Digital Discourse / Archives for privacy

Saving the Safe Harbor: Commissioner Julie Brill to the Rescue!

September 17, 2013 By

At the EU Data Protection and Privacy Conference today in Brussels, FTC Commissioner Julie Brill delivered a powerful speech about the way the U.S. protects consumer privacy. Along the way she offered a strong defense of the U.S. Safe Harbor Framework for European privacy:

“In the commercial space, the Safe Harbor Framework facilitates the FTC’s ability to protect the privacy of EU consumers. Without the Safe Harbor, my job to protect EU consumers’ privacy, where appropriate, would be much harder. In an era where we face many threats to privacy, Safe Harbor has been an effective solution, not the problem.”

In the face of so many challenges to the Safe Harbor Framework coming from European public officials, this speech from a prominent U.S. consumer protection official is a crucial reminder of the importance of this cross-border framework for international privacy protection.

Her remarks are also notable for the clear distinction she makes between government surveillance and commercial privacy:

“The issue of the proper scope of government surveillance is a conversation that should happen – and will happen – on both sides of the Atlantic. But it is a conversation that should proceed outside out of the commercial privacy context.”

As I’ve noted in previous blogs, the conflation of the two is damaging to both the need to protect citizens from intrusive government surveillance and in finding the right sort of fair information practices that provides for commercial enterprise, innovation and the preservation of consumer privacy.  Commissioner Brill is exactly right when she insists on keeping these issues separate.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

Serious Business Challenges Posed by NSA Surveillance Revelations

August 20, 2013 By

Recent revelations about the National Security Agency’s (NSA) surveillance efforts have clearly changed the privacy landscape for the remainder of 2013, if not much longer. This is a complex policy issue with very broad implications.

Importantly for SIIA members, it is one that poses the following serious business challenges:  (1) enhanced privacy concerns among customers around the world, (2) policymakers around the world seeking to restrict the cross-border flow of data and enact technology localization requirements, and (3) conflation of private sector data collection with government surveillance as an inseparable public-private partnership that necessitates strict new commercial privacy legislation or regulations—FTC Commission Julie Brill has recently made this connection in an op-ed, which has also come from influential thought-leaders such as former White House Chief of Staff John Podesta.

As a preliminary assessment, the Information Technology Innovation Foundation (ITIF) estimates that the U.S. cloud computing industry alone could lose up to $35 billion over the next three years if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits.

SIIA has been very engaged in policy debates surrounding this issue for several months, and we expect to remain highly engaged to combat these challenges for months to come.  Recently, SIIA President Ken Wash was invited to a meeting at the White House in early August, which was one of several consultations leading up to the President’s call for reforms to NSA programs on August 9.

As a follow-up to the discussion with Administration officials and the SIIA this week joined with other leading technology trade associations in sending a letter to Administration officials urging that discussions about national security must be kept separate from conversations about commercial privacy issues, as the policy considerations in these two areas are distinct. In the letter, SIIA and industry partner organizations made the following recommendations for action that are likely to frame our priorities for the remainder of 2013:

  1. Implement transparency with respect to national security programs – in order to separate fact from fiction regarding the intersection of private sector IT companies and the U.S. Government, it is critical that the Administration enhance transparency and enable companies to share information publicly about the scope and frequency of Government inquiries;
  2. Promote policies that allow for unimpeded cross-border data flows such as the U.S.-EU Safe Harbor Framework – We are already seeing that longstanding and effective cross-border data mechanisms are being questioned in light of the recent disclosures about the U.S. government surveillance programs. For instance, recent statements by government officials in the EU indicate a lack of “trust” in the U.S.-EU Safe Harbor framework, which allows for the transfer of information from the EU to the U.S. for participating companies. This is one of many critical policies that facilitate digital trade for U.S. companies, and it is critical that U.S. government must vigorously engage with the international community to promote cross-border data flows while addressing privacy and civil liberties concerns; and
  3. Support reforming the Electronic Communications Privacy Act (ECPA) to enhance privacy in law enforcement investigations – SIIA has been a leading supporter of ECPA, seeking to update the outdated statue by correcting the double-standard that inappropriately provides for a lower level of privacy for communications stored remotely, or “in the cloud.” Currently, the law provides for a challenging legal environment for industry and a disincentive for customers to embrace hosted information and communications technology solutions as an alternative to on-premise solutions.

SIIA believes that these are critical steps to ensuring that concerns about U.S. Government surveillance do not impose an unnecessary impediment to U.S. information technology businesses.  We are also closely monitoring a range of proposals in Congress that would seek to enhance transparency surrounding U.S. Government surveilance.  The  Surveillance Transparency Act of 2013 (S.1452) was introduced by Senator Al Franken on August 1st, 2013, and the Surveillance Order Reporting Act of 2013 (H.R.3035) was introduced by Congresswoman Zoe Lofgren on August 2nd, 2013.  SIIA has not endorsed any bill at this point, but the Lofgren-Franken approach goes in the right direction by allowing companies to reveal how many national security requests they have received, how many they have complied with and how many users or accounts are affected.

We will continue to focus heavily on this critical issue to promote the ability of U.S. businesses to thrive in the U.S. and markets around the world.  To that end, we will provide further updates regarding new developments.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Content, Education, Education Policy, Policy, Policy - Privacy, PSIG, Software Tagged With: , ,

SIIA Supports COPPA’s Extension of Schools as Consent Providers

April 26, 2013 By

The Federal Trade Commission yesterday released its updated FAQs clarifying the amended rule implementing the Children’s Online Privacy Protection Act (COPPA) released in December, 2012. Included are several clarifications long championed by SIIA regarding the intersection of COPPA and children’s online activities in the school setting.

For those not familiar, in short, COPPA requires parental consent under certain conditions for the online collection of personal information from children under age 13. SIIA has long supported this important law for helping protect children’s privacy and safety, and has also worked with the FTC and other stakeholders to ensure COPPA implementation does not bring inappropriate or unintended consequences that limit technology innovation and the user experience.

According to the new COPPA FAQ:

  • “COPPA does not preclude schools from acting as intermediaries between operators and parents in the notice and consent process, or from serving as the parent’s agent in the process of collecting personal information online from students in the school context.”
  • “COPPA does not apply where a school has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose.”

These provisions are important to minimize the barriers to student access to instructional technologies and digital learning within the school context. Both extend on the role of schools as trusted agents of student learning, privacy and safety, including that governed by the Family Educational Rights and Privacy Act (FERPA) as well as by Acceptable Use Policies (AUPs) signed between parents and schools. They help provide for student’s seamless access to online teaching and learning opportunities in the timely manner needed to address their educational needs under the guidance of their teacher and school, and governing local school board policies. The alternative of requiring parental consent in each case would present a significant administrative barrier, potentially put certain students at an educational disadvantage when consent cannot be secured in a timely manner, and would often leave students and teachers unable to take advantage of a “teachable moment.”

While the continuation of these school provisions is welcome, the updated FAQs do include some new guidance that will require further analysis and consideration. For example, the FTC guidance now requires that: “. . . the operator must provide the school with full notice of its collection, use, and disclosure practices, so that the school may make an informed decision.” And the FTC separately describes what information a school “should” seek from an operator, including “What are the operator’s data retention and deletion policies for children’s personal information?”

SIIA members can review a more detailed summary and analysis on new COPPA regulations and guidance. [Updated May 9, 2013]

SIIA looks forward to working further with public officials, families, educators and digital learning providers to ensure that children have access to critical online learning opportunities and applications in an appropriately safe and secure manner. This includes SIIA’s ongoing work around FERPA (the Family Educational Rights and Privacy Act), which governs educational institutions and agencies through the U.S. Department of Education and is referenced in the COPPA FAQ.

Mark SchneidermanMark Schneiderman is Senior Director of Education Policy at SIIA.

Share|
Filed Under: Data-Driven Innovation, Ed Tech Government Forum, Education, Education Policies, Education Policy, Personalized Learning, Policy, Policy - Privacy Tagged With: , , , , , ,

Users Support Targeted Advertising Over Paying for Internet Content

April 19, 2013 By

Advertising has always been the driving force behind quality content, and the ad industry has reshaped its business models as today’s Internet-based content ecosystem continues to evolve. Generic print ads of yesterday have made way for tailored Internet ads that fuel free access to everything from local news to viral videos like the Harlem Shake!

But do Internet users know that ads tailored to their own interests helps provide for their free content? And how do they feel about seeing these ads?

A new poll shows that Americans value free Internet content, and they are comfortable with the tailored Internet advertising that powers it. The survey, released by the Digital Advertising Alliance (DAA), measured consumers’ attitudes about Internet advertising. Despite the seeming unpopularity of “behavioral advertising” the survey found that when given the choice, Americans would prefer ad-supported content to paying for ad-free content. Some key data points:

· 92 percent of Americans think free content like news, weather and blogs is important to the overall value of the Internet (64 percent extremely important, 28 percent somewhat important)

· 75 percent prefer ad supported content to paying for ad-free content

· 41 percent of users think that browser obstacles to displaying advertising will result in less access to free content

Tailored ads are worth more to advertisers than generic ads aimed at the general population. That’s why they are so vital to the future of quality Internet content. The DAA survey shows that most Internet users support this revenue model:

    · 68 percent prefer to get at least some ads Internet directed at their interests

· 40 percent prefer to get all their ads directed to their interests

· 47 percent would oppose a law that would restrict how data is used for Internet advertising but also potentially reduced free content availability, compared to only 22 percent that support such a law

 

DAA’s findings are promising for the viability of the content industry. Most Americans are comfortable with seeing ads that are directed at their interests–and all Internet users deserve a transparent experience with online advertising. To that end, the DAA runs the ad industry’s primary opt-out program, a choice tool that allows users to tailor how and whether they receive interest-based advertising.

Read more about the findings from the DAA poll.

Laura Greenback is Communications Director at SIIA. Follow the SIIA Public Policy team at @SIIAPolicy.

Share|
Filed Under: Content, Policy, Policy - Privacy, Uncategorized Tagged With: , , ,

There’s No Bad Data, Only Bad Uses of Data

March 25, 2013 By

Steven Lohr explored the roots of the debate over personal data and privacy in a timely article in the New York Times this Sunday. An important theme of his article is best summed up by Craig Mundie of Microsoft, who says, “There’s no bad data, only bad uses of data.” At SIIA, we concur that if we want privacy protections to be truly meaningful, we should move away from restricting data collection, and instead work to prevent its harmful use.

Lohr’s article first describes a scenario in which a person is harmed because data from his or her online click stream is being collected. But even though this example is being used to illustrate the danger of data collection, it winds up confirming that true harm comes not from the collection, but the misuse of data. It might be harmful to an Internet user if predictions and inferences about his or her web travels make their way to a health insurer or potential employer. But the harm stems from data misuse, not its collection!

The online advertising industry collects click stream data now. It wants to use this data to improve the effectiveness and value of its online advertising. And the industry has already pledged to wall off online data from harmful use by  isolating it from eligibility decisions regarding employment, health care, credit and insurance.

It’s crucial to allow industries to continue to collect data so it can be used to benefit society. For instance, data driven innovation’s contributions in the educational sphere have been well-documented. Two recent reports by the Center for Technology Innovation at the Brookings Institution, called Educational Success Stories and Big Data for Education, show how data analytic techniques can help schools better understand students’ learning approaches and challenges. Instead of relying on static, uniform tests, “instructors can analyze what students know and what techniques are most effective for each pupil. By focusing on data analytics, teachers can study learning in far more nuanced ways.”

There are many uses of data that are beneficial to society, and public policy should not obstruct them by constructing arbitrary barriers to data collection. The best way to respect individual privacy in the age of big data is to protect people from harmful uses of data. Industries like online advertising are already moving in this direction by developing best practices and self-regulation. Blanket prohibitions on data collection will only do more harm than good.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy, Uncategorized Tagged With: ,

SIIA Applauds Sens. Leahy and Lee for Introducing ECPA Reform Legislation

March 19, 2013 By

SIIA thanks Sens. Patrick Leahy (D-VT) and Mike Lee (R-UT) for introducing a bill today to update the antiquated Electronic Communications Privacy Act (ECPA) and protect Americans’ online privacy in today’s networked world.

The bill would level the playing field for “cloud computing,” by ensuring that electronic correspondence stored remotely with an Internet company in the “cloud” receives the same level of protection afforded letters, photos and other private material stored in a drawer or filing cabinet, or on a computer at home.

ECPA was enacted 27 years ago with good intentions, but the world of communications and computing is a different place today. In 1986, there was no such thing as email, and Americans had not yet begun storing personal information online. Congress must make passing ECPA reform a priority this year, so that Americans can trust that their private online information is protected from overzealous law enforcement intrusion.

Requiring law enforcement to obtain a search warrant before obtaining Americans’ email and other private online communications is critical to bring U.S. law into the 21st Century.  SIIA urges the House and Senate to expeditiously enact this legislation.

Laura Greenback is Communications Director at SIIA. Follow the SIIA Public Policy team at @SIIAPolicy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

SIIA Urges Support for Legislation to Reform ECPA as House Subcommittee Examines Cloud Privacy

March 18, 2013 By

SIIA called for a level playing field for cloud computing as the House Judiciary Subcommittee on Crime, Terrorism, Homeland Security and Investigations prepares for a hearing tomorrow regarding reform of the Electronic Communications Privacy Act (ECPA).

We have seen tremendous technological advances in communications and computing technology since 1986, when ECPA was enacted. The legal framework provided by this outdated statue leaves both providers and users of remote computing with a complex and baffling set of rules. These rules are both difficult to explain and to apply in this age of networked and cloud computing.

SIIA urges members of the Judiciary Committee to work with all deliberate speed to enact legislation creating a warrant requirement for law enforcement access to remotely stored electronic content.  It is critical to level the playing field for information Americans store in the cloud, ensuring that it receives the same protection as the information they store in their homes.

Ken WaschKen Wasch is President of SIIA. Follow the SIIA Software team on twitter at @SIIASoftware.

Share|
Filed Under: Cloud Computing, Government, Policy, Policy - Cloud Computing, Software Tagged With: , ,
« Older Posts