Last week, the Privacy Commissioners of Canada, France, Germany, Israel, Italy, Ireland, the Netherlands, New Zealand, Spain and the United Kingdom sent a letter to Google revisiting the privacy issues raised by Google’s introduction earlier this year of Google Buzz. Readers will recall that when Buzz was rolled out, Google automatically assigned Gmail users a network of “followers” from among users’ most frequent Gmail correspondents. This was done without adequately informing Gmail users about how this new service would work, and without providing sufficient information that would allow informed decisions. As stated in the Privacy Commissioners’ letter: “This violated the fundamental principle that individuals should be able to control the use of their personal information.”
The Commissioners’ April 19, 2010 letter was eclipsed in the news by the Icelandic Volcano that caused the absence of the some of the Privacy Commissioner signatories at the Washington, DC Press Conference to discuss the letter and by the simultaneous release by Google of a report on government requests for personal information.
While the letter did not make the front page of newspapers, and while the buzz over the privacy missteps by Google in introducing Buzz may be old news — Google accepted responsibility when it happened, saying it was sorry, and revised the privacy settings — the fundamental issues raised by the Privacy Commissioners in their recent letter deserve further attention. In writing to Google, the Commissioners said:
We therefor call on you, like all organisations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:
• collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
• providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
• creating privacy-protective default settings;
• ensuring that privacy control settings are prominent and easy to use;
• ensuring that all personal data is adequately protected, and
• giving people simple procedures for deleting their accounts and honouring their requests in a timely way.
The Dutch Commissioner observed that the Google letter could be the “last warning” to Google and other online companies with respect to the privacy principles the letter advanced. So, a discussion of data minimization, transparency, default privacy-protective settings, prominent controls, data security and prompt account deletion clearly is in order for companies launching new online services or proposing to change existing services. Just saying “sorry” after a misstep, as Google did with Buzz, will no longer satisfy privacy watchdogs, that seems clear.
The first Online Tracking, Profiling and Targeting event will take place on April 29, 2010 at the One King West Hotel in Toronto. Information is available in the Consultation Notice.
Audience seating is now very limited for this event – please contact us if you still wish to attend.
8:30 – 9:30 am Opening Remarks
Ms. Jennifer Stoddart, Privacy Commissioner of Canada
Mr. Brian Beamish, Assistant Commissioner for Access, OIPC Ontario
Ms. Elizabeth Denham, Assistant Privacy Commissioner of Canada
9:30 – 10:00 am International Context for these Consultations
Mr. David C. Vladeck, Director, Bureau of Consumer Protection, US Federal Trade Commission
10:30 – 11:45 am Panel 1: Advertising
Dr. Avner Levin, Director of the Privacy and Cyber Crime Institute, Ryerson University
Ms. Anne Toth, Chief Privacy Officer, Yahoo
Mr. Jules Polonetsky, Director, Future of Privacy Forum
Ms. Paula Gignac, President, Interactive Advertising Bureau of Canada
1:15 – 2:30 pm Panel 2: Location-based/Geospatial Tracking
Dr. Teresa Scassa, Canada Research Chair in Information Law, University of Ottawa
Mr. Jesse Hirsh, Broadcaster
Mr. Keith McIntosh, Director of Regulatory Affairs, Canadian Wireless Telecommunications Association
Mr. Ross Buchanan, Director of Digital and Relationship Marketing, Molson Coors Canada
Mr. Prashant Shukle, Director General of the Mapping Information Branch, Natural Resources Canada
3:00 – 4:15 pm Panel 3: Children’s Privacy in the Evolving Online Environment
Ms. Sara Grimes, PhD Candidate with the School of Communication at Simon Fraser University
Mr. Matthew Johnson, Media Education Specialist, Media Awareness Network
Ms. Catherine Connors, parenting blogger and author of www.HerBadMother.com
Dr. Jacquelyn Burkell, Associate Professor, Faculty of Information and Media Studies, University of Western Ontario
The growth in scale, diversity and complexity of data has increased the demand for understanding large amount of heterogeneous data. The Information Integration and Informatics (III) program focuses on the processes and technologies involved in creating, managing, visualizing, and understanding this heterogeneous data. Given the III focus, the workshop goals include:
Analyzing and focusing on the research and development issues of problems that are fundamental in making progress toward understanding complex data;
Specifying current and new areas where major breakthroughs appear possible;
Identifying needed collaborations (e.g., inter-disciplinary, academic-industry); and
Identifying research initiatives and facilities needed to meet current and future challenges.
In addition, conference participants will share accomplishments, provide demonstrations and interact with each other. They will also discuss the objectives, contributions and challenges of major research activities funded by the Information, Integration and Informatics program. Finally, the workshop will provide participants an opportunity to explore fruitful collaboration and synergism.
April 22-23, 2010
Rosslyn, VA
A lot has changed technologically, and otherwise, since the Electronic Communications Privacy Act (ECPA) was enacted in 1986. In addition, the law has never been a model of clarity. I litigated a case under ECPA in the late-90’s, McVeigh v. Cohen, representing an individual against the government when the Navy violated ECPA by obtaining online information about my client from AOL without a warrant or consent. In that case, the government actually argued, based on tha statutory language, that ECPA did not apply directly to it, only the online provider. (It lost that argument).
The need for greater clarity in and modernization of ECPA has led to a consortium including Microsoft, Google, AT&T, CDT and the ACLU calling itself “Digital Due Process,” whose tag line is “Modernizing Surveillance Laws for the Internet Age”. The group is calling for requirements that the government obtain a search warrant before obtaining any private communications or documents stored online and before it can track cell phone or other mobile device locations, that the government demonstrate to a court that the data it seeks is relevant to a criminal investigation before monitoring e-mail, instant messaging, text messaging and the telephone, and that there be better protection against bulk data requests concerning an entire class of users. The group hopes to eliminate “a patchwork of confusing standards that have been interpreted inconsistently by the courts”. FPF applauds this effort at ECPA reform.
Jules Polonetsky Smart Grid Interview w LBN Host Scott Drake
Privacy and the Smart Grid: How to Address Consumer Concerns Without Jeopardizing the Growth of the Grid
A web conference, Tuesday, April 13, 2010, 2:00 PM – 3:30 PM Eastern
Click here or call 888-471-4447 (+1-301-769-6804) to register!
YOUR PRESENTERS:
Lillie Coney, Associate Director, Electronic Privacy Information Center
Annabelle Lee, Senior Cybersecurity Strategist, Computer Security Division, NIST
William Levis, Director, Colorado Office of Consumer Counsel
Jules Polonetsky, Co-Chairman and Director, Future of Privacy Forum
Sam Spencer (Moderator), Editor and Publisher, Smart Grid Today
Click here for more information.
The Network Advertising Initiative report released today, showing the performance and value of behavioral advertising, demonstrates the importance of policy-makers and businesses getting the balance of controls right in this area. We need to ensure that data enhanced advertising can continue to play a role in the ad economy, but we also need to provide users with better controls so they can more easily choose to be in or out. But, most critically, we need to create a transparent and respectful value proposition. Consumers do not care about the value of behavioral advertising to the economy or how well it works for marketers. They care about the value to themselves, personally! How does it make my experience better? How does it put me more in control of my experience and help me in any way?
Only by demonstrating the value to both business and consumers will behavioral advertising be able to flourish without constant policy and advocacy push back. The ad icon and messaging that FPF and WPP tested with consumers is a step “”for the good”, as FTC Consumer Protection Director David Vladeck said at last week’s FTC Privacy Roundtable. If the leading trade groups that have adopted this symbol as part of their self-regulatory efforts succeed in their plans to add a serious educational program around the symbol, it could be a key step towards the “information respect” called for by privacy experts like Professor Joseph Turow. Profile viewers and improved opt-out tools are also examples of progress from leading NAI companies, but we are hoping for the next steps toward meaningful consumer engagement in the year to come.
The icon and label notice that FPF and WPP designed and the leading trade groups have adopted is a key step in the right direction, as are profile viewers and improved opt-outs.
Last week, two events generated press coverage about privacy advocates sounding the alarm about privacy and the smart grid. The California Public Utilities Commission (CPUC) held a smart grid hearing which included a focus on consumer privacy and the White House Office of Science and Technology Policy collected comments on the topic of who owns consumer energy data and who should get access to it. (To see FPF’s comments to the OSTP, click here.) Businesses are starting to wonder whether consumer privacy could limit the data they need to optimize demand response management or delay smart installations due to consumer push-back. They are right to be worried because the concerns are real.
How should the industry respond? Hiding from the issue or hoping regulators solve the problem for companies are not strategies likely to succeed when innovation that can allow both data use and consumer control is needed. We think that the potential benefits to the causes of energy conservation, green jobs, and the environment are too valuable to be allowed to fail.
Over the past year, FPF’s Smart Grid Privacy Working Group of businesses and advocates has worked extensively with the Gridwise Alliance to address these concerns. We held the first conference focused on Privacy and the Grid, with the White House, regulators, advocates and business participating. We wrote a white paper with Ontario Privacy Commissioner Ann Cavoukian laying out how “privacy by design” can be a key strategy to addressing grid privacy development.
We have established SmartGridPrivacy.org as a clearing house for resources related to privacy and the smart grid. And today, we are part of the launch of the Smart Grid Consumer Collaborative (SGCC), which is a new industry collaborative to help build consumer engagement in the rollout of the smart grid. SGCC includes consumer electronics and technology companies, retailers, consumer advocacy groups, and utilities that are dedicated to finding solutions that maximize the value of the grid for consumers.
The FCC Broadband Plan released last week calls for consumers to be able to access their power data so that “innovation” in the home can be unleashed to create new tools, new features and new advances that will encourage users to save energy. If privacy innovation is also part of the innovation agenda, we are sure that the data needed to power the grid can also serve to empower consumers.