FTC Initiates Data Broker Study, Will Release Revised COPPA Rule Tomorrow

Finishing up a very busy year on the privacy front, the Federal Trade Commission (FTC) today announced that it is initiating a study on the “Data Broker Industry’s Collection and Use of Consumer Data.” The Commission issued orders requiring nine “data brokerage companies” to provide the agency with information about how they collect and use data about consumers, and it will use the responses it receives to prepare a study and to make recommendations on whether, and how, the data broker industry could improve its privacy practices.

And the Commission announced that the much-anticipated revisions to the COPPA Rule, providing regulations for Internet sites and services directed towards children, will be released tomorrow. Stay tuned.

Data Broker Briefing Reveals Complex Data Ecosystem

Last week, in a briefing convened by the Congressional Privacy Caucus, co-chairs Ed Markey (D-MA) and Joe Barton (R-TX) explored the roles of “data brokers,” along with two chief regulators from the FTC, Chairman Jon Leibowitz and Commissioner Julie Brill. The briefing and discussion was wide-ranging, and if anything, it seemed to raise more questions than provide answers.

If there was one single over-arching takeaway for me, it was that there exists a very complex data ecosystem that includes consumers, businesses and governments, and it’s increasingly difficult to label entities for purposes of creating new laws and regulations. I have written a blog post summarizing the key themes I took out of this briefing at the SIIA Digital Discourse blog.

SIIA Calls for Legislation to Fight Patent Trolls

Last week, SIIA joined with several other trade associations to issue a formal call on Congress to enact legislation that provides more safeguards to prevent the economic and consumer harm caused by abusive patent lawsuits.

Although the America Invents Act was an effective first step in addressing the problem of abusive patent litigation by trolls, patent trolls continue to damage the economy, hurt America’s tech industry, and threaten innovation. In calling on Congress to do more, SIIA has outlined a specific proposal, which was articulated in the joint letter to congressional leaders, for legislation that would help address this problem. Read more on SIIA’s Digital Discourse Blog.

State Department Refutes Global Cloud Myths, Defends U.S. Providers

In early December, U.S. Ambassador to the European Union, William Kennard, addressed Forum Europe’s 3rd Annual European Data Protection and Privacy Conference, and responded to the myth that the U. S. system of government access to information is a threat to the privacy rights of citizens of the other countries. He was especially effective in rebutting concerns directed at cloud computing, where the misconception has developed that information stored in cloud computing servers can be accessed by the U.S. government without any effective privacy controls. This very welcome effort to refute false barriers to U.S. cloud providers was also accompanied the release of State Department white paper that dispels the misconceptions about the U.S. legal system and government access to information. While SIIA is a leading proponent of policy changes to better enable U.S. cloud providers to compete around the world, this strong defense of current U.S. policies and practices of U.S. cloud providers is a very helpful for alleviating many of the misperceptions that currently serve as a barrier in global markets. Read more on SIIA’s Digital Discourse Blog.

FTC Active on Children’s Privacy and Comprehensive Online Tracking

Amidst broad expectations of a looming vote to finalize proposed revisions to COPPA. The basic conclusion of the Report is the lack of significant progress in addressing privacy concerns for children, which coincided with the Commission’s announcement that it has opened investigations into whether some of the apps had violated the law. Together, the pending COPPA Rule revision, the new Report and formal launch of investigations should serve as a very clear warning that the FTC will aggressively police the children’s app market.

And last week, the FTC held its long-anticipated Workshop on “comprehensive data collection,” an event that went well beyond looking at privacy issues around behavioral advertising, stretching the focus to much more complex data uses, going as far as to explore deep packet inspection. As articulated by FTC Commissioner Bill in her opening keynote, the Workshop’s goal was largely for the FTC to explore whether the Internet “data collection ecosystem” is “just a continuum, or are there bright lines that differentiate some from others.”

Discussions throughout the day revealed broad agreement among academics, industry representatives and regulators that data presents significant opportunities for businesses and users, and that policies should be technology neutral and harm must be better defined. But there were also very significant disagreements and open questions about the need for new policies and the role of regulators. The FTC opened the door on this discussion when it released its comprehensive Privacy Report earlier this year. With this workshop, they demonstrated that the door is wide open.

Hill Continues to Consider Location Privacy and Talk “Data Brokers”

The Senate Judiciary Committee last week postponed voting on a bill require app providers to seek affirmative “opt-in” consent from consumers before using their location information. Committee Chairman Patrick Leahy (D-VT) is planning to resume consideration of the bill, the Location Privacy Protection Act of 2011 (S.1223), this Thursday with the hopes of amendments that could garner bipartisan support. In anticipation of the Committee action last week, SIIA released a call to lawmakers to give the ongoing voluntary multistakeholder process more time to address needed transparency in mobile privacy.

Meanwhile, on the House side, the bipartisan Privacy Caucus will hold a briefing on Thursday morning on “data brokers,” with expected participation from FTC Commissioner Julie Brill and a wide range of industry representatives.

Administration Patent Conference Highlights

The FTC and DOJ held a joint workshop yesterday on the impact of patent trolls on the economy, where FTC Chairman Jon Leibowitz made it clear that he fully understands the damaging effect of PAE’s (aka patent trolls) and is concerned with their impact on competition and American innovation. The Chairman went so far as to say that we may be driving off a patent cliff that could stifle intellectual property innovation and competition. In response to the Workshop, SIIA issued a statement of support, expressing our concern about the “patent cliff” and applauding Chairman Leibowitz for making such a strong statement about the significance of the problem.

While there were no direct outcomes of the Workshop, SIIA and other key stakeholders can remain hopeful that coming out of the workshop, all parties–including the FTC, DOJ and Congress–will work together for sensible changes that allow America’s technology industry to thrive.

EU Announces Copyright Initiative. Endorses Digital Freedom Strategy

On December 5, the European Commission announced that it would begin an initiative to modernize European copyright for the digital economy. The initiative has two parallel processes. The first is a series of stakeholder meetings to begin in early 2013 which will focus on “six issues where rapid progress is needed: cross-border portability of content, user-generated content, data- and text-mining, private copy levies, access to audiovisual works and cultural heritage.” The second process focuses on the medium term and will result in a decision on whether to table legislative reforms in 2014. It will focus on four issues: “mitigating the effects of territoriality in the Internal Market; agreeing appropriate levels of harmonisation, limitations and exceptions to copyright in the digital age; how best to reduce the fragmentation of the EU copyright market; and how to improve the legitimacy of enforcement in the context of wider copyright reform.” Some informative reactions from different interested parties can be found here.

More detail on the proposed topics of the review can be found in this background document.

And today, the European Parliament endorsed by a large majority the first Digital Freedom Strategy in EU foreign policy, setting out concrete points of action to be incorporated in EU trade and development policies. The measure contains a large number of policy statements ranging from net neutrality to digital arms embargoes. It specifically endorses the flow of information across borders as a goal of EU trade policy, thereby potentially putting this issue on the table for EU-US trade negotiations. You can find the report here.

White House Shoots Key Message during Heart of Global Internet Conference

During the World Conference on International Telecommunications (WCIT) in Dubai that began last week, the United Arab Emirates, Russia and China announced their intention to introduce a proposal that would explicitly give the ITU authority over the Internet, a move that the US delegation, civil society and business groups oppose. An ITU spokesperson later announced that the proposal had been withdrawn. Similar proposals are possible before the WCIT conference ends Friday. Today the White House released a blog post urging that the “WCIT should be about updating a public telecommunications treaty to reflect today’s market-based realities — not a new venue to create regulations on the Internet, private networks, or the data flowing across them.”

With Election Day and the Thanksgiving break in the rearview mirror, the next four weeks are looking to be action packed in Washington. And while the “fiscal cliff” discussions are expected to suck a lot of air out of the town, there’s a lot going on in the tech policy world, with a significant focus on privacy, intellectual property protection, cybersecurity and Internet Governance. Here’s a look forward in these areas:

Busy Weeks Ahead on the U.S. Privacy Front

First up for privacy is the Senate Judiciary Cmte. makup of ECPA reform legislation (Electronic Communications Privacy Act) this Thursday. In advance, Chairman Pat Leahy (D-VT) released a revised managers amendment last night, which makes significant improvements from previous drafts from the Chairman that proposed to substantially weaken the underlying legislation. Still, there is much uncertainty around the level of support among Committee members and potential amendments.

Next is the 6th NTIA multistakeholder meeting on Friday, where discussions will continue on industry-led proposals regarding “short form notices” and a comprehensive code of conduct. Hopes are that the progress initiated at the October Meeting will continue to move the discussions forward.

Finally, the FTC will hold a workshop on “Practices, Privacy Implications of Comprehensive Collection of Web Data,” an all-day event that will bring together consumer groups, academics, industry representatives, privacy professionals, and others to “examine the technological landscape, benefits and risks, consumer knowledge and attitude, and the future of comprehensive data collection.”

This heavy dose of privacy focus by legislators and regulators will end 2012 similar to how it began, and could possibly also include final revisions to the COPPA Rule, expected to be released by the FTC at some point in the near future.

Developments in the Patent Policy World

After a rousing speech last week that provided a strong defense of the US patent system, USPTO head David Kappos yesterday formally announced his resignation effective at the end of January. In what now looks to be his swansong, Kappos listed a number of improvements USPTO is making to deal with issues such as patent quality and clarity, including third party submissions on prior art and the post grant review process.

Despite the turnover at the PTO, there remains a persistent heavy focus on patent policy. Notably, the FTC and DOJ will be jointly hosting a workshop on Dec. 10th, focused on Patent Assertion Entity Activities. And as announced by Kappos last week, the PTO will hold a roundtable on Jan. 11th (details TBD), on requiring disclosure of the real party in interest for published applications and issued patents — a critical issue for dealing with patent quality and patent trolls.

With Cyber Ball in the President’s Court , Congress still focused on Cyber Funding

Shortly after returning from the election recess, the U.S. Senate vote to proceed with comprehensive cyber legislation once again came up hort. The failed vote officially puts the ball in the President’s court, where the Administration continues to explore opportunities of an Executive Order to strengthen protection of the Nation’s critical infrastructure and improve cyber information sharing. In the meantime, with extensive Federal budget cuts potentially on the horizon as part of the looming budget deal, there has been broad recognition in Congress and the Administration that funding for cybersecurity should not be impacted.

Internet Governance

All eyes around the World are still on Dubia for the upcoming World Conference on International Telecommunications (WCIT) Conference, where government officials from around the world will gather to revise a treaty that could have a major effect on the future of the Internet. The Hill provided a thorough overview of the key issues and what’s at stake.

On December 6, SIIA is sponsoring an event with GW University and several other groups to examine how countries use trade policy to advance cross border information flows, and how these trade discussions could impact Internet freedom.

And on the ICANN front, there were several developments over the last 10 days relating to the program to roll out of new domain names, including: (1) the ICANN Board of Directors issued a resolution directing ICANN’s CEO to launch a new effort to re-examine the purpose of collecting, maintaining and providing access to gTLD registration data in the Whois database; (2) discussions around potential changes to Rights Protection Mechanisms (RPMs), and (3) the Government Advisory Committee (GAC), which provides advice to ICANN on issues of public policy, filed 242 individual “Early Warnings” on 200 new gTLD applications which account for 162 unique strings.

The FTC Announces Settlement with Web Tracking Company

The FTC announced yesterday that it has settled a case filed against market research company Compete, Inc., on the grounds that it deceived consumers and failed to safeguard consumers’ sensitive data. If accepted, the settlement would resolve a Federal Trade Commission complaint charging Compete with deceiving users by failing to reveal its broad data collection practices, and it would hold Compete from misrepresenting its data collection and security practices in the future and lock the company into biennial audits for the next 20 years.

FTC’s settlement outlines the charges against Compete for distributing software, including a browser toolbar, that offered users the chance to learn about the Web sites they visited, without providing a fair and full disclosure of “the full extent of data collected through tracking software.” In bringing the case, the FTC alleged that the collection of data such as credit card numbers, security codes, expiration dates, SSNs, and other information entered by consumers at various web sites , without adequate notice, constitutes a “deceptive” practice and therefore covered by the Commissions Sec. 5 authority. The case also charged Compete on a range of data security failures, including failure to remove PII before transmitting and failure to provide reasonable and appropriate data security and failure to design and implement reasonable safeguards to protect consumers’ data; and failed to use readily available measures to mitigate the risk to consumers’ data.

As always, FTC settlements provide parameters for companies regarding practices that are NOT acceptable to federal privacy regulators under current law.

SIIA Testifies Before NY Education Reform Commission, Calls for Personalized Learning through Technology

On Oct. 16, Mark Schneiderman testified before the New NY Education Reform Commission, a group appointed by NY Governor Andrew Cuomo to study and make recommendations for the reform and improvement of the state’s education system. In his testimony, Mark submitted a comprehensive vision for redesigning education to personalize learning through technology and made dozens of recommendations around each of the Commission’s seven proposed objectives. In general, SIIA agrees with the Commission that, Future generations of students cannot compete unless we dramatically reform our education system. Read more on SIIAs Digital Discourse Blog.

SIIA Rebuts NYT Enviro. Criticism of Cloud Computing Data Centers

Last week SIIA provided a rebuttal to James Glanz’s recent New York Times series on the perceived energy waste of data centers. The rebuttals focused on three key reasons why cloud computing is actually good for the environment. First, large data centers are more efficient than distributing the same computing power over many more small or medium-sized centers. Second, the transition to tablets and smartphones equipped with cloud computing access means less energy needs for devices. Finally, companies like Oracle, Adobe, and IBM are devoting their considerable resources to sustainable computing practices, and this trend will only increase as they continue to work to make data centers more efficient and clean. While green practices must be taken into consideration as our society becomes increasingly dependent on technology, pointing the finger at data centers is looking at cloud computing from the wrong perspective. Read more on SIIAs Digital Discourse Blog.

Mobile App. Transparency Discussion Moves to Substance

As we had anticipated and hoped, the NTIA-led multistakeholder discussion on mobile app. transparency did indeed take a turn to substantive discussion after months of talking around the edges and broad disagreement between consumer groups and industry. In what was stark contrast to previous meetings, the discussion last Tuesday led to significant agreement around process and foundation for defining what types of information collection require transparency, beginning a discussion based on existing examples of what a “short form” notice might look like, and even a tentative agreement on what a “mobile app.” means in this context. Of course, it was just one meeting, and the agreement was around mainly process and vague examples and definitions, but it was quite encouraging none the less. SIIA is continuing actively participating on the working groups on behalf of members and the industry.