June 29, 2012 – Advertising industry says they collect user data to protect us, Death and Taxes

The Senate Commerce Committee, led by Senator Jay Rockefeller, yesterday held its “The Need for Privacy Protection: Is Industry Self-Regulation Adequate?”

Mobile Apps and Privacy to be the First Issue Considered in the White House Plan for Enforceable Privacy Codes of Conduct

Future of Privacy Forum has applauded the The Commerce Department’s National Telecommunications and Information Administration’s decision to focus on mobile apps as the first issue to tackle in the upcoming multistakeholder process. In an op-ed, published yesterday in Politico, FPF’s Jules Polonetsky and Chris Wolf explain what the multistakeholder process will mean for industry representatives, privacy advocates, and users and why this is the perfect time to establish baseline codes of conduct in the mobile app ecosystem.

To read the full article, click here.

June 26, 2012 – Orbitz Asks: Are You A Mac Or A PC?, MediaPost

If you visit Orbitz.com and search for hotels, the offers you’re shown might differ depending on whether you’re using a Mac or a PC.

FPF Releases Model Short Consent Form for Third Parties Seeking Access to Consumer Energy Usage Data

Today, FPF released a model short consent form for third parties seeking to access consumer energy usage data. FPF is committed to supporting a flexible framework that ensures consumer privacy protections while still supporting the development and growth of new products and services. To view the form, click here.

Smart Consent Form

Model Short Consent Form

Click above to see what a model short consent form for a hypothetical smart water heater could look like.

Facebook Agrees to California's Mobile App Privacy Plan

Facebook recently signed California’s Joint Statement of Principles, first announced in February 2012 and signed by six other app store providers: Apple, Google, Microsoft, Amazon, Hewlett-Packard, and Research in Motion. Upon launching their App Center, Facebook already required apps to provide notifications and hyperlink to a privacy policy.  Per the agreement, Facebook apps that collect personal information will now have to provide their privacy policy upfront, before a user installs the app. Furthermore, the app’s privacy policy must specify the data collected, how it will be used, and with whom it will be shared. Click here for more information.

June 25, 2012 – The more you encrypt, the more the government breaks into your cloud, Network World

Your online privacy has never been less private; try to protect it with encryption and the government steps around you via stored records in the cloud.

June 21, 2012 – Republicans call for FCC reform in wake of indecency ruling, Hillicon Valley

GOP Reps. Fred Upton (Mich.) and Greg Walden (Ore.) used the Supreme Court’s indecency ruling on Thursday to push for their bill to overhaul how the Federal Communications Commission (FCC) operates.

EU Official Validates Position That Governmental Access to Data in the Cloud is Similar in US and EU

The notion that governmental access is similar in the European Union and the United States was validated on the political level this week by Megan Richards, EU Commission Acting Deputy Director General for Information Society and Media.  Speaking at the Cloud Computing World Forum in London, Ms. Richards asserted that, “theoretically, it shouldn’t matter where data is held as long as our rules apply…the legislation in the US is not so different from the legislation we have in the EU.”

Interestingly, the use of US infrastructure for European Cloud Services is lamented in some European quarters. Critics ultimately question whether data protection measures, especially those restricting governmental access to data, are adequately established in the US. As discussed below, doubts about US legal frameworks are often based on “misconceptions [which] encourage speculation that governmental access to data stored in the cloud is more likely in some places than in others.”

In the meantime, Europe’s goal to support a speedy uptake of Cloud Computing, including the development of Cloud infrastructure in Europe is under way. The Commission’s “European Cloud Strategy,” which is set to be released this summer by DG Information Society and Media (soon to become DG Communications Networks, Content and Technology), aims “to ensure that Europe becomes not just Cloud-friendly, but Cloud–active.” European critics of the US approach assume that the cloud strategy will mean more Cloud infrastructure in Europe.

European Commission Vice-President Neelie Kroes (who is leading the initiative) has however informed stakeholders that Europe’s Cloud Strategy is “not about building a European super-Cloud,” and that “Cloud business models…should be determined by efficiency considerations in the market.” “Market Based considerations” could justify a continued reliance on US based infrastructure for European Cloud Services, because many major Cloud databases are already established in the US.

FPF’s Christ Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Hogan Lovell’s Paris Office partner, Winston Maxwell, recently released a white paper on governmental access to data in the Cloud. The white paper “debunks faulty assumption that US access is unique” with an expository survey comparing governmental data access laws in ten countries (including some EU member states) as well as governmental authorities’ ability to access data stored in databases outside their jurisdiction through the use of Mutual Legal Assistance Treaties.

It will be interesting to see how an honest analysis of governmental access regimes across jurisdictions could affect the European Cloud Strategy and create the potential for a continued reliance on US based infrastructure for European Cloud services.

Future of Privacy Forum applauds the NTIA Focus on Mobile Apps

The National Telecommunications and Information Administration (NTIA) announced that the first focus of its multistakeholder process will be on transparency in mobile applications. The first meeting is set for July 12, 2012, to be considered for participation, fill out an “expression of intent” form with NTIA.

The announcement came at the US Chamber of Commerce Telecommunications and E-commerce Committee meeting, where NTIA Assistant Secretary for Communications and Information Lawrence Strickling further discussed the multistakeholder process.

Mr. Strickling emphasized his goal of achieving broad participation from industry representatives, civil society, and academics in an effort to establish quality, credibility, and acceptance of the code of conduct established during the multistakeholder process.

With reference to facilitating consensus, Mr. Stickling cited the use of a professional facilitator to help “set a plan” and ensure productivity. Mr. Strickling said that he expected the first meeting to include as many as several hundred people, but that group would likely naturally narrow as the process continued.

Mr. Strickling emphasized two major aims of the multistakeholder process: (1) fleshing out the principles laid out in the White House’s “Consumer Bill of Rights” through codes of conduct and  (2) ensuring voluntary adoption of the codes of conduct by companies, which will make them subject to Federal Trade Commission enforcement.

FPF Director and Co-chair Jules Polonestsky said, “Kudos to NTIA for focusing on the mobile app ecosystem, which provides incredible value to consumers, but is also the cause of increasing privacy concerns. As the world has moved from one where carriers controlled what is on your phone to a turbulent environment of hundreds of thousands of small app developers and other data collectors, it is critical that all the players in the mobile ecosystem come together to find the right balance.” Following Mr. Strickling’s remarks at the Chamber, Polonetsky participated on a panel discussing the merits of the  multistakeholder process along with Berin Szoka of TechFreedom, Sarah Hudgins of the IAB, and Dan Caprio of Mckenna Long & Aldridge LLP.

FPF Mobile App Resources:

FPF App Ecosystem Chart

FPF App Summit

FPF APP Developer Education Site

Jules Polonetsky and Chris Wolf: App developers, not regulators, are best suited to solve privacy problems