Digital Discourse / Archives for FTC

FTC: Don’t Confuse Mobile with Personal

February 1, 2013 By

SIIA is supportive of the FTC’s effort to provide guidance for the multistakeholder approach to mobile privacy protection being led by the NTIA.

Today’s mobile guidance report from the FTC provides some useful input to that end. However, SIIA continues to strongly disagree with some of the high-level conclusions reached by the Commission. Particularly, SIIA strongly disagrees with the FTC’s conclusion that “[m]ore than other types of technology, mobile devices are typically personal to an individual, almost always on, and with the user.”

While this may be true when applied to smartphones and the model for their use today, SIIA strongly believes that this vision misses the mark for tablets, and it most certainly inaccurately portrays the evolving nature of Internet-based technology and new-age devices. On the contrary, SIIA is confident that the larger trend in technology with products and services offered seamlessly across a wide range of platforms and devices, coupled with the increasing saturation of Internet-powered devices reflects the shift to an environment where devices are less “personal” and less linked to a particular individual than personal computers.

For instance, just several years after the introduction of the tablet computer, and less than a decade after the introduction of the the modern smartphone, it is not uncommon for a household to have a wide range of internet-connected devices, with perhaps the majority of those devices being mobile devices shared by numerous users.

SIIA believes that the FTC’s fundamental misunderstanding about the increasing personalization of devices sets an inappropriate basis on which to build a foundation of privacy practices, either voluntary or mandatory. In order to develop an effective privacy framework for rapidly evolving technology, it is critical that we fully understand how this evolution is taking place, and all the opportunities that this innovation brings.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,

SIIA Welcomes New FTC Privacy Report

March 26, 2012 By

SIIA welcomes today’s clarification of the FTC’s policies in the area of online privacy. This clarification is especially important because of the FTC’s substantial authority to bring cases against the companies it claims are in violation of its policies. SIIA has long supported a collaborative, public-private approach as the best way to ensure consumer privacy, and we cannot endorse the report’s call for new legislation. In light of the FTC’s substantial authority in this area, we do not believe there is a need for new privacy legislation.

Read today’s coverage of SIIA’s stance:

FTC Report Calls for Transparency, Stops Short on Do Not Track Law – E-Commerce Times

FTC privacy: Key excerpts from the report – Washington Post

FTC Pushes ‘Do Not Track’ Privacy Option for Consumers – National Journal

FTC Chairman: Do-Not-Track Law May Not Be Needed – PC World

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

SIIA comments on FTC Privacy Report

February 18, 2011 By

Today, SIIA submitted comments on the Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. Here’s an excerpt:

SIIA strongly supports the balance between privacy and the free flow of information, as well as the balance between the need for consumer confidence and continued innovation.

To that end, we appreciate the FTC, the DOC and the Administration for taking such a thorough, thoughtful approach, rather than rushing to make policy recommendations at this time.

In an era of rapidly changing technology and business models, the development of a fixed regulatory framework for privacy protection is a counterproductive exercise.

Therefore, SIIA strongly cautions against the implementation of unnecessary legislation or regulations, in favor of a framework that is industry-led, voluntary and enforceable.

The FTC’s proposed privacy framework calls for companies that collect or use consumer data to adopt certain privacy protections to ensure that consumers and other data subjects are protected from privacy-related harm.

The Report combines elements of the previous policy frameworks used by the Commission – the notice and consent and the harm frameworks – to craft a checklist of good information management practices that companies can use as they design the systems and business practices or update them to provide new products or services to their customers.

The key elements of this new privacy framework include:

  • Data security, reasonable collection limitations, sound retention policies and data accuracy;
  • Choice on the collection and use of data at the time of data collection, except for certain commonly accepted business practices;
  • Clearer, shorter and more standardized privacy notices;
  • Special choice for online behavioral advertising:  Do Not Track; and
  • Reasonable access to data.
Share|
Filed Under: Policy, Policy - Privacy, Software Tagged With: , , ,