Today, Christopher Wolf testified before The Judiciary Subcommittee on Privacy, Technology and the Law, chaired by Senator Al Franken (D-Minn.). The hearing, titled “The Video Privacy Protection Act: Protecting Viewer Privacy in the 21st Century,” examined the Video Privacy Protection Act of 1988. The act protects people’s right to control personal information about the movies and videos they rent and watch. However, the applicability of the act is being questioned given the new popularity of and desire to share personal information online via social networks. Chris’ spoken testimony follows and his written testimony can be viewed here. To see video from the hearing, click here.
“Chairman Franken, Ranking Member Coburn, and distinguished members of the Subcommittee. Thank you for the opportunity to testify today.
My name is Christopher Wolf and I am a privacy lawyer at Hogan Lovells, where I lead that firm’s global privacy practice. I am also a privacy advocate. As part of my pro bono work, I won a leading case against the government for violating the Electronic Communications Privacy Act. I am part of a group advising the OECD on its privacy guidelines. I am on the EPIC Advisory Board. And I founded and co-chair the Future of Privacy Forum, a think tank with an Advisory Board from business, consumer advocacy, and academia, focused on practical ways to advance privacy.
Fundamentally, privacy is about control. Indeed, a principal goal of privacy law is to put choices and decisions in the hands of informed consumers.
With the advent of video streaming and social sharing, the Video Privacy Protection Act (VPPA) today stands in the way of consumers exercising control, and thus limits their choices and even limits their free expression. The VPPA, enacted nearly a quarter of a century ago during the Betamax era, was designed to prevent prying into people’s video rental history.
The purpose of the law was not to stop people from sharing information about the videos they watched or to dictate how they share. Indeed, the law’s laudable purpose was to give control and choice to consumers, to let the consumers decide whether and how to share their video-watching information.
In 1988, when the VPPA was enacted, no one dreamed of streaming video and social sharing. So, when that pre-Internet-era law is applied to the world of online video and social media, it can be read to frustrate the choices of consumers to authorize the disclosure, on an ongoing basis, of the streaming movies they have watched online.
For many people, automatic sharing on social media is how they shape their online identities and share ideas. Facebook users commonly utilize a one-time authorization to share a wide range of information – a durable sharing option — with their friends. But when it comes to sharing their online video experiences, the law gets in the way.
Take a person who is an avid online video watcher, watching 100 short videos per week. She wants to share every video that she watches with her friends, just as she shares every song she listens to on the streaming music service Spotify, and just as she shares every item she reads online on the Washington Post through a Facebook social sharing app. But current law suggests she is not fit to make the frictionless sharing decision with respect to the videos she watches.
Should this videophile have to opt in 100 times per week? Does making her do so serve any purpose other than to annoy her and to take needless time? The constant, legally-required interruption to her online experience harkens back to the day when pop-ups had to be clicked just to proceed online. Our frequent video viewer should be given the opt-in choice to share all of her viewing experience, if that is what she wants.
In contrast to the restrictions of the VPPA, there are no legal restrictions on her ability to socially share every e-book she reads. Through a durable sharing option, she easily can share the fact she read the e-book entitled The Girl With The Dragon Tattoo. But the law stands in the way of her similarly sharing the fact that she watched the movie entitled The Girl With The Dragon Tattoo. That makes no sense.
Of course, not everyone wants to share their viewing experiences with their friends online, and they don’t have to share. And if someone prefers to share their video watching experiences on a case-by-case basis, he or she can do so manually, just as people occasionally post news stories they read in the Washington Post on Facebook rather than choosing the automatic sharing option. Similarly, a person who chooses to share on a continuous basis can disable the share function before watching a streaming video that he or she wants to exclude from online posting.
Even though some Senators personally may feel that sharing all the movies one watches is – to use a phrase not heard much anymore – TMI, or “too much information” – people should, as a matter of free expression, be able to share as they choose. And companies should not face legal penalties for providing them with that choice.
As governments around the world, including our own, consider ways to improve their privacy frameworks, there are big decisions to be made. Starting a legislative process in the name of privacy protection, through which lawmakers decide — case-by-case – what information and by what means consumers can share online, seems terribly ill-advised. In contrast, amendment of the VPPA to permit full user choice and control fits squarely within the preferred privacy framework, one that empowers consumers.
Thank you for the opportunity to appear before you today.”
To read Chris and Jules’ opinion piece on video sharing that ran in Roll Call, please click here.
Matt Futch, Global Policy Director, IBM Energy & Utilities, just posted a new op-ed on privacy and the smart grid. Check it out here.
Yesterday, the National Cyber Security Alliance (NCSA) sponsored a privacy event to commemorate Data Privacy Day 2012. The event, called “The Intersection of Privacy and Security,” was held at GW’s Law School. It began with a keynote by FTC Commissioner Julie Brill and was followed by two panels. The panels included Ari Schwartz, Senior Internet Policy Advisor at the U.S. Department of Commerce, and the senior privacy officers from AT&T, Comcast, eBay, Facebook, Intel and MasterCard. Future of Privacy Forum’s Christopher Wolf moderated the event.
Commissioner Brill shared that consumers should not have to give up their personal information as a toll to participate in cyberspace and discussed the troubling trend of opaque data aggregation. As analysts collect and aggregate data about individuals, including their social media behavior, she worried that soon such data could be used to determine insurance rates and applicability for jobs. Commissioner Brill called on data aggregators to make a one-stop-shop that would allow consumers to view data about themselves and correct erroneous data.
Following Commissioner Brill’s remarks, Christopher Wolf moderated two panels that covered a variety of issues on cyber security and privacy. In both panels, the participants talked about how privacy and security are two sides of the same coin; one cannot be had without the other. The panelists also discussed some of the misconceptions people may have about the privacy considerations of companies and the government. Intel’s David Hoffman discussed how the Department of Homeland Security does a much better job on protecting individuals’ privacy than it gets credit for. Facebook’s Erin Egan stated that many consumers do not realize all the privacy and security checks that companies like Facebook put into their products prior to release. AT&T’s Bob Quinn called for more coordination between government agencies, and he noted that data protections on calls made through traditional telecom channels are regulated differently than calls made over voice over internet protocol (VOIP).