Digital Privacy Forum: EPIC’s Marc Rotenberg Reveals 5 Ways That 2011 Will Be The Year Of Web Consumer Privacy Laws

Marc Rotenberg, Executive Director for the Electronic Privacy Information Center (EPIC), explained at the recent Digital Privacy Forum that several factors and consumer concerns have led to a rise of thinking about digital consumer privacy laws The Georgetown professor predicts that 2011 will be the year of debate over these laws.

Marc began by discussing that he’d just come from Washington, and 3 major digital privacy issues were already on the table in front of the Supreme Court, including “Does the constitution defend information privacy” and “Can the police make requests for a user’s digital ID with no probable cause.” Quite a way to start off the year, and signs of things to come.

He went on to explain EPIC, his organization. They began years ago as a group to represent the people in the face of growing identity and privacy tools available in the market. Their first move was to protect encryption as essential for proper e-commerce, and have moved on to address key issues related to privacy. Marc then listed 5 key areas related to consumer privacy, and discussed how government will be involved.

“Do Not Track”

Less than a year ago, the phrase meant nothing, but it now is backed by members of Congress. Why is it popular? The public is concerned about having some sort of way to defend themselves against potentially intrusive interactive advertising. People don’t want to be at the mercy of advertisers who prey on their personal information and inundate them with ads. It’s similar to the “do not call” list which took off as a way for consumers to ask to not be solicited by phone.

The reason “do not tracK” is titled as such and linked to ‘do not call’ is because of its success. More people have signed up for “do not call” than voted in the last election.

The Role of the FTC

America is one of the only developed countries in the world without an organization on the side of the people versus potential privacy invasions. Someone had said recently to Marc, we don’t want to be “too bureaucratic”, but he sees that as an excuse to not create a federal organization. What we have now in the United States are different offices picking up different areas, and one of those is the Federal Trade Commission. The FTC is dedicated to protecting consumers in trade situations like the fraudulent sales of merchandise or even identity theft. In terms of online, the FTC can go after “unfair or deceptive” trade practices. For instance, the FTC struck down Microsoft’s “Passport” system when they felt the single log in would be unfair for consumers by reducing their ability to choose. This was proposed to the FTC by EPIC, among others.

The Role of the FCC

Google Streetview — Why would the Federal Communication Commission be interested in this? In 2011, because it seems that they have violated some American privacy codes, and this is their domain.. And so Google may have to face an interesting year as the FCC determines just how public collection of information affects consumers. The FCC is famously involved in net neutrality as well, which defends consumer choice on the web. Expect the FCC to start putting pressure on location-based services in general, this year.

Facebook and the Prospect of Legislation

Facebook has this ‘remarkable relationship with privacy’, and legislators have only begun their task of learning to regulate these types of social services. Last month, Facebook proposed to make home addresses and phone numbers available to app developers. The problem was that there wasn’t a lot of information about how these app developers would be using the information, and obviously these could be easily exploitable. Users sign up for applications without thinking, and it would be incredibly easy for a scam application to gain access to critical personal user information just by creating a viral “hot or not” style application.

The good thing for consumers is that Facebook is responsive to users. The negative is that users keep having to go through this process of pushing back, and Facebook concedes a bit, waits out the storm and then marches onwards. The privacy of users needs to be respected, according to Marc (and EPIC). Marc went to Facebook and explained that it was unfair if the consumer is under one impression of how their data is going to be used: the company can’t change it without letting the user make that clear decision.

The Facebook privacy settings were the most upsetting. Facebook had set up an elaborate system where users could control their privacy using a ‘grid’ to point out which of their information was available to users. A ton of users come in, make their decisions, and all of a sudden Facebook decides on a whim that they’re going to change it all up. It’s tiring for users, and unreasonable, to constantly update your settings and be uncertain of what is actually happening with your data.

International Privacy Frameworks

According to Mark, the issue that’s rising to the top is how the European Commission is concerned with Americans not being able to properly secure the privacy of Europeans that use their services. It’s now become an international affair, and focuses on the information collected by American companies. The problem is that when privacy is broken, there isn’t a whole lot of punishment going on in the United States. The Europeans will continue to put this pressure on, and this may set the stage for an international privacy framework.

After Marc explained his key points, a question came up about the difference of perspective between the American and Europeans of information privacy. Americans can view it through a ‘real-estate’ lens, while Europeans see it as a human rights kind of issue. Marc made an excellent point that differing strategies can come to the same conclusion. Nobody wants people to really be ‘selling’ people’s identifications, but this is something that some elements seem less opposed to.