Connected Car Principles Part of Trend Toward Corporate Privacy Commitments

SIIA applauds the Alliance of Automobile Manufacturers and the Association of Global Automakers for adopting a set of privacy principles for vehicle technologies and services. These principles, released on Thursday November 13, are a responsible step toward protecting the information collected by connected cars, and they reflect an important movement of strong corporate commitments to data privacy.

Data has become essential for improving auto safety, reducing traffic congestion, increasing auto efficiency and powering other advanced services for 21st Century drivers. By bolstering consumer confidence, these principles will help make certain these advancements can continue.  They cover transparency, choice, respect for context, data minimization, de-identification, retention, data security, integrity, access and accountability.  In particular, they put limits on the use of geolocation information for marketing purposes and provide consumers with access to collected information.

These principles reflect widely accepted privacy standards advocated by the Federal Trade Commission and the Administration, and are also reflected in the U.S. sectorial privacy laws.

Led by SIIA, the education technology industry has followed a similar course of action.  In October, in conjunction with the Future of Privacy Forum, we announced a set of 12 privacy principles that commit educational service providers to protecting the privacy of student information.  This effort is vital for our country, because new information technologies are enabling personalized education, improving educational outcomes, allowing for more efficient school operations, making possible the development of better instructional materials and faster identification of students at risk of failing, and more.

In particular, the principles bolster the deeply entrenched social norm and legal requirement that student information should be used solely for educational purposes. The student privacy pledge also commits service providers to refrain from using student information for targeted advertising, to limit student profiles to educational uses and to protect information from unauthorized access.

Data collection and analysis is essential for any industry that intends to grow and flourish in the 21st century.  But to be successful, companies must have the trust and confidence of data subjects, customers, policy makers and the public.  Voluntary steps such as those taken by the automotive and education technology industries are vital if we are to hold onto and grow this trust.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Restoring U.S.-EU Trust Through Extending U.S. Privacy Act Protections To EU Citizens

The Software & Information Industry Association (SIIA) welcomed Attorney General Holder’s June 25, 2014 pledge of support for legislation to provide EU citizens with judicial redress in cases of wrongful disclosure of their personal data transferred to the United States for law enforcement purposes.  This week’s meetings in Washington, D.C. between newly appointed senior European Commission officials and Attorney General Holder is a good time to reiterate SIIA’s strong support for this legislation.

The question of extending privacy act protections to EU citizens comes up in the context of the U.S.-EU discussion on the EU-U.S. Data Protection and Privacy Agreement, the so-called umbrella agreement on law enforcement cooperation.  Americans already have the right to judicial redress in many EU member states.  Extending the Privacy Act to apply to European citizens would provide rough   reciprocity as Google, which also supports strongly this legislation, points out in a public policy blog post today.

Besides setting the stage for possible umbrella agreement modifications, amending the U.S. Privacy Act would affect the general atmosphere surrounding U.S.-EU data flows, including the discussions on the economically crucial U.S.-EU- Safe Harbor Framework.  A recent Brookings report has made clear just how vital those data flows are for both the United States and the European Union.  In 2012, the United States exported $387 billion in digitally deliverable services to the world.  The European Union exported $ 465 billion in digitally deliverable services to the world.

Continued open data flows are crucial to U.S. software companies, who are global leaders in their field and contribute substantially to our export strength. SIIA’s Software Industry Study showed that about 12 percent of U.S. software production is exported, totaling some $50 billion to $57 billion in 2012.  Moreover, exports of software and related services have grown by 9 percent to 10 percent per year since 2006, nearly 50 percent faster than all U.S. exports.

The United States and the European Union have an opportunity to influence global rules on data flows.  The United States should seize that chance.  A big part of making this a reality is surveillance reform.  Extending the Privacy Act’s protections to Europeans is an important piece of that effort.  The Administration should submit legislation to the Congress on this as soon as possible.  The Congress should then move rapidly to approve this vital piece of legislation.


Carl Schonander is Director of International Public Policy at SIIA.

Digital Policy Roundup

SIIA Event to Examine How Data is Transforming Healthcare and Policy Implications

Join SIIA for a discussion on how data analytics is transforming healthcare at our lunchtime event - Improving Our Nation’s Health Through Data Analytics. The briefing, at 12p.m. on November 13th, will feature lawmakers, industry leaders, patients and providers who will discuss innovations in data analytics that are improving our health care system. Participants will also discuss the challenges posed by the current regulatory framework, and the need to develop an appropriate risk-based framework that provides the clarity and certainty necessary to advance an innovative healthcare ecosystem. RSVP HERE

It is clear that our nation’s health is dependent on information. Applying digestible data analytics to healthcare delivered when and where it is needed, can help health professionals make informed treatment decisions at the point of care, accelerate the search for cures, and reduce preventable hospitalization and associated costs. Data innovations are also speeding treatments and cures to market. The event will include opening remarks from U.S. Representatives Marsha Blackburn (R-TN) and Gene Green (D-TX). For more information, click here.

Multi-Industry Letter Urges Congress to Protect Cross-Border Data Flows

Monday, in a letter to congressional leaders, SIIA joined with seven other tech organizations in calling for increased funding to allow the Department of Justice to adequately handle its responsibilities under the Mutual Legal Assistance Treaties (MLATs). MLATs are the primary mechanism through which law enforcement agencies in different countries can collect and exchange evidence. These treaties ensure that foreign law enforcement requests for information conform to U.S. law helping to curb foreign efforts to enact restrictive laws governing the Internet.

Over the last decade foreign evidence requests have increased dramatically, while DOJ funding for processing such requests has declined. Currently, it takes about a year to process an MLAT request. This delay has caused foreign governments to circumvent the MLAT process altogether, taking their demands directly to U.S. businesses. Companies are now in the nearly impossible position of trying to comply with foreign law enforcement requests while adhering to U.S. law. The breakdown in the MLAT process also leads to countries around the world pursuing data localization requirements, which threaten to fragment the Internet. Increased MLAT funding would make possible quicker processing of MLAT requests while at the same time protecting individual’s rights and ensuring due process. For more information, read this blog.

SIIA Comments on Use of Data Analytics to Promote Social and Economic Opportunity

Friday, SIIA filed comments on the Federal Trade Commission’s Workshop on “Big Data: A Tool for Inclusion or Exclusion?” The workshop was held on September 15 and usefully framed important developments in the use of data analytics for providing services to low income and underserved consumers and provided a forum for discussion of the possibility of unfair or discriminatory use of data analytics.

SIIA’s Mark MacCarthy participated on the workshop’s second panel relating to new developments in data analytics. SIIA’s comments summarize the discussion in that panel and contain additional reflections on issues raised by the workshop. For a highlight of the main points of the comments, click here.


David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

SIIA Event to Examine How Data is Transforming Healthcare and Policy Implications

Join SIIA for a discussion on how data analytics is transforming healthcare at this lunchtime event — Improving Our Nation’s Health Through Data Analytics. The briefing, at 12p.m. on November 13th, will feature lawmakers, industry leaders, patients and providers who will discuss innovations in data analytics that are improving our health care system. Participants will also discuss the challenges posed by the current regulatory framework, and the need to develop an appropriate risk-based framework that provides the clarity and certainty necessary to advance an innovative healthcare ecosystem.

It is clear that our nation’s health is dependent on information. Applying digestible data analytics to healthcare delivered when and where it is needed, can help health professionals make informed treatment decisions at the point of care, accelerate the search for cures, and reduce preventable hospitalization and associated costs. Data innovations are also speeding treatments and cures to market.

To RSVP for the event, please click here!

Speakers will include:

  • Rep. Marsha Blackburn (R-TN)
  • Rep. Gene Green (D-TX)
  • Nancy L. Staisey – Managing Director of Life Sciences, IBM
  • Kathy Reynolds – Vice President, Integrated Health and Wellness, The National Council for Behavioral Health
  • Dave Dworaczyk – Director of Life and Health Sciences Strategic Development, Oracle
  • Rick Ingraham – Principal Industry Consultant, Health, SAS

WHOThe Software & Information Industry Association (SIIA)

WHAT: Improving Our Nation’s Health through Data Analytics Event

WHENThursday, November 13, 2014 from 12 p.m. – 1 p.m. EST

WHERE2322 Rayburn House Office Building


Sabrina Eyob is the Public Policy Coordinator at SIIA. Follow the Policy team on Twitter @SIIAPolicy.

SIIA, Industry Offer Guidance to NIST Privacy Engineering

Privacy engineering can offer tremendous value to consumers. This is the premise of a new privacy engineering initiative launched by the National Institute of Standards and Technology (NIST) earlier this year.  After two workshops, a webcast and substantial outreach to industry, NIST is still seeking feedback to help them provide technical guidance to information system users, owners, developers and designers.

On October 10, SIIA joined with a dozen industry groups in submitting comments to NIST to help scope their initiative.  In the letter, the groups note that many of our member companies utilize privacy engineering solutions as part of their “privacy-by-design” practices and internal information management.  And we concur that refining and improving privacy engineering processes requires a collaborative effort involving information technology, compliance, legal, product development, marketing, customer service and other functional areas.

However, as SIIA has often pointed out, expectations surrounding the collection and processing of personal information are not purely personal.  They reflect evolving social norms – which often vary significantly across jurisdictions around the world.  As technologies evolve to become instrumental in all facets of our lives, our experience and expectations of privacy also evolve.  As for the legal framework, there are numerous ongoing discussions within myriad self-regulatory and governmental policy-making bodies, and a diversity of existing laws not just in the U.S., but around the world.

In short, the policy framework for privacy is still in flux.  As a result, an exercise to develop guidance in the form of technical standards could prove counterproductive, getting ahead of diverse international user expectations and policies.  The establishment of a technical framework or standard can only follow when we have achieved a consensus on policy objectives.  In the absence of clear, predefined policies, the result could have a chilling effect on innovation, thrusting engineers into the complicated process of critical decision-making on the various gray areas of privacy expectations and legal requirements.  For instance, is it really a matter for technical standards to be set by engineers whether a particular form of consumer consent should be opt-in or opt-out?

To that end, SIIA supports a more tailored effort, where NIST focus its efforts on cataloging, in a policy-neutral manner, how privacy engineers accomplish various privacy-by-design or information management processes.  This represents a pivot from what policy goals should be to how privacy engineering might achieve privacy goals that are defined elsewhere.

We value NIST’s technical expertise and interest in contributing to the shared goal of promoting privacy by design, and by developing a catalog to this end, NIST can make a significant contribution to the field by undertaking such an initiative.


David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

Digital Policy Roundup

SIIA Event to Examine Software’s Transformative Impact on the US Economy & Employment

Join SIIA for lunch and dialogue with business leaders on how software is transforming the U.S. economy, and reinventing the way businesses and consumers operate. The event, “The Software Century: Analyzing Economic Impact & Job Creation,” will take place on September 17 from 11:30am-1pm in Room HVC 215 of the U.S. Capitol Visitor Center. Featuring an exclusive interview with Deputy Secretary of Commerce Bruce Andrews.RSVP HERE.

At the event SIIA will unveil its new report, “The U.S. Software Industry: An Engine for Economic Growth and Employment.” This SIIA report is a comprehensive review of the software industry’s economic impact, authored by former Undersecretary of Commerce for economic Affairs, Robert Shapiro. For more information, or to register, click here.

SIIA to Participate in in FTC Workshop on Big Data and Discrimination

The FTC recently made available the agenda and list of participants for its upcoming Workshop “Big Data: A Tool for Inclusion or Exclusion?” which will take place on Monday, Sept. 15. Mark MacCarthy, SIIA’s Vice President for Public Policy, will be participating on the panel focused assessing what is on the horizon for big data, exploring both the benefits and potential harms for particular populations of consumers. The workshop will include a range of academics, consumer advocates, industry and technology experts, including SIIA member SAS on a panel covering the current landscape of big data analytics. The workshop is a follow-up to the Administration’s white paper released in April.

SIIA and Tech Industry Press Enactment of USA Freedom Act

On Monday, SIIA joined with a group of technology industry associations in sending a letter to U.S. Senate leaders Harry Reid (D-NV) and Mitch McConnell (R-KY) urging the Senate to act in a bipartisan fashion and swiftly pass the USA FREEDOM Act (S.2685). In sending the letter, SIIA highlighted the need for surveillance reform in the U.S. as an essential part of restoring the public trust and providing support for U.S. businesses internationally. The USA FREEDOM Act modifies legislation already passed by the House in May, and it balances critical U.S. national security objectives and individual privacy needs. At this time, Senate leadership has not indicated when the legislation will be considered. With very few days of the congressional session remaining this month, consideration of the legislation could slip to the lame duck session after the November elections.

New European Commissioners Likely to be Announced this Week

The President-Elect of the European Commission, former Luxembourg Prime Minister Jean-Claud Juncker, is expected to announce the portfolio allocation of the next European Commission sometime this week. The Commission is the executive branch of the European Union. Besides Italy’s Federica Mogherini, nominated to be the Commission High Representative for Foreign Affairs, we do not know who will take over the different Directorates General (akin to government departments) of the Commission. After the nominations are announced, the European Parliament has to give its consent, including for Juncker and Mogherini.

From an SIIA member standpoint, the Directorates General in charge of trade, justice and the internal market are the most significant because they control trade, intellectual property and privacy/data flow issues. Given that there will be a new Commission and a new Parliament, we can expect significant activity affecting SIIA member interests. Juncker’s “Political Guidelines for the Next European Commission” suggest that this will be the case. The Guidelines lay out ten priorities. Priority number two is called: “A Connected Digital Market.” Juncker plans to “swiftly” conclude negotiations on new European data protection rules. (Note: Interestingly the political declaration does not specify whether the rules will take the form of a Regulation or a Directive. The current draft of the new rules is a Regulation. Regulations become law in Member States without the Members having to change their laws for the Regulation to come into effect. Directives need to be “transposed” into Member State law through national legislation.) Juncker also plans on “modernizing copyright rules in the light of the digital revolution and changed consumer behavior.” Priority number six calls for: “A Reasonable and Balanced Free Trade Agreement with the U.S.” The Resident-Elect says he will “not sacrifice data protection standards “on the altar of free trade.”


David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

Big Data–An Orwellian dystopia or a Jetsonian utopia?

 Big data is a term often met with one of two emotions, great suspicion or hyperbolic optimism. Neither sentiment encompasses the reality of what big data has to offer. Few other topics are debated with such frequency both within and outside of the beltway. Numerous policy luncheons are convened with panelists ranging from devout data analytics worshipers to data atheists. As Stephen Pratt of Wired put it:

“We are at a crossroads in the fundamental role and use of these data. Are we creating an Orwellian dystopia or a Jetsonian utopia?”

This is the central question. What is the nature of big data? Privacy advocates, some policymakers, parents and others are of the Orwellian persuasion.  To this group the word ‘data’ sparks fears of privacy invasion, heightened government control, commercial manipulation, and discrimination.

Even the White House has participated in the discussion with the President tasking the Administration with a 90-day review that culminated in the report “Big Data: Seizing Opportunities Preserving Values.” What they found is that virtually all companies are good actors and of the numerous harms listed all but two were hypotheticals. The Center for Data Innovation’s Daniel Castro and Travis Korte have a good analysis of the harms in their article “A Catalog of Every ‘Harm’ in the White House Big Data Report.”

In the Jetsonian camp, are people like Chris Anderson who exaggerates the power of data in his 2008 article, “The End of Theory: the Data Deluge makes the Scientific Method Obsolete.” Anderson makes the claim that with the advent of big data and the systems for processing it, there is no need to search for causal relationships between two correlated variables; “correlation is enough.”

The problem with Anderson’s position is that the outcomes are half-baked. It is true that big data, via statistical algorithms, illuminates millions of patterns that would be impossible to identify otherwise. And while finding those patterns or correlations is important, your stats teacher was right; correlation does not equal causation. Take for example this BuzzFeed post “The 10 Most Bizarre Correlations.” One of the less colorful relationships BuzzFeed found, although no less absurd, is the link between the decline in market share for Internet Explorer and the drop in the national murder rate. In Anderson’s world there is no room to consider the validity of found correlations because there is no need to actually understand what is going on behind statistically significant relationships.

Clearly, big data has not antiquated the scientific theory, in many ways it reinforces its necessity. We need careful analysis through understanding of the specific facts in a scientific field and construction of tested and validated models to sift through the millions of spurious correlations. The Clayton Christensen Institute for Disruptive Innovation, a nonprofit, nonpartisan think tank illustrates why in a blog post titled, “Big Data: The end of theory in healthcare?”

In reality, as with most debates, the truth lies somewhere in the middle, between Orwell and Jetson.

Data-driven innovation has the ability to capture, comingle, store, verify and analyze relevant data, and then integrate the results into established processes to derive innovative practical outcomes. But the power of big data lies not in the accumulated data points themselves. Data itself is nothing but a collection of information. Rather, the power of data-driven innovation lies in our hands. To truly utilize large quantities of data two things are absolutely necessary:

      1. An adequate system for integrating, managing and analyzing the data.
      2. A data scientist with expertise in the field of what, within the data, is being studied, to ask the right questions and interpret results.

Data analytics has the power to reveal what works, what is missing and what can be done better in a way that would not be possible otherwise. Big data in and of itself, is not the solution to all of our problems. Data analytics is a tool that must be wielded by people and when leveraged appropriately there is much good that can be accomplished.

To learn more about the societal and economic benefits of data visit SIIA’s Data-Driven Innovation page and check out our white paper on DDI.


Sabrina Eyob is the Public Policy Coordinator at SIIA. Follow the Policy team on Twitter @SIIAPolicy.

Curated By Logo