What Do the FTC and Commerce Reports Mean for the Future of Privacy?

It’s been an extremely busy few weeks in the privacy world as of late.   A little more than two weeks ago, the FTC released their long-awaited staff report on “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,”  and yesterday the Department of Commerce’s Internet Safety Task Force released their privacy Green Paper,  “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”  The reviews on both have ranged across both ends of the spectrum and have brought increased media attention to the ideas of a ‘Do Not Track’ list, a ‘Privacy Bill of Rights,’ and the creation of a Federal CPO.

But now it’s time for a little more research into what privacy enthusiasts really think of these two reports.  What will they mean for the future of privacy and how will they impact our national policy when it comes to privacy protections for consumers?  Will they spur legislation or will the industry see them as a signal to start embracing stronger self-regulation mechanisms?

We want to know what privacy enthusiasts think of the latest reports from the FTC and Department of Commerce so we’re asking all those interested to participate in a brief survey.  The survey can be seen here (link expired) and should take no more than five minutes to complete.  All participants should complete the survey no later than January 7, 2011, and we will announce the results shortly thereafter.

We look forward to your thoughts and thank you in advance for participating!

FPF Statement on Department of Commerce Privacy Report

Future of Privacy Forum Releases Statement on

Department of Commerce Privacy Report

Co-Chairs Available for Additional Comment

WASHINGTON – Today, the Internet Policy Task Force at the U.S. Department of Commerce released their Draft Privacy Green Paper entitled, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” The Future of Privacy Forum (FPF) released the following statement in response to the report. This statement should be attributed to Jules Polonetsky and/or Christopher Wolf, co-chairs of the Future of Privacy Forum:

“The report is a sophisticated effort to advance consumer privacy without thwarting innovation.  Although it sets a framework that will influence legislation, it creates an alternate path for a mode of government initiated self regulation, with advocates at the table and the FTC providing enforcement.  If businesses respond by seriously engaging in efforts to advance fair information practices, the U.S. has the chance to take back the international privacy leadership role it once had.”

Polonetsky and Wolf are also available for additional comment to interested media.  To schedule an interview please contact Ted Kresse at 202.777.3719 or [email protected].

The Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups.

For Immediate Release: December 16, 2010

Media Contact:

Ted Kresse

202.777.3719

[email protected]

###

Commerce Privacy Report: FPF Comment

The report is a sophisticated effort to advance consumer privacy without thwarting innovation.  Although it sets a framework that will influence legislation, it provides a creative alternate path for mode of government initiated self regulation, with advocates at the table and the FTC providing enforcement.  If businesses respond by taking to call to serious engage in efforts to advance fair information practices, the US has the chance to take back the international privacy leadership role it once had.

Christopher Wolf and Jules Polonetsky

Commerce Department Privacy Report

Chris provides a great summary of the Commerce Department Privacy report over here at the Hogan privacy blog.

EU Data Protection Supervisor's Interview at Hogan Lovells London

Chris participated in an interview presentation with Peter Hustinx, European Data Protection Supervisor, while in Europe for the IAPP Privacy Congress is Paris last week. Take a look at his blog post with a recap of his observations.

EU Data Protection Supervisor’s Interview at Hogan Lovells London

European Data Protection Supervisor Peter Hustinx traveled in frigid, snowy conditions from Brussels to London on 2 December for an interview presentation at the London Offices of Hogan Lovells attended by lawyers from the Hogan Lovells global Privacy and Information Management Practice as well as clients and friends of the firm.

Read more here.

Guest Post: The International Association of Privacy Professionals’ First Europe Data Protection Congress

Please find guest post below by Monique Altheim, Esq., CIPP, an EDiscovery and Privacy attorney. Also, be sure to check out her other writings on eDiscoveryMap.com!

The International Association of Privacy Professionals’ First Europe Data Protection Congress

By: Monique Altheim

I recently attended the International Association of Privacy Professionals’ (IAPP) very first Europe Data Protection Congress in Paris on November 29 and 30.

The attendee list was impressive:

The timing of this conference could not have been more opportune, as it took place in the wake of a ground breaking Communication by the European Commission on November 4, announcing a global overhaul of the current EU Data Protection framework.

In this communication, the European Commission announced that fifteen years after the original 1995 Data Protection Directive was enacted, the original twofold objective of protecting the fundamental right to data protection as well as of achieving the free flow of data in the internal European market is still valid.

However, two factors have caused the 1995 Directive to have become too outdated to guarantee these two objectives : The rapid technological advances and the globalisation in the ways information is collected, stored and transferred.

These dramatic changes were reflected in some of the topics debated during the breakout sessions:

This panel, presided over by Ruth Boardman, partner at Bird & Bird, stressed the fact, that for once the European Union had been inspired by the US initiatives in Breach Notification Legislation.

Again, it is the exponential growth in personal data holdings and the increased outsourcing of data to third countries and to the “cloud” that have caused increased data breach scandals and have required changes in the Directive. Some EU member states, like Germany, already have enacted a national general data breach law (Section 42 a FDPA- September 2009), but most others will have to implement their national laws once the new legal framework is in place.

Other important suggestions for consideration in reframing the Directive by the Commission are : The right to be forgotten, Privacy by Design, greater transparancy in internet related data collections, data portability rights, achieving more harmonization among the vastly different implementaions into national laws by the member states, the requirement of mandatory privacy officers in companies and organizations, the requirement of privacy impact assessments upon introducing new systems and technologies in companies and organizations, and strengthening as well as harmonizing enforcement of the Directive.

Concluding the panel on the revision of the 1995 Directive, Henriette Tielemans of Covington & Burling asked the European Commission representative Thomas Zerdeck: “Will the new baby be a directive or a regulation?” to which Thomas, in his usual style, replied: “This is way too complex. You will find out in 2011.”

The European Commission has opened a public consultation period (from November 4, 2010, to January 15,2011) to obtain views on its ideas for addressing new challenges to personal data protection in order to ensure an effective and comprehensive protection to individuals’ personal data within the EU.

They welcome contributions from citizens, organisations (i.e., Non-Governmental Organisations, businesses) and public authorities.

Thus all stake holders have a chance to be part of this sweeping overhaul of the European Union Data Protection framework.

http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm

Dec. 7, 2010 – Microsoft, Spurred by Privacy Concerns, Introduces Tracking Protection to Its Browser, NY Times

Jules Polonetsky, the co-chairman and director of the Future of Privacy Forum, said users would most likely decide to use lists published by Web sites they trusted instead of creating their own, adding that most people would likely ignore the option all together.

“The average user is not going to have a list of 500 ad networks and 600 analytics companies,” Mr. Polonetsky said. “They end up relying on a privacy watch dog to give them a do-not-track list that the browser will respect.

 

Dec. 7, 2010 – Microsoft unveils new privacy feature for IE, BusinessWeek

Jules Polonetsky, former chief privacy officer for AOL Inc. and online ad network DoubleClick, which is now owned by Google Inc., said that while most consumers probably won’t use the new Internet Explorer features, they will likely appeal to people who are concerned about online privacy.

 

Digital Privacy Forum – January 20, 2011

The Digital Privacy Forum will take place January 20, 2011 at the New Yorker Hotel in New York City.

Program and Speakers

Register by December 15 for the early-bird rate!

FPF's "Do Not Track" Demystified Audio Recording

In case you were unable to join us for the December 1 “Do Not Track” Demystifed event, below is a link of the event’s audio recording. Forgive the white noise in the beginning (fast-forward about 10 minutes.)

http://fpf.org/wp-content/uploads/2010/12/Do-Not-Track.mp3