Digital Discourse / Archives for FTC

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,

SIIA Welcomes New FTC Privacy Report

March 26, 2012 By

SIIA welcomes today’s clarification of the FTC’s policies in the area of online privacy. This clarification is especially important because of the FTC’s substantial authority to bring cases against the companies it claims are in violation of its policies. SIIA has long supported a collaborative, public-private approach as the best way to ensure consumer privacy, and we cannot endorse the report’s call for new legislation. In light of the FTC’s substantial authority in this area, we do not believe there is a need for new privacy legislation.

Read today’s coverage of SIIA’s stance:

FTC Report Calls for Transparency, Stops Short on Do Not Track Law – E-Commerce Times

FTC privacy: Key excerpts from the report – Washington Post

FTC Pushes ‘Do Not Track’ Privacy Option for Consumers – National Journal

FTC Chairman: Do-Not-Track Law May Not Be Needed – PC World

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

SIIA comments on FTC Privacy Report

February 18, 2011 By

Today, SIIA submitted comments on the Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. Here’s an excerpt:

SIIA strongly supports the balance between privacy and the free flow of information, as well as the balance between the need for consumer confidence and continued innovation.

To that end, we appreciate the FTC, the DOC and the Administration for taking such a thorough, thoughtful approach, rather than rushing to make policy recommendations at this time.

In an era of rapidly changing technology and business models, the development of a fixed regulatory framework for privacy protection is a counterproductive exercise.

Therefore, SIIA strongly cautions against the implementation of unnecessary legislation or regulations, in favor of a framework that is industry-led, voluntary and enforceable.

The FTC’s proposed privacy framework calls for companies that collect or use consumer data to adopt certain privacy protections to ensure that consumers and other data subjects are protected from privacy-related harm.

The Report combines elements of the previous policy frameworks used by the Commission – the notice and consent and the harm frameworks – to craft a checklist of good information management practices that companies can use as they design the systems and business practices or update them to provide new products or services to their customers.

The key elements of this new privacy framework include:

  • Data security, reasonable collection limitations, sound retention policies and data accuracy;
  • Choice on the collection and use of data at the time of data collection, except for certain commonly accepted business practices;
  • Clearer, shorter and more standardized privacy notices;
  • Special choice for online behavioral advertising:  Do Not Track; and
  • Reasonable access to data.
Share|
Filed Under: Policy, Policy - Privacy, Software Tagged With: , , ,