Brussels based privacy lawyer at Hogan & Hartson. Check it out!
FPF Advisory Board Member Lorrie Cranor Submits CUPS Reports to FTC
FPF Advisory Board member Lorrie Cranor, Director of CUPS (CyLab Usable Privacy and Security Lab) at Carnegie Mellon University informs us that the Lab has issued two new technical reports and submitted them as public comments to the FTC’s exploring privacy roundtable series. Here are the abstracts, but the full studies are definitely worth reading!
Approach Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, Lorrie Faith Cranor November 10, 2009
Abstract
Earlier work has shown that consumers cannot effectively find information in privacy policies and that they do not enjoy using them. In our previous research on nutrition labeling and other similar consumer information design processes we developed a standardized table format for privacy policies. We compared this standardized format, and two short variants (one tabular, one text) with the current status quo: full text natural language policies and layered policies. We conducted an online user study of 789 participants to test if these three more intentionally designed, standardized privacy policy formats, assisted by consumer education, can benefit consumers.Our results show that providing standardized privacy policy presentations can have significant positive effects on accuracy of information finding, overall speed, and reader enjoyment with privacy policies.
Aleecia M. McDonald and Lorrie Faith Cranor November 10,2009
Abstract
We performed a series of in-depth qualitative interviews with 14 subjects who answered advertisements to participate in a university study about Internet advertising. Subjects were not informed this study had to do with behavioral advertising privacy, but raised privacy concerns on their own unprompted. We asked, “what are the best and worst things about Internet advertising?” and “what do you think about Internet advertising?” Participants held a wide range of views ranging from enthusiasm about ads that inform them of new products and discounts they would not otherwise know about, to resignation that ads are “a fact of life,” to resentment of ads that they find “insulting.” Many participants raised privacy issues in the first few minutes of discussion without any prompting about privacy. We discovered that many participants have a poor understanding of how Internet advertising works, do not understand the use of first-party cookies,let alone third-party cookies, did not realize that behavioral advertising already takes place, believe that their actions online are completely anonymous unless they are logged into a website, and believe that there are legal protections that prohibit companies from sharing information they collect online. We found that participants have substantial confusion about the results of the actions they take within their browsers, do not understand the technology they work with now, and clear cookies as much out of a notion of hygiene as for privacy. When we asked participants to read the NAI opt-out cookie description, only one understood the text. One participant expressed concern the NAI opt-out program was actually a scam to gather additional personal information. No participants had heard of opt-out cookies or flash cookies. We also found divergent views on what constitutes advertising. Industry self-regulation guidelines assume consumers can distinguish third-party widgets from first-party content, and further assume that consumers understand data flows to third-party advertisers. Instead, we find some people are not even aware of when they are being advertised to, let alone aware of what data is collected or how it is used.
Advertising Privacy
Almost every time we go online, using our computers or mobile devices, each of us produces data in some form. This data may contain only oblique information about who we are and what we are doing, but when enough of it is aggregated, facts about us which we believed were private has the potential to become known to and used by others.
Many people are surprised to learn that data about their online habits, including the web sites and services they visit, are being collected and shared by marketers in order to target advertising. While such targeted advertising may provide more relevant information to consumers on which they can base their purchasing decisions, and while online advertising supports free online content for consumers, the lack of transparency about these practices has led to consumer apprehension and government concern.
As policy makers, regulators and consumer advocates press for significant reforms , there is an urgent need for companies using online technologies to demonstrate that they respect consumers’ right to privacy and their right to control the collection of information about them. Consumers need to feel confident that what is happening online is being done for them and not to them.
The Future of Privacy Forum is committed to advancing responsible data practices by online advertisers, publishers and networks. We believe that providing users with greater transparency and control is critical to ensuring privacy and personalization.
One of the biggest challenges in promoting data transparency is designing notices that engage and effectively inform users. Long, legalistic privacy policies buried in a web site do not do the job. The Future of Privacy Forum is currently engaged with the marketing communications firm WPP in a project to design new forms of notice that move beyond tedious legal jargon, towards actually helping users understand how their data is being used, at the right time – when they see ads that may use data collection technologies — and giving them a say about the matter.
The Future of Privacy Forum is also engaged in a project that seeks to provide Internet users with a more effective way to “opt-out” of advertising that uses data to tailor its contents. The existing opt-out standard today—relying on the provision of a browser “cookie” that reminds data collectors not to track a particular web browser—is broken. Users may delete the tracking cookies, believing that doing so is part of proper data hygiene, but in reality they may be subjecting themselves to behavioral targeting once again without realizing it. We are seeking to ensure that users are provided easy to use controls that work to respect the choices users have made.
For more information or to join our efforts in the area of advancing responsible advertising data practices, please contact [email protected].
Congratulations to Annie Anton
Congratulations to our friend and advisory board member Profesoor Annie Anton on being named an ACM Distinguished Scientist.
Smart meters touted for ability to help conserve, but critics are skeptical
Smart meters touted for ability to help conserve, but critics are skeptical
Argus Leader
Thom Gabrukiewicz
November 10, 2009
Empowering electric customers to save money through conservation is the government’s great hope for smart metering, but not everyone buys into the technology.
Some have concerns about just who would benefit financially, consumer or utilities.
Others are anxious about an intelligent grid that collects and stores billions of bits of data – like when you get home, take a vacation or even microwave a bag of popcorn.
Proponents say fears of price gouging and creation of a “Big Brother” state are unfounded.
Quotes from Jules Polonetsky:
“Clearly, there are huge benefits to society as a whole with a functional smart grid,” said Jules Polonetsky, co-chair and director of the Future of Privacy Forum, a think tank in Washington, D.C., that looks to promote responsible data practices. “But there is going to be huge amounts of data created. They may not realize it yet, but utility companies are about to become the leader in data collection and storage. And these companies need to figure out the rules now, before this avalanche of data comes. I think (Commerce Secretary Gary Locke) was correct when he said privacy concerns could be unintentional Achilles’ heel of the smart grid. Those decisions concerning data collection need to be thought out now because it’s hard to layer them on later.”
Figuring out ‘what to do with all this data’
On the same October day as Obama spoke about modernizing the grid, the Information Trust Institute at the University of Illinois announced its partners had been tapped by the U.S. Department of Energy and the U.S. Department of Homeland Security to pay for an $18.8 million, five-year study to secure it.
Their charge, reports Wired, is to make the modern grid resistant to hackers and all other attackers.
“Security issues are getting a lot of attention,” Polonetsky said. “Privacy issues are not the same thing. Utilities have to figure out what to do with all this data – should it sit around forever? Should it be destroyed in a timely manner? And somehow, they need to deliver their intentions clearly so that consumers are comfortable with it.”
Jules and Chris will be attending and speaking at the IAPP Practical Privacy Series on December 8 and 9 in Washington, DC. On Tuesday, December 8 IAPP will host a conference devoted exclusively to the Federal Trade Commission and privacy protection. On Wednesday, December 9 IAPP will host a workshop for government privacy professionals, with a special focus on the practical aspects of the latest e-Government initiatives.
Click here for more information or click on the Privacy Calendar.
The 2009 Conference on Cross Border Data Flows, Data Protection and Privacy
Jules will moderate a discussion on November 18th called the “Privacy and Social Networking Services” Panel, from 10:30 to 11:45 a.m., at the 2009 Conference on Cross Border Data Flows & Privacy, hosted by the Department of Commerce in conjunction with the European Commission.
Click here for more information on the conference or visit the Privacy Calendar.
