Digital Policy Roundup

SIIA Event to Examine Software’s Transformative Impact on the US Economy & Employment

Join SIIA for lunch and dialogue with business leaders on how software is transforming the U.S. economy, and reinventing the way businesses and consumers operate. The event, “The Software Century: Analyzing Economic Impact & Job Creation,” will take place on September 17 from 11:30am-1pm in Room HVC 215 of the U.S. Capitol Visitor Center. Featuring an exclusive interview with Deputy Secretary of Commerce Bruce Andrews.RSVP HERE.

At the event SIIA will unveil its new report, “The U.S. Software Industry: An Engine for Economic Growth and Employment.” This SIIA report is a comprehensive review of the software industry’s economic impact, authored by former Undersecretary of Commerce for economic Affairs, Robert Shapiro. For more information, or to register, click here.

SIIA to Participate in in FTC Workshop on Big Data and Discrimination

The FTC recently made available the agenda and list of participants for its upcoming Workshop “Big Data: A Tool for Inclusion or Exclusion?” which will take place on Monday, Sept. 15. Mark MacCarthy, SIIA’s Vice President for Public Policy, will be participating on the panel focused assessing what is on the horizon for big data, exploring both the benefits and potential harms for particular populations of consumers. The workshop will include a range of academics, consumer advocates, industry and technology experts, including SIIA member SAS on a panel covering the current landscape of big data analytics. The workshop is a follow-up to the Administration’s white paper released in April.

SIIA and Tech Industry Press Enactment of USA Freedom Act

On Monday, SIIA joined with a group of technology industry associations in sending a letter to U.S. Senate leaders Harry Reid (D-NV) and Mitch McConnell (R-KY) urging the Senate to act in a bipartisan fashion and swiftly pass the USA FREEDOM Act (S.2685). In sending the letter, SIIA highlighted the need for surveillance reform in the U.S. as an essential part of restoring the public trust and providing support for U.S. businesses internationally. The USA FREEDOM Act modifies legislation already passed by the House in May, and it balances critical U.S. national security objectives and individual privacy needs. At this time, Senate leadership has not indicated when the legislation will be considered. With very few days of the congressional session remaining this month, consideration of the legislation could slip to the lame duck session after the November elections.

New European Commissioners Likely to be Announced this Week

The President-Elect of the European Commission, former Luxembourg Prime Minister Jean-Claud Juncker, is expected to announce the portfolio allocation of the next European Commission sometime this week. The Commission is the executive branch of the European Union. Besides Italy’s Federica Mogherini, nominated to be the Commission High Representative for Foreign Affairs, we do not know who will take over the different Directorates General (akin to government departments) of the Commission. After the nominations are announced, the European Parliament has to give its consent, including for Juncker and Mogherini.

From an SIIA member standpoint, the Directorates General in charge of trade, justice and the internal market are the most significant because they control trade, intellectual property and privacy/data flow issues. Given that there will be a new Commission and a new Parliament, we can expect significant activity affecting SIIA member interests. Juncker’s “Political Guidelines for the Next European Commission” suggest that this will be the case. The Guidelines lay out ten priorities. Priority number two is called: “A Connected Digital Market.” Juncker plans to “swiftly” conclude negotiations on new European data protection rules. (Note: Interestingly the political declaration does not specify whether the rules will take the form of a Regulation or a Directive. The current draft of the new rules is a Regulation. Regulations become law in Member States without the Members having to change their laws for the Regulation to come into effect. Directives need to be “transposed” into Member State law through national legislation.) Juncker also plans on “modernizing copyright rules in the light of the digital revolution and changed consumer behavior.” Priority number six calls for: “A Reasonable and Balanced Free Trade Agreement with the U.S.” The Resident-Elect says he will “not sacrifice data protection standards “on the altar of free trade.”


David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

Big Data–An Orwellian dystopia or a Jetsonian utopia?

 Big data is a term often met with one of two emotions, great suspicion or hyperbolic optimism. Neither sentiment encompasses the reality of what big data has to offer. Few other topics are debated with such frequency both within and outside of the beltway. Numerous policy luncheons are convened with panelists ranging from devout data analytics worshipers to data atheists. As Stephen Pratt of Wired put it:

“We are at a crossroads in the fundamental role and use of these data. Are we creating an Orwellian dystopia or a Jetsonian utopia?”

This is the central question. What is the nature of big data? Privacy advocates, some policymakers, parents and others are of the Orwellian persuasion.  To this group the word ‘data’ sparks fears of privacy invasion, heightened government control, commercial manipulation, and discrimination.

Even the White House has participated in the discussion with the President tasking the Administration with a 90-day review that culminated in the report “Big Data: Seizing Opportunities Preserving Values.” What they found is that virtually all companies are good actors and of the numerous harms listed all but two were hypotheticals. The Center for Data Innovation’s Daniel Castro and Travis Korte have a good analysis of the harms in their article “A Catalog of Every ‘Harm’ in the White House Big Data Report.”

In the Jetsonian camp, are people like Chris Anderson who exaggerates the power of data in his 2008 article, “The End of Theory: the Data Deluge makes the Scientific Method Obsolete.” Anderson makes the claim that with the advent of big data and the systems for processing it, there is no need to search for causal relationships between two correlated variables; “correlation is enough.”

The problem with Anderson’s position is that the outcomes are half-baked. It is true that big data, via statistical algorithms, illuminates millions of patterns that would be impossible to identify otherwise. And while finding those patterns or correlations is important, your stats teacher was right; correlation does not equal causation. Take for example this BuzzFeed post “The 10 Most Bizarre Correlations.” One of the less colorful relationships BuzzFeed found, although no less absurd, is the link between the decline in market share for Internet Explorer and the drop in the national murder rate. In Anderson’s world there is no room to consider the validity of found correlations because there is no need to actually understand what is going on behind statistically significant relationships.

Clearly, big data has not antiquated the scientific theory, in many ways it reinforces its necessity. We need careful analysis through understanding of the specific facts in a scientific field and construction of tested and validated models to sift through the millions of spurious correlations. The Clayton Christensen Institute for Disruptive Innovation, a nonprofit, nonpartisan think tank illustrates why in a blog post titled, “Big Data: The end of theory in healthcare?”

In reality, as with most debates, the truth lies somewhere in the middle, between Orwell and Jetson.

Data-driven innovation has the ability to capture, comingle, store, verify and analyze relevant data, and then integrate the results into established processes to derive innovative practical outcomes. But the power of big data lies not in the accumulated data points themselves. Data itself is nothing but a collection of information. Rather, the power of data-driven innovation lies in our hands. To truly utilize large quantities of data two things are absolutely necessary:

      1. An adequate system for integrating, managing and analyzing the data.
      2. A data scientist with expertise in the field of what, within the data, is being studied, to ask the right questions and interpret results.

Data analytics has the power to reveal what works, what is missing and what can be done better in a way that would not be possible otherwise. Big data in and of itself, is not the solution to all of our problems. Data analytics is a tool that must be wielded by people and when leveraged appropriately there is much good that can be accomplished.

To learn more about the societal and economic benefits of data visit SIIA’s Data-Driven Innovation page and check out our white paper on DDI.


Sabrina Eyob is the Public Policy Coordinator at SIIA. Follow the Policy team on Twitter @SIIAPolicy.

SIIA Urges Department of Commerce to Avoid Restrictions on Data

Yesterday, SIIA submitted comments to the National Telecommunications & Information Administration (NTIA), an agency of the U.S. Department of Commerce, in response to their inquiry on “Big Data and Consumer Privacy in the Internet Economy.”

In this exercise, directed by the May White House Big Data report, NTIA was tasked with reviewing the Administration’s 2012 Consumer Privacy Bill of Rights (CPBR), particularly the proposals’ ability to support the innovations of big data while at the same time responding to potential risks.

In our comments, SIIA points out that Data-driven innovation has the power to not only create economic and social value, as highlighted in SIIA’s 2013 white paper, but can also protect citizens from fraud and identity theft. Thus our comments stressed the importance of maintaining a policy framework that protects both individual privacy and encourages the natural evolution of new technologies. The three main points of SIIA comments are as follows:

  1. The emphasis should be placed on the responsible use of data and accountability, rather than unnecessary new limits on data collection and use.
  2. To enable the benefits of big data and data-driven innovation, we must maintain an evolving view of privacy rights, balancing these with societal benefits.
  3. Existing laws remain quite effective, and any new policies should build on the current risk-based framework, focused on preventing harm, where privacy and security are commensurate with the sensitivity of data.

To read SIIA’s comments in full, click here.


Sabrina Eyob is the Public Policy Coordinator at SIIA. Follow the Policy team on Twitter @SIIAPolicy.

New Markey-Hatch Federal Student Privacy Legislation is Unnecessary

SIIA today issued a press release on the introduction of the “Protecting Student Privacy Act” by Sens. Edward Markey (D-Mass.) and Orin Hatch (R-Utah).

The current framework of robust federal regulations, industry best practices and binding contracts provides strong student privacy protections.  With these three layers of protection, we can give students access to revolutionary learning technology while ensuring that their information is used only for educational purposes. New federal student privacy legislation is not needed at this time.

The Markey-Hatch legislation is well-intended, but it contains provisions, such as a prohibition against the use of student information for targeted advertising, that already exist in current law and regulation. Other provisions, such as those related to data destruction, might not be workable in practice.

We share the privacy protection goals of Senators Markey and Hatch, but it’s critical to ensure that any new rules do not inadvertently create obstacles to the effective use of information. Innovative education technology is essential to improving education for all students and to ensuring U.S. economic strength in an increasingly competitive global environment.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Should the Right to be Forgotten be Secret and Global?

Implementing the right to be forgotten was never going to be easy as earlier blogs in this series have pointed out.  But recent press reports show how tricking this implementing is going to be, revealing suggestions that search engines should take down the links globally and keep their actions secret.  Both of these ideas would be missteps.

The secrecy suggestion seems backed by common sense logic – it is self-defeating for search engines to announce to the world that they have taken down the links to stories that should be forgotten.  But that is not the concern, since search engines aren’t making such public announcements.  Rather they are informing the third-party publishers that a link to their content has been deleted from search results.  So the problem seems to be that if affected parties know that a link has been deleted they might object and this objection would direct attention to the topic that was to have been forgotten.

There is clearly room for debate on what the right policy is here.  Any added discussion of the take downs creates an added risk of creating exactly the kind of exposure the right to be forgotten is intended to avoid. But secrecy seems to be the wrong answer.  In fact, if search engines kept their deletions secret they would have faced accusations of lack of transparency! Publishers clearly have an interest in knowing that links to their content will no longer appear in certain search results.  For one thing it provides a check on the search engines getting it wrong, as apparently they did in the early days of implementing the take down program. And as long as the rest of the world isn’t simultaneously informed of the takedowns this seems a balanced approach.

The other concern seems to be that the new right to be forgotten will not be effective if the takedowns are purely local.  Why should people outside the EU be allowed to get search results that people inside the EU cannot get? So, the argument goes, search engines should delete links globally when they decide that they should be deleted under EU privacy law.

This is the wrong direction.  It improperly extends EU privacy law to the world. The impulse to limit information globally is understandable, but unworkable. We know this from other examples. For instance, it is easy to understand why Turkey objects to videos that denigrate the Turkish nation and would like to make sure that they are not shown anywhere in the world. But it goes too far to extend Turkish rules on hate speech to the entire world.  A reasonable compromise is to comply with Turkish law with respect to videos shown in Turkey.

This is the balance struck in many other areas of cross-border electronic commerce. Internet gambling rules are locally, not globally, enforced. British law permits and regulates Internet gambling, while US law prohibits it.  It would be an easy matter to structure US law so that global payment systems blocked all Internet gambling transactions. Bu that is not what US law does.  It provides for local enforcement. People in Britain can go on the Internet to gamble, while people in the US face restrictions, including restrictions on using payment cards at Internet gambling sites.  Examples are not hard to multiply – alcohol ads, for example, are not allowed in Saudi Arabia, but are permitted on websites available in other countries.

There is certainly nothing in the right to be forgotten decision that compels search engines to delete search results globally.  Moreover, earlier cases under EU law show a conscious desire to avoid the extraterritorial application of European privacy law. In the 2003 Bodil Lindquist case, for instance, the European Court of Justice rejected the idea that posting material on an EU website amounted to a transfer of data to other countries. It made this judgment precisely to avoid the implication that the entire Internet would be subject to EU jurisdiction.

Each country is entitled to its own privacy laws, Europe no less than the United States.  We should seek to make them sufficiently compatible at the edges so as to allow data transfers.  But simply extending European jurisdiction to the globe is the wrong way to go.


Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Digital Policy Roundup

Data Analytics Event This Thursday

Join SIIA for lunch and exciting technology presentations on how big data is being employed to empower and protect citizens. The lunch workshop, “Big Data at Work for Citizens: Applying Data Analytics for Empowerment and Fraud Prevention,” will take place Thursday, July 17 from 12-1:30pm in Room G11 of the Dirksen Senate office building.RSVP HERE

Executive Director Marjory Blumenthal of the President’s Council of Advisors on Science and Technology (PCAST) will open the event with discussion of the Administration and PCAST reports on Big Data and Privacy released in May. In addition, the SIIA workshop will provide for Q&A and discussion about key policy considerations to maximize data-driven innovation. For more information, or to register, click here!

Patent Troll Demand Letter Bill Passes House Subcommittee

Last Thursday, the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade passed the Targeting Rogue and Opaque Letters Act (TROL Act) by a vote of 13-6. The bill attempts to crack down on demand letters sent by patent trolls by giving the Federal Trade Commission (FTC) the authority to seek penalties when patent licensing demand letters make false or misleading statements. The bill has been widely criticized and even its sponsor, Rep. Lee Terry of Nebraska, has conceded that the bill needs to be further amended to address these concerns. The real question seems to be whether amendments can fix the bill or whether it is fatally flawed. Contentious provisions in the bill include provisions that would: (i) create an affirmative defense that applies if the sender can show that the statements made in the letter were made in good faith or that the sender usually sends letters that are not misleading; (ii) preempt state laws dealing with demand letters; (iii) compromise the FTC’s ability to get an injunction under Section 5 of the FTC Act, which allows it to police deceptive business practices.

Potential PTO Director Nominee Withdrawn

Back in late June rumors swirled that the Obama Administration had planned to name Phil Johnson, a pharmaceutical executive for Johnson & Johnson, as head of the U.S. Patent and Trademark Office. Given Johnson’s very public stance against patent troll litigation reform legislation, the potential appointment was met with significant criticism. In response, last week, the Administration apparently backtracked on the appointment and has withdrawn Johnson’s name from consideration. It is unclear who or when the Administration will name someone to head the PTO in lieu of Johnson.

European Parliament’s International Trade Committee (INTA) Chairman Pushes for Less Ambitious TTIP

Inside U.S. Trade reports that the new Chair, Bernd Lange (member of the Socialists & Democrats group) would like to conclude TTIP by the end of 2015, not the end of 2014 which was the original plan. He would like a more “classic” agreement focused on tariffs, some non-tariff barriers, and government procurement. Regulatory cooperation and Investor State Dispute Settlement (ISDS) would be left out under this scenario. Lange’s comments illustrate how unpopular trade agreements are on the other side of the Atlantic, as well as in the United States. Regulatory cooperation is arguably the most important component of the TTIP given the ambition, often stated in both the United States and the European Union, for the TTIP to serve as a model for the rest of the world. The role of parliament is significant on trade. In 2012 the parliament rejected the Anti-Counterfeiting Trade Agreement (ACTA), which the European Commission (the European Union’s executive branch) had invested significant political capital to conclude. As a result, the Commission has to take parliament’s views seriously.


David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

Implementing the Right to Be Forgotten

It isn’t easy to implement the European Court of Justice’s right to be forgotten decision.  According to one press report, Google has received 70,000 requests for link removal through its online form since the program went into effect last month.  Another report says requests to remove links are arriving at an estimated rate of one every seven seconds.  As predicted here after the court’s decision in May, the results are not pretty. But the fault is not in implementation but in the flawed underlying decision that restricts free expression and puts substantial legal discretion in the hands of search engines.

Let’s recall how extreme the decision was.  It said that under European law privacy trumps free expression in the context of Internet search.  The right to respect for private life and the right to the protection of personal data “override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name.”  There can be an exception to this general rule: “…for particular reasons, such as the role played by the data subject in public life, that the interference with his fundamental rights is justified by the preponderant interest of the general public in having, on account of inclusion in the list of results, access to the information in question.”

The court’s standard for determining whether privacy interests are implicated was whether the information was “inadequate, irrelevant or no longer relevant, or excessive…”  The court added that triggering privacy interests did not require a finding that “the inclusion of the information in question in that list causes prejudice to the data subject.” So what would trigger privacy interests? To say the court’s guidance is extraordinarily vague is an understatement.

Given the court’s reference to search engines in making access to information “appreciably easier” and playing “a decisive role” in the dissemination of information on the Internet, it is hard to avoid the conclusion that the intent of the court was to limit the effective dissemination of information on the Internet. But it did so by granting discretion to search engines to make some delicate value judgments and without specific guidance on how to make those judgments.

So how’s the implementation going? Certainly Google hasn’t done everything right. Taking down some links and then apparently restoring them certainly seems to be a misstep. But on the whole they’ve done a pretty balanced job.  They are requiring the filing of a request, including a statement on why release of the information would not be in the public interest.   There is no indication that they are granting all requests or turning all requests down.  They notify the publisher of the links removed from search results, but they do not reveal the identity of the person requesting the take down, since this would reveal the information that the data subject was trying to conceal.  They are following the law by limiting take down’s to EU citizens and to EU search results rather than extend the EU regime to the world.

Some commenters suggest that search engines are granting too many deletion requests and should instead routinely decline them all – which would force the data subjects to go data protection authorities or the courts to get links removed. [Read more...]

Curated By Logo