June 29, 2012 – James Grimmelmann and Peter Swire Testify on Do Not Track, TAP

Recognizing that consumer information is the currency of the web, both sides of Congress have recently held hearings to work toward an understanding of how to balance the needs of businesses for user data and the needs of consumers to have some control over their personal online information.

June 29, 2012 – Advertising industry says they collect user data to protect us, Death and Taxes

The Senate Commerce Committee, led by Senator Jay Rockefeller, yesterday held its “The Need for Privacy Protection: Is Industry Self-Regulation Adequate?”

Mobile Apps and Privacy to be the First Issue Considered in the White House Plan for Enforceable Privacy Codes of Conduct

Future of Privacy Forum has applauded the The Commerce Department’s National Telecommunications and Information Administration’s decision to focus on mobile apps as the first issue to tackle in the upcoming multistakeholder process. In an op-ed, published yesterday in Politico, FPF’s Jules Polonetsky and Chris Wolf explain what the multistakeholder process will mean for industry representatives, privacy advocates, and users and why this is the perfect time to establish baseline codes of conduct in the mobile app ecosystem.

To read the full article, click here.

June 26, 2012 – Orbitz Asks: Are You A Mac Or A PC?, MediaPost

If you visit Orbitz.com and search for hotels, the offers you’re shown might differ depending on whether you’re using a Mac or a PC.

FPF Releases Model Short Consent Form for Third Parties Seeking Access to Consumer Energy Usage Data

Today, FPF released a model short consent form for third parties seeking to access consumer energy usage data. FPF is committed to supporting a flexible framework that ensures consumer privacy protections while still supporting the development and growth of new products and services. To view the form, click here.

Smart Consent Form

Model Short Consent Form

Click above to see what a model short consent form for a hypothetical smart water heater could look like.

Facebook Agrees to California's Mobile App Privacy Plan

Facebook recently signed California’s Joint Statement of Principles, first announced in February 2012 and signed by six other app store providers: Apple, Google, Microsoft, Amazon, Hewlett-Packard, and Research in Motion. Upon launching their App Center, Facebook already required apps to provide notifications and hyperlink to a privacy policy.  Per the agreement, Facebook apps that collect personal information will now have to provide their privacy policy upfront, before a user installs the app. Furthermore, the app’s privacy policy must specify the data collected, how it will be used, and with whom it will be shared. Click here for more information.

June 25, 2012 – The more you encrypt, the more the government breaks into your cloud, Network World

Your online privacy has never been less private; try to protect it with encryption and the government steps around you via stored records in the cloud.

June 21, 2012 – Republicans call for FCC reform in wake of indecency ruling, Hillicon Valley

GOP Reps. Fred Upton (Mich.) and Greg Walden (Ore.) used the Supreme Court’s indecency ruling on Thursday to push for their bill to overhaul how the Federal Communications Commission (FCC) operates.

EU Official Validates Position That Governmental Access to Data in the Cloud is Similar in US and EU

The notion that governmental access is similar in the European Union and the United States was validated on the political level this week by Megan Richards, EU Commission Acting Deputy Director General for Information Society and Media.  Speaking at the Cloud Computing World Forum in London, Ms. Richards asserted that, “theoretically, it shouldn’t matter where data is held as long as our rules apply…the legislation in the US is not so different from the legislation we have in the EU.”

Interestingly, the use of US infrastructure for European Cloud Services is lamented in some European quarters. Critics ultimately question whether data protection measures, especially those restricting governmental access to data, are adequately established in the US. As discussed below, doubts about US legal frameworks are often based on “misconceptions [which] encourage speculation that governmental access to data stored in the cloud is more likely in some places than in others.”

In the meantime, Europe’s goal to support a speedy uptake of Cloud Computing, including the development of Cloud infrastructure in Europe is under way. The Commission’s “European Cloud Strategy,” which is set to be released this summer by DG Information Society and Media (soon to become DG Communications Networks, Content and Technology), aims “to ensure that Europe becomes not just Cloud-friendly, but Cloud–active.” European critics of the US approach assume that the cloud strategy will mean more Cloud infrastructure in Europe.

European Commission Vice-President Neelie Kroes (who is leading the initiative) has however informed stakeholders that Europe’s Cloud Strategy is “not about building a European super-Cloud,” and that “Cloud business models…should be determined by efficiency considerations in the market.” “Market Based considerations” could justify a continued reliance on US based infrastructure for European Cloud Services, because many major Cloud databases are already established in the US.

FPF’s Christ Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Hogan Lovell’s Paris Office partner, Winston Maxwell, recently released a white paper on governmental access to data in the Cloud. The white paper “debunks faulty assumption that US access is unique” with an expository survey comparing governmental data access laws in ten countries (including some EU member states) as well as governmental authorities’ ability to access data stored in databases outside their jurisdiction through the use of Mutual Legal Assistance Treaties.

It will be interesting to see how an honest analysis of governmental access regimes across jurisdictions could affect the European Cloud Strategy and create the potential for a continued reliance on US based infrastructure for European Cloud services.