10 - 2011 - Future of Privacy Forum

FTC Says Significant Steps Made For DNT- Still Work To Be Done

FTC Commissioner Julie Brill spoke at the Online Trust Alliance (OTA) Forum today and noted that the “industry has really stepped up to the plate” since the Commission released its Staff Report in Dec. 2010. Since the Report, browser companies including Microsoft, Mozilla, and Apple have implemented different models of Do Not Track. On the advertiser side, the Digital Advertising Alliance (DAA) has launched a self-regulatory program that uses a cookie-based Advertising Option Icon. “We are looking to see how effective they [industry responses] are and how easy it is for consumers to use these mechanisms,” said Commissioner Brill. She does not believe “we’re going to see a vast exodus of consumers from current Web sites or opting out of the way their information is used.” “Some consumers are going to want relevant ads.” “I don’t see this as a toggle switch- on or off,” but rather “a place where consumers can choose through a dashboard mechanism what they want to do.” She further stated that the World Wide Web Consortium (W3C) Tracking Protection Working Group is working around issues like “what does tracking mean” and other technical issues. “These are all incredibly positive developments, but it is still a work in progress.”

MMA Releases Privacy Policy Guidelines for Mobile Apps

The Mobile Marketing Association (MMA) released a mobile app model privacy policy document on Monday for public comment. “The guidelines are intended to provide ways to give the mobile application developer with clear and transparent policy language that can be quickly and completely understood by the consumer,” said MMA Global CEO Greg Stuart. Read more about the Guidelines here.

PrivacyChoice Launches New Resource Center for App Developers

PrivacyChoice CEO and FPF Advisory Board member Jim Brock announced a new privacy resource center for app developers at today’s Online Trust Alliance 2011 Forum. Features include PrivacyChoice’s Policymaker tool, sample templates, code resources, and other guidance. Read more about the center here.

The State of Mobile: The What and Where of Mobile Privacy

FPF Director and Co-chair, Jules Polonetsky presented along with other leading industry professionals at the OTA Forum Workshop titled, “The State of Mobile: The What and Where of Mobile Privacy. Redefining the role of business and industry.” Jules Polonetsky highlighted some of the issues with having mobile privacy policies. “Is anyone actually eager to read a long mobile privacy policy?” “One way or another we have to communicate to users how data will be used,” said Jim Brock, President and Founder of PrivacyChoice, who recently released PrivacyChoice Policymaker for mobile apps and sites, a tool that summarizes to users how data is used in less than eighteen syllables. Justin Brookman, Director, Center for Democracy & Technology (CDT), responded that there should still be a place where the entire privacy policy is discoverable, as it is probably hard to explain the full extent to which data is used in such a tool.

“UDID [Unique Device Identifiers] is not the concept of personal information that most people have. Having a unique identifier has some real advantages,” said Morgan Reed, Executive Director, Association for Competitive Technology (ACT). For example, an educational app can inform invested parties such as parents and teachers when a child completes his homework or how to restore data from an app that was accidentally deleted. Polonetsky added that more responsible networks are hashing the UDID and offering consumers a choice of opting out.

“It is important to remember that this whole industry has only existed since 2008. Advertising in mobile apps is less than 24 months old,” stated Reed. Given that apps are so recent, he stressed that the app industry needs a chance to experiment and even make some mistakes in order to fully realize the business model and potential for growth.

Google Makes Encryption and Privacy of Searches Easier for Users

Kudos to Google, which will now ensure that the searches of its users are protected from Wi-Fi hackers or rogue Web snoops. On Tuesday, Google announced that it will begin encrypting search queries and results of users who are logged into their Google accounts. Previously, if users wanted to search the Internet securely over an encrypted HTTPS connection, they would have to direct themselves to Google’s secure search page. This will change over the next few weeks, as Google implements default encryption for logged in account holders. Read more about the change here.

School administrators or others who may be required to monitor searches will have a work around, but it will result in users being informed that those searches aren’t protected. Advertisers who track which search terms bring users to their sites will need to rely on Google’s web master tools, rather than analyzing the search queries that are transmitted when users click on search results.

House Hearing on Consumer Privacy

“It’s the reputational harm that we are all concerned about,” said Chairwoman Mary Bono Mack (R-CA) at today’s hearing, the fourth in a series of hearings on online privacy. Members of U.S. House’s Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade were in disagreement over how to best protect consumers online as consumer attitudes toward privacy evolve. (more…)

FPF Advisory Board Makes Up 2/3 of Witnesses at Hearing

Today, the Subcommittee on Commerce, Manufacturing, and Trade of the House Energy and Commerce Committee has a hearing entitled “Understanding Consumer Attitudes About Privacy.” Four of the six witnesses appearing before the subcommittee are Advisory Board members (or, in the case of Microsoft, representing a company whose CPO is on our Advisory Board). (more…)

To Track or “Do Not Track” – that is the Question

By Omer Tene

Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum, and I are delighted to announce that our paper, “To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” has been accepted for publication in the Fall 2011 issue of the Minnesota Journal of Law, Science, and Technology (MJLST).

The paper, which was presented at the last Privacy Law Scholars Conference (PLSC) in Berkeley, reviews and criticizes the current debate on online behavioral tracking, including the Federal Trade Commission’s Do Not Track (DNT) proposal.

The past decade has seen a proliferation of online data collection, processing, analysis and storage capacities leading businesses to employ increasingly sophisticated technologies to track and profile individual users. The use of online behavioral tracking for advertising purposes has drawn criticism from journalists, privacy advocates and regulators. Indeed, the behavioral tracking industry is currently the focus of the online privacy debate, with DNT at the center of attention. We point out that the debate surrounding DNT and specific details of its implementation disguises a more fundamental disagreement among stakeholders about deeper societal values and norms. Unless policymakers address this underlying normative question – is online behavioral tracking a societal good or an unnecessary evil – they may not be able to find a solution for implementing user privacy preferences. (more…)

FPF Comments on Study Revealing that Websites are Leaking Consumer Data

WASHINGTON (October 11, 2011)-In response to the report released today at the webcast event, “Yes, They Really Know It’s You: The Digital Collection of Personal Information from Consumers and Citizens,” sponsored by various privacy organizations, the Future of Privacy Forum issued the following statement:

What the study fails to emphasize is that most companies targeting ads online have no use for personal information. If they are getting that kind of information, it is most likely because of inadvertent mistake. Still, web sites should pay attention to avoid mistaken exposure of personal information, and ad networks should take care not to collect such information if it mistakenly is exposed to them. And every company involved should be thinking of how to innovate around new ways to help users understand and control their online experience. (more…)

IAPP Web Conference on Oct 12: A Decade of Privacy Since 9/11

FPF Advisory Board members Professor Peter Swire and Nuala O’Connor Kelly will participate in an IAPP Web Conference on Wednesday, October 12: “A Decade of Privacy Since 9/11.”

“A decade after 9/11, governments and corporations have dramatically changed their data privacy and security practices and policies. To protect national and homeland security, many new forms of data are being collected and shared among far more players than ever before, and private sector use of rich personal profiles has proliferated. At the same time, there are far more rules and policies about how to limit unauthorized collection and sharing. This panel features global leaders who were at the center of the key decisions and debates about how to handle privacy after 9/11. Listen in and join the conversation as they reflect on what was done right, and what can be done better in the decade to come.”